diff --git a/javascript/ql/examples/queries/dataflow/BackendIdor/BackendIdor.ql b/javascript/ql/examples/queries/dataflow/BackendIdor/BackendIdor.ql index 322cccd5d2b2..92f5dad50c73 100644 --- a/javascript/ql/examples/queries/dataflow/BackendIdor/BackendIdor.ql +++ b/javascript/ql/examples/queries/dataflow/BackendIdor/BackendIdor.ql @@ -9,42 +9,42 @@ */ import javascript -import DataFlow -import DataFlow::PathGraph /** * A taint-tracking configuration that tracks user-controlled values into a 'userId' property sent to a backend service. */ -class IdorTaint extends TaintTracking::Configuration { - IdorTaint() { this = "IdorTaint" } +module IdorTaintConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node instanceof RemoteFlowSource } - override predicate isSource(Node node) { node instanceof RemoteFlowSource } + predicate isSink(DataFlow::Node node) { exists(ClientRequest req | node = req.getADataNode()) } - override predicate isSink(Node node) { exists(ClientRequest req | node = req.getADataNode()) } - - override predicate isAdditionalTaintStep(Node pred, Node succ) { + predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) { // Step from x -> { userId: x } - succ.(SourceNode).getAPropertyWrite("userId").getRhs() = pred + succ.(DataFlow::SourceNode).getAPropertyWrite("userId").getRhs() = pred } - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode node) { + predicate isBarrier(DataFlow::Node node) { // After a check like `if (userId === session.user.id)`, the userId is considered safe. - node instanceof EqualityGuard + node = DataFlow::MakeBarrierGuard::getABarrierNode() } } /** * A sanitizer for values that have successfully been compared to another value. */ -class EqualityGuard extends TaintTracking::SanitizerGuardNode, ValueNode { +class EqualityGuard extends DataFlow::ValueNode { override EqualityTest astNode; - override predicate sanitizes(boolean outcome, Expr e) { + predicate blocksExpr(boolean outcome, Expr e) { e = astNode.getAnOperand() and outcome = astNode.getPolarity() } } -from IdorTaint cfg, PathNode source, PathNode sink -where cfg.hasFlowPath(source, sink) +module IdorTaintFlow = TaintTracking::Global; + +import IdorTaintFlow::PathGraph + +from IdorTaintFlow::PathNode source, IdorTaintFlow::PathNode sink +where IdorTaintFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Unauthenticated user ID from $@.", source.getNode(), "here" diff --git a/javascript/ql/examples/queries/dataflow/DecodingAfterSanitization/DecodingAfterSanitization.ql b/javascript/ql/examples/queries/dataflow/DecodingAfterSanitization/DecodingAfterSanitization.ql index d21cc4531fc0..b83ee8aaee9d 100644 --- a/javascript/ql/examples/queries/dataflow/DecodingAfterSanitization/DecodingAfterSanitization.ql +++ b/javascript/ql/examples/queries/dataflow/DecodingAfterSanitization/DecodingAfterSanitization.ql @@ -9,23 +9,25 @@ */ import javascript -import DataFlow -import DataFlow::PathGraph -class DecodingAfterSanitization extends TaintTracking::Configuration { - DecodingAfterSanitization() { this = "DecodingAfterSanitization" } - - override predicate isSource(Node node) { node.(CallNode).getCalleeName() = "escapeHtml" } +module DecodingAfterSanitizationConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { + node.(DataFlow::CallNode).getCalleeName() = "escapeHtml" + } - override predicate isSink(Node node) { - exists(CallNode call | + predicate isSink(DataFlow::Node node) { + exists(DataFlow::CallNode call | call.getCalleeName().matches("decodeURI%") and node = call.getArgument(0) ) } } -from DecodingAfterSanitization cfg, PathNode source, PathNode sink -where cfg.hasFlowPath(source, sink) +module DecodingAfterSanitizationFlow = TaintTracking::Global; + +import DecodingAfterSanitizationFlow::PathGraph + +from DecodingAfterSanitizationFlow::PathNode source, DecodingAfterSanitizationFlow::PathNode sink +where DecodingAfterSanitizationFlow::flowPath(source, sink) select sink.getNode(), source, sink, "URI decoding invalidates the HTML sanitization performed $@.", source.getNode(), "here" diff --git a/javascript/ql/examples/queries/dataflow/DecodingAfterSanitization/DecodingAfterSanitizationGeneralized.ql b/javascript/ql/examples/queries/dataflow/DecodingAfterSanitization/DecodingAfterSanitizationGeneralized.ql index 257872c2752f..d10799a8916e 100644 --- a/javascript/ql/examples/queries/dataflow/DecodingAfterSanitization/DecodingAfterSanitizationGeneralized.ql +++ b/javascript/ql/examples/queries/dataflow/DecodingAfterSanitization/DecodingAfterSanitizationGeneralized.ql @@ -9,16 +9,14 @@ */ import javascript -import DataFlow -import DataFlow::PathGraph /** * A call to a function that may introduce HTML meta-characters by * replacing `%3C` or `\u003C` with `<`. */ -class DecodingCall extends CallNode { +class DecodingCall extends DataFlow::CallNode { string kind; - Node input; + DataFlow::Node input; DecodingCall() { this.getCalleeName().matches("decodeURI%") and @@ -33,20 +31,24 @@ class DecodingCall extends CallNode { string getKind() { result = kind } /** Gets the input being decoded. */ - Node getInput() { result = input } + DataFlow::Node getInput() { result = input } } -class DecodingAfterSanitization extends TaintTracking::Configuration { - DecodingAfterSanitization() { this = "DecodingAfterSanitization" } +module DecodingAfterSanitizationConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node instanceof HtmlSanitizerCall } - override predicate isSource(Node node) { node instanceof HtmlSanitizerCall } - - override predicate isSink(Node node) { node = any(DecodingCall c).getInput() } + predicate isSink(DataFlow::Node node) { node = any(DecodingCall c).getInput() } } -from DecodingAfterSanitization cfg, PathNode source, PathNode sink, DecodingCall decoder +module DecodingAfterSanitizationFlow = TaintTracking::Global; + +import DecodingAfterSanitizationFlow::PathGraph + +from + DecodingAfterSanitizationFlow::PathNode source, DecodingAfterSanitizationFlow::PathNode sink, + DecodingCall decoder where - cfg.hasFlowPath(source, sink) and + DecodingAfterSanitizationFlow::flowPath(source, sink) and decoder.getInput() = sink.getNode() select sink.getNode(), source, sink, decoder.getKind() + " invalidates $@.", source.getNode(), "this HTML sanitization" diff --git a/javascript/ql/examples/queries/dataflow/EvalTaint/EvalTaint.ql b/javascript/ql/examples/queries/dataflow/EvalTaint/EvalTaint.ql index 722082374453..2990b3dcf8fc 100644 --- a/javascript/ql/examples/queries/dataflow/EvalTaint/EvalTaint.ql +++ b/javascript/ql/examples/queries/dataflow/EvalTaint/EvalTaint.ql @@ -8,16 +8,17 @@ */ import javascript -import DataFlow -class EvalTaint extends TaintTracking::Configuration { - EvalTaint() { this = "EvalTaint" } +module EvalTaintConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node instanceof RemoteFlowSource } - override predicate isSource(Node node) { node instanceof RemoteFlowSource } - - override predicate isSink(Node node) { node = globalVarRef("eval").getACall().getArgument(0) } + predicate isSink(DataFlow::Node node) { + node = DataFlow::globalVarRef("eval").getACall().getArgument(0) + } } -from EvalTaint cfg, Node source, Node sink -where cfg.hasFlow(source, sink) +module EvalTaintFlow = TaintTracking::Global; + +from DataFlow::Node source, DataFlow::Node sink +where EvalTaintFlow::flow(source, sink) select sink, "Eval with user-controlled input from $@.", source, "here" diff --git a/javascript/ql/examples/queries/dataflow/EvalTaint/EvalTaintPath.ql b/javascript/ql/examples/queries/dataflow/EvalTaint/EvalTaintPath.ql index 1b07ed151bdc..ca49748bd1d4 100644 --- a/javascript/ql/examples/queries/dataflow/EvalTaint/EvalTaintPath.ql +++ b/javascript/ql/examples/queries/dataflow/EvalTaint/EvalTaintPath.ql @@ -9,18 +9,20 @@ */ import javascript -import DataFlow -import DataFlow::PathGraph -class EvalTaint extends TaintTracking::Configuration { - EvalTaint() { this = "EvalTaint" } +module EvalTaintConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node instanceof RemoteFlowSource } - override predicate isSource(Node node) { node instanceof RemoteFlowSource } - - override predicate isSink(Node node) { node = globalVarRef("eval").getACall().getArgument(0) } + predicate isSink(DataFlow::Node node) { + node = DataFlow::globalVarRef("eval").getACall().getArgument(0) + } } -from EvalTaint cfg, PathNode source, PathNode sink -where cfg.hasFlowPath(source, sink) +module EvalTaintFlow = TaintTracking::Global; + +import EvalTaintFlow::PathGraph + +from EvalTaintFlow::PathNode source, EvalTaintFlow::PathNode sink +where EvalTaintFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Eval with user-controlled input from $@.", source.getNode(), "here" diff --git a/javascript/ql/examples/queries/dataflow/InformationDisclosure/InformationDisclosure.ql b/javascript/ql/examples/queries/dataflow/InformationDisclosure/InformationDisclosure.ql index 1fe76a178e2f..64a1c6c801f3 100644 --- a/javascript/ql/examples/queries/dataflow/InformationDisclosure/InformationDisclosure.ql +++ b/javascript/ql/examples/queries/dataflow/InformationDisclosure/InformationDisclosure.ql @@ -9,8 +9,6 @@ */ import javascript -import DataFlow -import DataFlow::PathGraph /** * A dataflow configuration that tracks authentication tokens ("authKey") @@ -26,33 +24,37 @@ import DataFlow::PathGraph * }), '*'); * ``` */ -class AuthKeyTracking extends DataFlow::Configuration { - AuthKeyTracking() { this = "AuthKeyTracking" } - - override predicate isSource(Node node) { node.(PropRead).getPropertyName() = "authKey" } +module AuthKeyTrackingConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { + node.(DataFlow::PropRead).getPropertyName() = "authKey" + } - override predicate isSink(Node node) { - exists(MethodCallNode call | + predicate isSink(DataFlow::Node node) { + exists(DataFlow::MethodCallNode call | call.getMethodName() = "postMessage" and call.getArgument(1).getStringValue() = "*" and // no restriction on target origin call.getArgument(0) = node ) } - override predicate isAdditionalFlowStep(Node pred, Node succ) { + predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) { // Step into objects: x -> { f: x } - succ.(SourceNode).getAPropertyWrite().getRhs() = pred + succ.(DataFlow::SourceNode).getAPropertyWrite().getRhs() = pred or // Step through JSON serialization: x -> JSON.stringify(x) // Note: TaintTracking::Configuration includes this step by default, but not DataFlow::Configuration - exists(CallNode call | - call = globalVarRef("JSON").getAMethodCall("stringify") and + exists(DataFlow::CallNode call | + call = DataFlow::globalVarRef("JSON").getAMethodCall("stringify") and pred = call.getArgument(0) and succ = call ) } } -from AuthKeyTracking cfg, PathNode source, PathNode sink -where cfg.hasFlowPath(source, sink) +module AuthKeyTracking = DataFlow::Global; + +import AuthKeyTracking::PathGraph + +from AuthKeyTracking::PathNode source, AuthKeyTracking::PathNode sink +where AuthKeyTracking::flowPath(source, sink) select sink.getNode(), source, sink, "Message leaks the authKey from $@.", source.getNode(), "here" diff --git a/javascript/ql/examples/queries/dataflow/StoredXss/StoredXss.ql b/javascript/ql/examples/queries/dataflow/StoredXss/StoredXss.ql index c31095d4995c..09cbd0492007 100644 --- a/javascript/ql/examples/queries/dataflow/StoredXss/StoredXss.ql +++ b/javascript/ql/examples/queries/dataflow/StoredXss/StoredXss.ql @@ -9,7 +9,7 @@ import javascript import semmle.javascript.security.dataflow.StoredXssQuery -import DataFlow::PathGraph +import StoredXssFlow::PathGraph /** * The data returned from a MySQL query, such as the `data` parameter in this example: @@ -31,6 +31,6 @@ class MysqlSource extends Source { } } -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from StoredXssFlow::PathNode source, StoredXssFlow::PathNode sink +where StoredXssFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Stored XSS from $@.", source.getNode(), "database value." diff --git a/javascript/ql/examples/queries/dataflow/StoredXss/StoredXssTypeTracking.ql b/javascript/ql/examples/queries/dataflow/StoredXss/StoredXssTypeTracking.ql index f10479daf934..e92667a8c0fe 100644 --- a/javascript/ql/examples/queries/dataflow/StoredXss/StoredXssTypeTracking.ql +++ b/javascript/ql/examples/queries/dataflow/StoredXss/StoredXssTypeTracking.ql @@ -10,7 +10,7 @@ import javascript import semmle.javascript.security.dataflow.StoredXssQuery -import DataFlow::PathGraph +import StoredXssFlow::PathGraph /** * Gets an instance of `mysql.createConnection()`, tracked globally. @@ -45,6 +45,6 @@ class MysqlSource extends Source { MysqlSource() { this = mysqlConnection().getAMethodCall("query").getCallback(1).getParameter(1) } } -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from StoredXssFlow::PathNode source, StoredXssFlow::PathNode sink +where StoredXssFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Stored XSS from $@.", source.getNode(), "database value." diff --git a/javascript/ql/examples/queries/dataflow/TemplateInjection/TemplateInjection.ql b/javascript/ql/examples/queries/dataflow/TemplateInjection/TemplateInjection.ql index b146b19e54dd..51aa6c6a7c3c 100644 --- a/javascript/ql/examples/queries/dataflow/TemplateInjection/TemplateInjection.ql +++ b/javascript/ql/examples/queries/dataflow/TemplateInjection/TemplateInjection.ql @@ -8,8 +8,6 @@ */ import javascript -import DataFlow -import DataFlow::PathGraph /** * Gets the name of an unescaped placeholder in a lodash template. @@ -21,13 +19,11 @@ string getAPlaceholderInString(string s) { result = s.regexpCapture(".*<%=\\s*([a-zA-Z0-9_]+)\\s*%>.*", 1) } -class TemplateInjection extends TaintTracking::Configuration { - TemplateInjection() { this = "TemplateInjection" } +module TemplateInjectionConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node instanceof RemoteFlowSource } - override predicate isSource(Node node) { node instanceof RemoteFlowSource } - - override predicate isSink(Node node) { - exists(CallNode call, string placeholder | + predicate isSink(DataFlow::Node node) { + exists(DataFlow::CallNode call, string placeholder | call = LodashUnderscore::member("template").getACall() and placeholder = getAPlaceholderInString(call.getArgument(0).getStringValue()) and node = call.getOptionArgument(1, placeholder) @@ -35,7 +31,11 @@ class TemplateInjection extends TaintTracking::Configuration { } } -from TemplateInjection cfg, PathNode source, PathNode sink -where cfg.hasFlowPath(source, sink) +module TemplateInjectionFlow = TaintTracking::Global; + +import TemplateInjectionFlow::PathGraph + +from TemplateInjectionFlow::PathNode source, TemplateInjectionFlow::PathNode sink +where TemplateInjectionFlow::flowPath(source, sink) select sink.getNode(), source, sink, "User-controlled value from $@ occurs unescaped in a lodash template.", source.getNode(), "here." diff --git a/javascript/ql/lib/semmle/javascript/AMD.qll b/javascript/ql/lib/semmle/javascript/AMD.qll index b28dd5b9b72d..3239dba9026d 100644 --- a/javascript/ql/lib/semmle/javascript/AMD.qll +++ b/javascript/ql/lib/semmle/javascript/AMD.qll @@ -6,6 +6,7 @@ import javascript private import semmle.javascript.internal.CachedStages private import Expressions.ExprHasNoEffect +private import semmle.javascript.dataflow.internal.DataFlowNode /** * Companion module to the `AmdModuleDefinition` class. @@ -84,10 +85,15 @@ class AmdModuleDefinition extends CallExpr instanceof AmdModuleDefinition::Range result instanceof DataFlow::ValueNode } - private DataFlow::Node getFactoryNodeInternal() { - // To avoid recursion, this should not depend on `SourceNode`. - result = DataFlow::valueNode(this.getLastArgument()) or - result = this.getFactoryNodeInternal().getAPredecessor() + /** + * Gets the factory function of this module definition. + */ + Function getFactoryFunction() { TValueNode(result) = this.getFactoryNodeInternal() } + + private EarlyStageNode getFactoryNodeInternal() { + result = TValueNode(this.getLastArgument()) + or + DataFlow::localFlowStep(result, this.getFactoryNodeInternal()) } /** Gets the expression defining this module. */ @@ -139,7 +145,10 @@ class AmdModuleDefinition extends CallExpr instanceof AmdModuleDefinition::Range * Gets the `i`th parameter of the factory function of this module. */ private Parameter getFactoryParameter(int i) { - this.getFactoryNodeInternal().asExpr().(Function).getParameter(i) = result + exists(Function fun | + this.getFactoryNodeInternal() = TValueNode(fun) and + result = fun.getParameter(i) + ) } /** diff --git a/javascript/ql/lib/semmle/javascript/Arrays.qll b/javascript/ql/lib/semmle/javascript/Arrays.qll index a7cf62078a1c..33684733a509 100644 --- a/javascript/ql/lib/semmle/javascript/Arrays.qll +++ b/javascript/ql/lib/semmle/javascript/Arrays.qll @@ -9,7 +9,7 @@ module ArrayTaintTracking { /** * A taint propagating data flow edge caused by the builtin array functions. */ - private class ArrayFunctionTaintStep extends TaintTracking::SharedTaintStep { + private class ArrayFunctionTaintStep extends TaintTracking::LegacyTaintStep { override predicate arrayStep(DataFlow::Node pred, DataFlow::Node succ) { arrayFunctionTaintStep(pred, succ, _) } @@ -119,7 +119,7 @@ private module ArrayDataFlow { * A step modeling the creation of an Array using the `Array.from(x)` method. * The step copies the elements of the argument (set, array, or iterator elements) into the resulting array. */ - private class ArrayFrom extends PreCallGraphStep { + private class ArrayFrom extends LegacyPreCallGraphStep { override predicate loadStoreStep( DataFlow::Node pred, DataFlow::SourceNode succ, string fromProp, string toProp ) { @@ -139,7 +139,7 @@ private module ArrayDataFlow { * * Such a step can occur both with the `push` and `unshift` methods, or when creating a new array. */ - private class ArrayCopySpread extends PreCallGraphStep { + private class ArrayCopySpread extends LegacyPreCallGraphStep { override predicate loadStoreStep( DataFlow::Node pred, DataFlow::SourceNode succ, string fromProp, string toProp ) { @@ -160,7 +160,7 @@ private module ArrayDataFlow { /** * A step for storing an element on an array using `arr.push(e)` or `arr.unshift(e)`. */ - private class ArrayAppendStep extends PreCallGraphStep { + private class ArrayAppendStep extends LegacyPreCallGraphStep { override predicate storeStep(DataFlow::Node element, DataFlow::SourceNode obj, string prop) { prop = arrayElement() and exists(DataFlow::MethodCallNode call | @@ -191,7 +191,7 @@ private module ArrayDataFlow { * A step for reading/writing an element from an array inside a for-loop. * E.g. a read from `foo[i]` to `bar` in `for(var i = 0; i < arr.length; i++) {bar = foo[i]}`. */ - private class ArrayIndexingStep extends PreCallGraphStep { + private class ArrayIndexingStep extends LegacyPreCallGraphStep { override predicate loadStep(DataFlow::Node obj, DataFlow::Node element, string prop) { exists(ArrayIndexingAccess access | prop = arrayElement() and @@ -213,7 +213,7 @@ private module ArrayDataFlow { * A step for retrieving an element from an array using `.pop()`, `.shift()`, or `.at()`. * E.g. `array.pop()`. */ - private class ArrayPopStep extends PreCallGraphStep { + private class ArrayPopStep extends LegacyPreCallGraphStep { override predicate loadStep(DataFlow::Node obj, DataFlow::Node element, string prop) { exists(DataFlow::MethodCallNode call | call.getMethodName() = ["pop", "shift", "at"] and @@ -234,7 +234,7 @@ private module ArrayDataFlow { * * And the second parameter in the callback is the array ifself, so there is a `loadStoreStep` from the array to that second parameter. */ - private class ArrayIteration extends PreCallGraphStep { + private class ArrayIteration extends LegacyPreCallGraphStep { override predicate loadStep(DataFlow::Node obj, DataFlow::Node element, string prop) { exists(DataFlow::MethodCallNode call | call.getMethodName() = ["map", "forEach"] and @@ -266,7 +266,7 @@ private module ArrayDataFlow { /** * A step for creating an array and storing the elements in the array. */ - private class ArrayCreationStep extends PreCallGraphStep { + private class ArrayCreationStep extends LegacyPreCallGraphStep { override predicate storeStep(DataFlow::Node element, DataFlow::SourceNode obj, string prop) { exists(DataFlow::ArrayCreationNode array, int i | element = array.getElement(i) and @@ -280,7 +280,7 @@ private module ArrayDataFlow { * A step modeling that `splice` can insert elements into an array. * For example in `array.splice(i, del, e1, e2, ...)`: if any item is tainted, then so is `array` */ - private class ArraySpliceStep extends PreCallGraphStep { + private class ArraySpliceStep extends LegacyPreCallGraphStep { override predicate storeStep(DataFlow::Node element, DataFlow::SourceNode obj, string prop) { exists(DataFlow::MethodCallNode call | call.getMethodName() = "splice" and @@ -308,7 +308,7 @@ private module ArrayDataFlow { * A step for modeling `concat`. * For example in `e = arr1.concat(arr2, arr3)`: if any of the `arr` is tainted, then so is `e`. */ - private class ArrayConcatStep extends PreCallGraphStep { + private class ArrayConcatStep extends LegacyPreCallGraphStep { override predicate loadStoreStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { exists(DataFlow::MethodCallNode call | call.getMethodName() = "concat" and @@ -322,7 +322,7 @@ private module ArrayDataFlow { /** * A step for modeling that elements from an array `arr` also appear in the result from calling `slice`/`splice`/`filter`. */ - private class ArraySliceStep extends PreCallGraphStep { + private class ArraySliceStep extends LegacyPreCallGraphStep { override predicate loadStoreStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { exists(DataFlow::MethodCallNode call | call.getMethodName() = ["slice", "splice", "filter"] and @@ -336,7 +336,7 @@ private module ArrayDataFlow { /** * A step modeling that elements from an array `arr` are received by calling `find`. */ - private class ArrayFindStep extends PreCallGraphStep { + private class ArrayFindStep extends LegacyPreCallGraphStep { override predicate loadStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { exists(DataFlow::CallNode call | call = arrayFindCall(pred) and @@ -386,7 +386,7 @@ private module ArrayLibraries { /** * A taint step through the `arrify` library, or other libraries that (maybe) convert values into arrays. */ - private class ArrayifyStep extends TaintTracking::SharedTaintStep { + private class ArrayifyStep extends TaintTracking::LegacyTaintStep { override predicate step(DataFlow::Node pred, DataFlow::Node succ) { exists(API::CallNode call | call = API::moduleImport(["arrify", "array-ify"]).getACall() | pred = call.getArgument(0) and succ = call @@ -406,7 +406,7 @@ private module ArrayLibraries { /** * A taint step for a library that copies the elements of an array into another array. */ - private class ArrayCopyTaint extends TaintTracking::SharedTaintStep { + private class ArrayCopyTaint extends TaintTracking::LegacyTaintStep { override predicate step(DataFlow::Node pred, DataFlow::Node succ) { exists(DataFlow::CallNode call | call = arrayCopyCall(pred) and @@ -418,7 +418,7 @@ private module ArrayLibraries { /** * A loadStoreStep for a library that copies the elements of an array into another array. */ - private class ArrayCopyLoadStore extends PreCallGraphStep { + private class ArrayCopyLoadStore extends LegacyPreCallGraphStep { override predicate loadStoreStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { exists(DataFlow::CallNode call | call = arrayCopyCall(pred) and @@ -431,7 +431,7 @@ private module ArrayLibraries { /** * A taint step through a call to `Array.prototype.flat` or a polyfill implementing array flattening. */ - private class ArrayFlatStep extends TaintTracking::SharedTaintStep { + private class ArrayFlatStep extends TaintTracking::LegacyTaintStep { override predicate step(DataFlow::Node pred, DataFlow::Node succ) { exists(DataFlow::CallNode call | succ = call | call.(DataFlow::MethodCallNode).getMethodName() = "flat" and diff --git a/javascript/ql/lib/semmle/javascript/Collections.qll b/javascript/ql/lib/semmle/javascript/Collections.qll index a0e251554ff7..5f54dc57f1b2 100644 --- a/javascript/ql/lib/semmle/javascript/Collections.qll +++ b/javascript/ql/lib/semmle/javascript/Collections.qll @@ -16,7 +16,7 @@ private module CollectionDataFlow { /** * A step for `Set.add()` method, which adds an element to a Set. */ - private class SetAdd extends PreCallGraphStep { + private class SetAdd extends LegacyPreCallGraphStep { override predicate storeStep(DataFlow::Node element, DataFlow::SourceNode obj, string prop) { exists(DataFlow::MethodCallNode call | call = obj.getAMethodCall("add") and @@ -29,7 +29,7 @@ private module CollectionDataFlow { /** * A step for the `Set` constructor, which copies any elements from the first argument into the resulting set. */ - private class SetConstructor extends PreCallGraphStep { + private class SetConstructor extends LegacyPreCallGraphStep { override predicate loadStoreStep( DataFlow::Node pred, DataFlow::SourceNode succ, string fromProp, string toProp ) { @@ -49,7 +49,7 @@ private module CollectionDataFlow { * For sets and iterators the l-value are the elements of the set/iterator. * For maps the l-value is a tuple containing a key and a value. */ - private class ForOfStep extends PreCallGraphStep { + private class ForOfStep extends LegacyPreCallGraphStep { override predicate loadStep(DataFlow::Node obj, DataFlow::Node e, string prop) { exists(ForOfStmt forOf | obj = forOf.getIterationDomain().flow() and @@ -73,7 +73,7 @@ private module CollectionDataFlow { /** * A step for a call to `forEach` on a Set or Map. */ - private class SetMapForEach extends PreCallGraphStep { + private class SetMapForEach extends LegacyPreCallGraphStep { override predicate loadStep(DataFlow::Node obj, DataFlow::Node element, string prop) { exists(DataFlow::MethodCallNode call | call.getMethodName() = "forEach" and @@ -88,7 +88,7 @@ private module CollectionDataFlow { * A call to the `get` method on a Map. * If the key of the call to `get` has a known string value, then only the value corresponding to that key will be retrieved. (The known string value is encoded as part of the pseudo-property) */ - private class MapGet extends PreCallGraphStep { + private class MapGet extends LegacyPreCallGraphStep { override predicate loadStep(DataFlow::Node obj, DataFlow::Node element, string prop) { exists(DataFlow::MethodCallNode call | call.getMethodName() = "get" and @@ -108,7 +108,7 @@ private module CollectionDataFlow { * Otherwise the value will be stored into a pseudo-property corresponding to values with unknown keys. * The value will additionally be stored into a pseudo-property corresponding to all values. */ - class MapSet extends PreCallGraphStep { + class MapSet extends LegacyPreCallGraphStep { override predicate storeStep(DataFlow::Node element, DataFlow::SourceNode obj, string prop) { exists(DataFlow::MethodCallNode call | call = obj.getAMethodCall("set") and @@ -121,7 +121,7 @@ private module CollectionDataFlow { /** * A step for a call to `values` on a Map or a Set. */ - private class MapAndSetValues extends PreCallGraphStep { + private class MapAndSetValues extends LegacyPreCallGraphStep { override predicate loadStoreStep( DataFlow::Node pred, DataFlow::SourceNode succ, string fromProp, string toProp ) { @@ -138,7 +138,7 @@ private module CollectionDataFlow { /** * A step for a call to `keys` on a Set. */ - private class SetKeys extends PreCallGraphStep { + private class SetKeys extends LegacyPreCallGraphStep { override predicate loadStoreStep( DataFlow::Node pred, DataFlow::SourceNode succ, string fromProp, string toProp ) { diff --git a/javascript/ql/lib/semmle/javascript/Generators.qll b/javascript/ql/lib/semmle/javascript/Generators.qll index 06a19d1cfdfd..b2b81ef5c882 100644 --- a/javascript/ql/lib/semmle/javascript/Generators.qll +++ b/javascript/ql/lib/semmle/javascript/Generators.qll @@ -11,7 +11,7 @@ private import semmle.javascript.dataflow.internal.PreCallGraphStep private module GeneratorDataFlow { private import DataFlow::PseudoProperties - private class ArrayIteration extends PreCallGraphStep { + private class ArrayIteration extends LegacyPreCallGraphStep { override predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { exists(DataFlow::FunctionNode f | f.getFunction().isGenerator() | prop = iteratorElement() and diff --git a/javascript/ql/lib/semmle/javascript/NodeJS.qll b/javascript/ql/lib/semmle/javascript/NodeJS.qll index 221cee084b67..5e12c66bb097 100644 --- a/javascript/ql/lib/semmle/javascript/NodeJS.qll +++ b/javascript/ql/lib/semmle/javascript/NodeJS.qll @@ -4,6 +4,7 @@ import javascript private import NodeModuleResolutionImpl private import semmle.javascript.DynamicPropertyAccess as DynamicPropertyAccess private import semmle.javascript.internal.CachedStages +private import semmle.javascript.dataflow.internal.DataFlowNode /** * A Node.js module. @@ -240,60 +241,69 @@ private class RequireVariable extends Variable { */ private predicate moduleInFile(Module m, File f) { m.getFile() = f } -private predicate isModuleModule(DataFlow::Node nd) { - exists(ImportDeclaration imp | - imp.getImportedPath().getValue() = "module" and - nd = - [ - DataFlow::destructuredModuleImportNode(imp), - DataFlow::valueNode(imp.getASpecifier().(ImportNamespaceSpecifier)) - ] +private predicate isModuleModule(EarlyStageNode nd) { + exists(ImportDeclaration imp | imp.getImportedPath().getValue() = "module" | + nd = TDestructuredModuleImportNode(imp) + or + nd = TValueNode(imp.getASpecifier().(ImportNamespaceSpecifier)) ) or - isModuleModule(nd.getAPredecessor()) + exists(EarlyStageNode other | + isModuleModule(other) and + DataFlow::localFlowStep(other, nd) + ) } -private predicate isCreateRequire(DataFlow::Node nd) { +private predicate isCreateRequire(EarlyStageNode nd) { exists(PropAccess prop | - isModuleModule(prop.getBase().flow()) and + isModuleModule(TValueNode(prop.getBase())) and prop.getPropertyName() = "createRequire" and - nd = prop.flow() + nd = TValueNode(prop) ) or exists(PropertyPattern prop | - isModuleModule(prop.getObjectPattern().flow()) and + isModuleModule(TValueNode(prop.getObjectPattern())) and prop.getName() = "createRequire" and - nd = prop.getValuePattern().flow() + nd = TValueNode(prop.getValuePattern()) ) or exists(ImportDeclaration decl, NamedImportSpecifier spec | decl.getImportedPath().getValue() = "module" and spec = decl.getASpecifier() and spec.getImportedName() = "createRequire" and - nd = spec.flow() + nd = TValueNode(spec) ) or - isCreateRequire(nd.getAPredecessor()) + exists(EarlyStageNode other | + isCreateRequire(other) and + DataFlow::localFlowStep(other, nd) + ) } /** * Holds if `nd` may refer to `require`, either directly or modulo local data flow. */ cached -private predicate isRequire(DataFlow::Node nd) { - nd.asExpr() = any(RequireVariable req).getAnAccess() and - // `mjs` files explicitly disallow `require` - not nd.getFile().getExtension() = "mjs" +private predicate isRequire(EarlyStageNode nd) { + exists(VarAccess access | + access = any(RequireVariable v).getAnAccess() and + nd = TValueNode(access) and + // `mjs` files explicitly disallow `require` + not access.getFile().getExtension() = "mjs" + ) or - isRequire(nd.getAPredecessor()) + exists(EarlyStageNode other | + isRequire(other) and + DataFlow::localFlowStep(other, nd) + ) or // `import { createRequire } from 'module';`. // specialized to ES2015 modules to avoid recursion in the `DataFlow::moduleImport()` predicate and to avoid // negative recursion between `Import.getImportedModuleNode()` and `Import.getImportedModule()`, and // to avoid depending on `SourceNode` as this would make `SourceNode::Range` recursive. exists(CallExpr call | - isCreateRequire(call.getCallee().flow()) and - nd = call.flow() + isCreateRequire(TValueNode(call.getCallee())) and + nd = TValueNode(call) ) } @@ -307,7 +317,7 @@ private predicate isRequire(DataFlow::Node nd) { * ``` */ class Require extends CallExpr, Import { - Require() { isRequire(this.getCallee().flow()) } + Require() { isRequire(TValueNode(this.getCallee())) } override PathExpr getImportedPath() { result = this.getArgument(0) } @@ -401,7 +411,7 @@ private class RequirePath extends PathExprCandidate { this = any(Require req).getArgument(0) or exists(MethodCallExpr reqres | - isRequire(reqres.getReceiver().flow()) and + isRequire(TValueNode(reqres.getReceiver())) and reqres.getMethodName() = "resolve" and this = reqres.getArgument(0) ) diff --git a/javascript/ql/lib/semmle/javascript/Paths.qll b/javascript/ql/lib/semmle/javascript/Paths.qll index 5f8452f5251d..66a840e9f26b 100644 --- a/javascript/ql/lib/semmle/javascript/Paths.qll +++ b/javascript/ql/lib/semmle/javascript/Paths.qll @@ -4,6 +4,7 @@ */ import javascript +private import semmle.javascript.dataflow.internal.DataFlowNode /** * Internal representation of paths as lists of components. @@ -381,16 +382,16 @@ private class PathExprString extends PathString { } pragma[nomagic] -private DataFlow::Node getAPathExprAlias(PathExpr expr) { - result.getImmediatePredecessor().asExpr() = expr +private EarlyStageNode getAPathExprAlias(PathExpr expr) { + DataFlow::Impl::earlyStageImmediateFlowStep(TValueNode(expr), result) or - result.getImmediatePredecessor() = getAPathExprAlias(expr) + DataFlow::Impl::earlyStageImmediateFlowStep(getAPathExprAlias(expr), result) } private class PathExprFromAlias extends PathExpr { private PathExpr other; - PathExprFromAlias() { this = getAPathExprAlias(other).asExpr() } + PathExprFromAlias() { TValueNode(this) = getAPathExprAlias(other) } override string getValue() { result = other.getValue() } @@ -435,13 +436,15 @@ abstract class PathExprCandidate extends Expr { pragma[nomagic] private Expr getAPart1() { result = this or result = this.getAPart().getAChildExpr() } + private EarlyStageNode getAnAliasedPart1() { + result = TValueNode(this.getAPart1()) + or + DataFlow::Impl::earlyStageImmediateFlowStep(result, this.getAnAliasedPart1()) + } + /** - * Gets an expression that is nested inside this expression. - * - * Equivalent to `getAChildExpr*()`, but useful to enforce a better join order (in spite of - * what the optimizer thinks, there are generally far fewer `PathExprCandidate`s than - * `ConstantString`s). + * Gets an expression that is depended on by an expression nested inside this expression. */ pragma[nomagic] - Expr getAPart() { result = this.getAPart1().flow().getImmediatePredecessor*().asExpr() } + Expr getAPart() { TValueNode(result) = this.getAnAliasedPart1() } } diff --git a/javascript/ql/lib/semmle/javascript/Promises.qll b/javascript/ql/lib/semmle/javascript/Promises.qll index bb1ee9326d83..f25fa2bc820d 100644 --- a/javascript/ql/lib/semmle/javascript/Promises.qll +++ b/javascript/ql/lib/semmle/javascript/Promises.qll @@ -6,7 +6,9 @@ import javascript private import dataflow.internal.StepSummary /** - * A definition of a `Promise` object. + * A call to the `Promise` constructor, such as `new Promise((resolve, reject) => { ... })`. + * + * This includes calls to the built-in `Promise` constructor as well as promise implementations from known libraries, such as `bluebird`. */ abstract class PromiseDefinition extends DataFlow::SourceNode { /** Gets the executor function of this promise object. */ @@ -196,6 +198,8 @@ module Promises { override string getAProperty() { result = [valueProp(), errorProp()] } } + + predicate promiseConstructorRef = getAPromiseObject/0; } /** @@ -267,7 +271,7 @@ private import semmle.javascript.dataflow.internal.PreCallGraphStep * These steps are for `await p`, `new Promise()`, `Promise.resolve()`, * `Promise.then()`, `Promise.catch()`, and `Promise.finally()`. */ -private class PromiseStep extends PreCallGraphStep { +private class PromiseStep extends LegacyPreCallGraphStep { override predicate loadStep(DataFlow::Node obj, DataFlow::Node element, string prop) { PromiseFlow::loadStep(obj, element, prop) } @@ -459,7 +463,7 @@ module PromiseFlow { } } -private class PromiseTaintStep extends TaintTracking::SharedTaintStep { +private class PromiseTaintStep extends TaintTracking::LegacyTaintStep { override predicate promiseStep(DataFlow::Node pred, DataFlow::Node succ) { // from `x` to `new Promise((res, rej) => res(x))` pred = succ.(PromiseDefinition).getResolveParameter().getACall().getArgument(0) @@ -530,7 +534,7 @@ private module AsyncReturnSteps { /** * A data-flow step for ordinary and exceptional returns from async functions. */ - private class AsyncReturn extends PreCallGraphStep { + private class AsyncReturn extends LegacyPreCallGraphStep { override predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { exists(DataFlow::FunctionNode f | f.getFunction().isAsync() | // ordinary return @@ -548,7 +552,7 @@ private module AsyncReturnSteps { /** * A data-flow step for ordinary return from an async function in a taint configuration. */ - private class AsyncTaintReturn extends TaintTracking::SharedTaintStep { + private class AsyncTaintReturn extends TaintTracking::LegacyTaintStep { override predicate step(DataFlow::Node pred, DataFlow::Node succ) { exists(Function f | f.isAsync() and @@ -665,7 +669,7 @@ private module ClosurePromise { /** * Taint steps through closure promise methods. */ - private class ClosurePromiseTaintStep extends TaintTracking::SharedTaintStep { + private class ClosurePromiseTaintStep extends TaintTracking::LegacyTaintStep { override predicate step(DataFlow::Node pred, DataFlow::Node succ) { // static methods in goog.Promise exists(DataFlow::CallNode call, string name | @@ -699,8 +703,9 @@ private module DynamicImportSteps { * let Foo = await import('./foo'); * ``` */ - class DynamicImportStep extends PreCallGraphStep { + class DynamicImportStep extends LegacyPreCallGraphStep { override predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { + // TODO: this step needs to be ported to dataflow2 exists(DynamicImportExpr imprt | pred = imprt.getImportedModule().getAnExportedValue("default") and succ = imprt.flow() and diff --git a/javascript/ql/lib/semmle/javascript/StandardLibrary.qll b/javascript/ql/lib/semmle/javascript/StandardLibrary.qll index b40f10d93691..dc856fbab4bf 100644 --- a/javascript/ql/lib/semmle/javascript/StandardLibrary.qll +++ b/javascript/ql/lib/semmle/javascript/StandardLibrary.qll @@ -154,6 +154,15 @@ class StringReplaceCall extends DataFlow::MethodCallNode { new = ret.getStringValue() ) } + + /** + * Holds if this call takes a regexp containing a wildcard-like term such as `.`. + * + * Also see `RegExp::isWildcardLike`. + */ + final predicate hasRegExpContainingWildcard() { + RegExp::isWildcardLike(this.getRegExp().getRoot().getAChild*()) + } } /** diff --git a/javascript/ql/lib/semmle/javascript/dataflow/AdditionalFlowSteps.qll b/javascript/ql/lib/semmle/javascript/dataflow/AdditionalFlowSteps.qll new file mode 100644 index 000000000000..d3935d463f14 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/AdditionalFlowSteps.qll @@ -0,0 +1,388 @@ +/** + * This contains three step-contribution classes, in order to support graceful deprecation of the old data flow library. + * + * - `class AdditionalFlowStep`: steps used only by the new dataflow library + * - `class LegacyFlowStep`: steps used only by the old data flow library + * - `class SharedFlowStep`: steps used by both + * + * The latter two will be deprecated in the future, but are currently not marked as `deprecated`. + * This is because a library model should be able to support both data flow libraries simultaneously, without itself getting + * deprecation warnings. + * + * To simplify correct consumption of these steps there is a correspondingly-named module for each: + * + * - `module AdditionalFlowStep`: exposes steps from `AdditionalFlowStep` and `SharedFlowStep` subclasses. + * - `module LegacyFlowStep`: exposes steps from `LegacyFlowStep` and `SharedFlowStep` subclasses. + * - `module SharedFlowStep`: exposes steps from all three classes. + * + * This design is intended to simplify consumption of steps, and to ensure existing consumers of `SharedFlowStep` + * outside this codebase will continue to work with as few surprises as possible. + */ + +private import javascript +private import semmle.javascript.internal.CachedStages + +/** + * A value-preserving data flow edge that should be used in all data flow configurations in + * addition to standard data flow edges. + * + * This class is a singleton, and thus subclasses do not need to specify a characteristic predicate. + * + * Note: For performance reasons, all subclasses of this class should be part + * of the standard library. Override `Configuration::isAdditionalFlowStep` + * for analysis-specific flow steps. + */ +class AdditionalFlowStep extends Unit { + /** + * Holds if `pred` → `succ` should be considered a value-preserving data flow edge.f + */ + predicate step(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a value-preserving data flow edge that + * crosses calling contexts. + */ + predicate jumpStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` should be stored in the given `content` of the object `succ`. + */ + predicate storeStep(DataFlow::Node pred, DataFlow::ContentSet contents, DataFlow::Node succ) { + none() + } + + /** + * Holds if the given `content` of the object in `pred` should be read into `succ`. + */ + predicate readStep(DataFlow::Node pred, DataFlow::ContentSet contents, DataFlow::Node succ) { + none() + } +} + +/** + * Contains predicates for accessing the steps contributed by `AdditionalFlowStep` and `SharedFlowStep` subclasses. + */ +cached +module AdditionalFlowStep { + cached + private module Internal { + // Forces this to be part of the `FlowSteps` stage. + // We use a public predicate in a private module to avoid warnings about this being unused. + cached + predicate forceStage() { Stages::FlowSteps::ref() } + } + + bindingset[a, b] + pragma[inline_late] + private predicate sameContainer(DataFlow::Node a, DataFlow::Node b) { + a.getContainer() = b.getContainer() + } + + /** + * Holds if `pred` → `succ` should be considered a data flow edge. + */ + cached + predicate step(DataFlow::Node pred, DataFlow::Node succ) { + any(AdditionalFlowStep s).step(pred, succ) + or + any(SharedFlowStep s).step(pred, succ) and + sameContainer(pred, succ) + } + + /** + * Holds if `pred` → `succ` should be considered a value-preserving data flow edge that + * crosses calling contexts. + */ + cached + predicate jumpStep(DataFlow::Node pred, DataFlow::Node succ) { + any(AdditionalFlowStep s).jumpStep(pred, succ) + or + any(SharedFlowStep s).step(pred, succ) and + not sameContainer(pred, succ) + } + + /** + * Holds if `pred` should be stored in the object `succ` under the property `prop`. + */ + cached + predicate storeStep(DataFlow::Node pred, DataFlow::ContentSet contents, DataFlow::Node succ) { + any(AdditionalFlowStep s).storeStep(pred, contents, succ) + or + exists(string prop | + any(SharedFlowStep s).storeStep(pred, succ, prop) and + contents = DataFlow::ContentSet::fromLegacyProperty(prop) + ) + } + + /** + * Holds if the property `prop` of the object `pred` should be read into `succ`. + */ + cached + predicate readStep(DataFlow::Node pred, DataFlow::ContentSet contents, DataFlow::Node succ) { + any(AdditionalFlowStep s).readStep(pred, contents, succ) + or + exists(string prop | + any(SharedFlowStep s).loadStep(pred, succ, prop) and + contents = DataFlow::ContentSet::fromLegacyProperty(prop) + ) + } +} + +/** + * A data flow edge that is only seen by the old, deprecated data flow library. + * + * This class is typically used when a step has been replaced by a flow summary. Since the old data flow + * library does not support flow summaries, such a step should remain as a legacy step, until the old data flow + * library can be removed. + * + * Note: For performance reasons, all subclasses of this class should be part + * of the standard library. Override `Configuration::isAdditionalFlowStep` + * for analysis-specific flow steps. + */ +class LegacyFlowStep extends Unit { + /** + * Holds if `pred` → `succ` should be considered a data flow edge. + */ + predicate step(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a data flow edge + * transforming values with label `predlbl` to have label `succlbl`. + */ + predicate step( + DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel predlbl, + DataFlow::FlowLabel succlbl + ) { + none() + } + + /** + * Holds if `pred` should be stored in the object `succ` under the property `prop`. + * The object `succ` must be a `DataFlow::SourceNode` for the object wherein the value is stored. + */ + predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { none() } + + /** + * Holds if the property `prop` of the object `pred` should be loaded into `succ`. + */ + predicate loadStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { none() } + + /** + * Holds if the property `prop` should be copied from the object `pred` to the object `succ`. + */ + predicate loadStoreStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { none() } + + /** + * Holds if the property `loadProp` should be copied from the object `pred` to the property `storeProp` of object `succ`. + */ + predicate loadStoreStep( + DataFlow::Node pred, DataFlow::Node succ, string loadProp, string storeProp + ) { + none() + } +} + +/** + * Contains predicates for accessing the steps contributed by `LegacyFlowStep` and `SharedFlowStep` subclasses. + */ +cached +module LegacyFlowStep { + /** + * Holds if `pred` → `succ` should be considered a data flow edge. + */ + cached + predicate step(DataFlow::Node pred, DataFlow::Node succ) { + any(LegacyFlowStep s).step(pred, succ) + or + any(SharedFlowStep s).step(pred, succ) + } + + /** + * Holds if `pred` → `succ` should be considered a data flow edge + * transforming values with label `predlbl` to have label `succlbl`. + */ + cached + predicate step( + DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel predlbl, + DataFlow::FlowLabel succlbl + ) { + any(LegacyFlowStep s).step(pred, succ, predlbl, succlbl) + or + any(SharedFlowStep s).step(pred, succ, predlbl, succlbl) + } + + /** + * Holds if `pred` should be stored in the object `succ` under the property `prop`. + * The object `succ` must be a `DataFlow::SourceNode` for the object wherein the value is stored. + */ + cached + predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { + any(LegacyFlowStep s).storeStep(pred, succ, prop) + or + any(SharedFlowStep s).storeStep(pred, succ, prop) + } + + /** + * Holds if the property `prop` of the object `pred` should be loaded into `succ`. + */ + cached + predicate loadStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { + any(LegacyFlowStep s).loadStep(pred, succ, prop) + or + any(SharedFlowStep s).loadStep(pred, succ, prop) + } + + /** + * Holds if the property `prop` should be copied from the object `pred` to the object `succ`. + */ + cached + predicate loadStoreStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { + any(LegacyFlowStep s).loadStoreStep(pred, succ, prop) + or + any(SharedFlowStep s).loadStoreStep(pred, succ, prop) + } + + /** + * Holds if the property `loadProp` should be copied from the object `pred` to the property `storeProp` of object `succ`. + */ + cached + predicate loadStoreStep( + DataFlow::Node pred, DataFlow::Node succ, string loadProp, string storeProp + ) { + any(LegacyFlowStep s).loadStoreStep(pred, succ, loadProp, storeProp) + or + any(SharedFlowStep s).loadStoreStep(pred, succ, loadProp, storeProp) + } +} + +/** + * A data flow edge that should be added to all data flow configurations in + * addition to standard data flow edges. + * + * This class is a singleton, and thus subclasses do not need to specify a characteristic predicate. + * + * Note: For performance reasons, all subclasses of this class should be part + * of the standard library. Override `Configuration::isAdditionalFlowStep` + * for analysis-specific flow steps. + */ +class SharedFlowStep extends Unit { + /** + * Holds if `pred` → `succ` should be considered a data flow edge. + */ + predicate step(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a data flow edge + * transforming values with label `predlbl` to have label `succlbl`. + */ + predicate step( + DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel predlbl, + DataFlow::FlowLabel succlbl + ) { + none() + } + + /** + * Holds if `pred` should be stored in the object `succ` under the property `prop`. + * The object `succ` must be a `DataFlow::SourceNode` for the object wherein the value is stored. + */ + predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { none() } + + /** + * Holds if the property `prop` of the object `pred` should be loaded into `succ`. + */ + predicate loadStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { none() } + + /** + * Holds if the property `prop` should be copied from the object `pred` to the object `succ`. + */ + predicate loadStoreStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { none() } + + /** + * Holds if the property `loadProp` should be copied from the object `pred` to the property `storeProp` of object `succ`. + */ + predicate loadStoreStep( + DataFlow::Node pred, DataFlow::Node succ, string loadProp, string storeProp + ) { + none() + } +} + +/** + * Contains predicates for accessing the steps contributed by `SharedFlowStep`, `LegacyFlowStep`, and `AdditionalFlowStep` subclasses. + */ +module SharedFlowStep { + /** + * Holds if `pred` → `succ` should be considered a data flow edge. + */ + pragma[inline] + predicate step(DataFlow::Node pred, DataFlow::Node succ) { + any(SharedFlowStep s).step(pred, succ) + or + any(AdditionalFlowStep s).step(pred, succ) + or + any(LegacyFlowStep s).step(pred, succ) + } + + /** + * Holds if `pred` should be stored in the object `succ` under the property `prop`. + * The object `succ` must be a `DataFlow::SourceNode` for the object wherein the value is stored. + */ + pragma[inline] + predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { + any(SharedFlowStep s).storeStep(pred, succ, prop) + or + any(AdditionalFlowStep s) + .storeStep(pred, DataFlow::ContentSet::property(prop), succ.getALocalUse()) + or + any(LegacyFlowStep s).storeStep(pred, succ, prop) + } + + /** + * Holds if the property `prop` of the object `pred` should be loaded into `succ`. + */ + pragma[inline] + predicate loadStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { + any(SharedFlowStep s).loadStep(pred, succ, prop) + or + any(AdditionalFlowStep s).readStep(pred, DataFlow::ContentSet::property(prop), succ) + or + any(LegacyFlowStep s).loadStep(pred, succ, prop) + } + + // The following are aliases for old step predicates that have no corresponding predicate in AdditionalFlowStep + /** + * Holds if `pred` → `succ` should be considered a data flow edge + * transforming values with label `predlbl` to have label `succlbl`. + */ + predicate step( + DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel predlbl, + DataFlow::FlowLabel succlbl + ) { + any(SharedFlowStep s).step(pred, succ, predlbl, succlbl) + or + any(LegacyFlowStep s).step(pred, succ, predlbl, succlbl) + } + + /** + * Holds if the property `prop` should be copied from the object `pred` to the object `succ`. + */ + cached + predicate loadStoreStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { + any(SharedFlowStep s).loadStoreStep(pred, succ, prop) + or + any(LegacyFlowStep s).loadStoreStep(pred, succ, prop) + } + + /** + * Holds if the property `loadProp` should be copied from the object `pred` to the property `storeProp` of object `succ`. + */ + cached + predicate loadStoreStep( + DataFlow::Node pred, DataFlow::Node succ, string loadProp, string storeProp + ) { + any(SharedFlowStep s).loadStoreStep(pred, succ, loadProp, storeProp) + or + any(LegacyFlowStep s).loadStoreStep(pred, succ, loadProp, storeProp) + } +} diff --git a/javascript/ql/lib/semmle/javascript/dataflow/AdditionalTaintSteps.qll b/javascript/ql/lib/semmle/javascript/dataflow/AdditionalTaintSteps.qll new file mode 100644 index 000000000000..86eb6078a72d --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/AdditionalTaintSteps.qll @@ -0,0 +1,426 @@ +/** + * Note: The contents of this file are exposed with the `TaintTracking::` prefix, via an import in `TaintTracking.qll`. + */ + +private import javascript +private import semmle.javascript.internal.CachedStages + +/** + * A taint-propagating data flow edge that should be added to all taint tracking + * configurations, but only those that use the new data flow library. + * + * This class is a singleton, and thus subclasses do not need to specify a characteristic predicate. + * + * Note: For performance reasons, all subclasses of this class should be part + * of the standard library. Override `Configuration::isAdditionalTaintStep` + * for analysis-specific taint steps. + */ +class AdditionalTaintStep extends Unit { + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge. + */ + predicate step(DataFlow::Node pred, DataFlow::Node succ) { none() } +} + +/** + * A taint-propagating data flow edge that should be added to all taint tracking + * configurations in addition to standard data flow edges. + * + * This class is a singleton, and thus subclasses do not need to specify a characteristic predicate. + * + * Note: For performance reasons, all subclasses of this class should be part + * of the standard library. Override `Configuration::isAdditionalTaintStep` + * for analysis-specific taint steps. + * + * This class has multiple kinds of `step` predicates; these all have the same + * effect on taint-tracking configurations. However, the categorization of steps + * allows some data-flow configurations to opt in to specific kinds of taint steps. + */ +class SharedTaintStep extends Unit { + // Each step relation in this class should have a cached version in the `Cached` module + // and be included in the `sharedTaintStep` predicate. + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge. + */ + predicate step(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through URI manipulation. + * + * Does not include string operations that aren't specific to URIs, such + * as concatenation and substring operations. + */ + predicate uriStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge contributed by the heuristics library. + * + * Such steps are provided by the `semmle.javascript.heuristics` libraries + * and will default to be being empty if those libraries are not imported. + */ + predicate heuristicStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through persistent storage. + */ + predicate persistentStorageStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through the heap. + */ + predicate heapStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through arrays. + * + * These steps considers an array to be tainted if it contains tainted elements. + */ + predicate arrayStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through the `state` or `props` or a React component. + */ + predicate viewComponentStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through string concatenation. + */ + predicate stringConcatenationStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through string manipulation (other than concatenation). + */ + predicate stringManipulationStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through data serialization, such as `JSON.stringify`. + */ + predicate serializeStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through data deserialization, such as `JSON.parse`. + */ + predicate deserializeStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through a promise. + * + * These steps consider a promise object to tainted if it can resolve to + * a tainted value. + */ + predicate promiseStep(DataFlow::Node pred, DataFlow::Node succ) { none() } +} + +/** + * A taint-propagating data flow edge that should be used with the old data flow library. + * + * This class is a singleton, and thus subclasses do not need to specify a characteristic predicate. + * + * Note: For performance reasons, all subclasses of this class should be part + * of the standard library. Override `Configuration::isAdditionalTaintStep` + * for analysis-specific taint steps. + * + * This class has multiple kinds of `step` predicates; these all have the same + * effect on taint-tracking configurations. However, the categorization of steps + * allows some data-flow configurations to opt in to specific kinds of taint steps. + */ +class LegacyTaintStep extends Unit { + // Each step relation in this class should have a cached version in the `Cached` module + // and be included in the `sharedTaintStep` predicate. + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge. + */ + predicate step(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through URI manipulation. + * + * Does not include string operations that aren't specific to URIs, such + * as concatenation and substring operations. + */ + predicate uriStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge contributed by the heuristics library. + * + * Such steps are provided by the `semmle.javascript.heuristics` libraries + * and will default to be being empty if those libraries are not imported. + */ + predicate heuristicStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through persistent storage. + */ + predicate persistentStorageStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through the heap. + */ + predicate heapStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through arrays. + * + * These steps considers an array to be tainted if it contains tainted elements. + */ + predicate arrayStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through the `state` or `props` or a React component. + */ + predicate viewComponentStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through string concatenation. + */ + predicate stringConcatenationStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through string manipulation (other than concatenation). + */ + predicate stringManipulationStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through data serialization, such as `JSON.stringify`. + */ + predicate serializeStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through data deserialization, such as `JSON.parse`. + */ + predicate deserializeStep(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through a promise. + * + * These steps consider a promise object to tainted if it can resolve to + * a tainted value. + */ + predicate promiseStep(DataFlow::Node pred, DataFlow::Node succ) { none() } +} + +/** + * Module existing only to ensure all taint steps are cached as a single stage, + * and without the the `Unit` type column. + */ +cached +private module Cached { + cached + predicate forceStage() { + // TODO: ensure that this stage is only evaluated if using the old data flow library + Stages::Taint::ref() + } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge, which doesn't fit into a more specific category. + */ + cached + predicate genericStep(DataFlow::Node pred, DataFlow::Node succ) { + any(SharedTaintStep step).step(pred, succ) + or + any(LegacyTaintStep step).step(pred, succ) + } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge, contribued by the heuristics library. + */ + cached + predicate heuristicStep(DataFlow::Node pred, DataFlow::Node succ) { + any(SharedTaintStep step).heuristicStep(pred, succ) + or + any(LegacyTaintStep step).heuristicStep(pred, succ) + } + + /** + * Public taint step relations. + */ + cached + module Public { + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through a URI library function. + */ + cached + predicate uriStep(DataFlow::Node pred, DataFlow::Node succ) { + any(SharedTaintStep step).uriStep(pred, succ) + or + any(LegacyTaintStep step).uriStep(pred, succ) + } + + /** + * Holds if `pred -> succ` is a taint propagating data flow edge through persistent storage. + */ + cached + predicate persistentStorageStep(DataFlow::Node pred, DataFlow::Node succ) { + any(SharedTaintStep step).persistentStorageStep(pred, succ) + or + any(LegacyTaintStep step).persistentStorageStep(pred, succ) + } + + /** + * Holds if `pred -> succ` is a taint propagating data flow edge through the heap. + */ + cached + predicate heapStep(DataFlow::Node pred, DataFlow::Node succ) { + any(SharedTaintStep step).heapStep(pred, succ) + or + any(LegacyTaintStep step).heapStep(pred, succ) + } + + /** + * Holds if `pred -> succ` is a taint propagating data flow edge through an array. + */ + cached + predicate arrayStep(DataFlow::Node pred, DataFlow::Node succ) { + any(SharedTaintStep step).arrayStep(pred, succ) + or + any(LegacyTaintStep step).arrayStep(pred, succ) + } + + /** + * Holds if `pred -> succ` is a taint propagating data flow edge through the + * properties of a view compenent, such as the `state` or `props` of a React component. + */ + cached + predicate viewComponentStep(DataFlow::Node pred, DataFlow::Node succ) { + any(SharedTaintStep step).viewComponentStep(pred, succ) + or + any(LegacyTaintStep step).viewComponentStep(pred, succ) + } + + /** + * Holds if `pred -> succ` is a taint propagating data flow edge through string + * concatenation. + */ + cached + predicate stringConcatenationStep(DataFlow::Node pred, DataFlow::Node succ) { + any(SharedTaintStep step).stringConcatenationStep(pred, succ) + or + any(LegacyTaintStep step).stringConcatenationStep(pred, succ) + } + + /** + * Holds if `pred -> succ` is a taint propagating data flow edge through string manipulation + * (other than concatenation). + */ + cached + predicate stringManipulationStep(DataFlow::Node pred, DataFlow::Node succ) { + any(SharedTaintStep step).stringManipulationStep(pred, succ) + or + any(LegacyTaintStep step).stringManipulationStep(pred, succ) + } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through data serialization, such as `JSON.stringify`. + */ + cached + predicate serializeStep(DataFlow::Node pred, DataFlow::Node succ) { + any(SharedTaintStep step).serializeStep(pred, succ) + or + any(LegacyTaintStep step).serializeStep(pred, succ) + } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through data deserialization, such as `JSON.parse`. + */ + cached + predicate deserializeStep(DataFlow::Node pred, DataFlow::Node succ) { + any(SharedTaintStep step).deserializeStep(pred, succ) + or + any(LegacyTaintStep step).deserializeStep(pred, succ) + } + + /** + * Holds if `pred` → `succ` should be considered a taint-propagating + * data flow edge through a promise. + * + * These steps consider a promise object to tainted if it can resolve to + * a tainted value. + */ + cached + predicate promiseStep(DataFlow::Node pred, DataFlow::Node succ) { + any(SharedTaintStep step).promiseStep(pred, succ) + or + any(LegacyTaintStep step).promiseStep(pred, succ) + } + } +} + +import Cached::Public + +/** + * Holds if `pred -> succ` is an edge used by all taint-tracking configurations in + * the old data flow library. + * + * The new data flow library uses a different set of steps, exposed by `AdditionalTaintStep::step`. + */ +predicate sharedTaintStep(DataFlow::Node pred, DataFlow::Node succ) { + Cached::genericStep(pred, succ) or + Cached::heuristicStep(pred, succ) or + uriStep(pred, succ) or + persistentStorageStep(pred, succ) or + heapStep(pred, succ) or + arrayStep(pred, succ) or + viewComponentStep(pred, succ) or + stringConcatenationStep(pred, succ) or + stringManipulationStep(pred, succ) or + serializeStep(pred, succ) or + deserializeStep(pred, succ) or + promiseStep(pred, succ) +} + +/** + * Contains predicates for accessing the taint steps used by taint-tracking configurations + * in the new data flow library. + */ +module AdditionalTaintStep { + /** + * Holds if `pred` → `succ` is considered a taint-propagating data flow edge when + * using the new data flow library. + */ + cached + predicate step(DataFlow::Node pred, DataFlow::Node succ) { + any(AdditionalTaintStep step).step(pred, succ) or + any(SharedTaintStep step).step(pred, succ) or + any(SharedTaintStep step).heuristicStep(pred, succ) or + any(SharedTaintStep step).uriStep(pred, succ) or + any(SharedTaintStep step).persistentStorageStep(pred, succ) or + any(SharedTaintStep step).heapStep(pred, succ) or + any(SharedTaintStep step).arrayStep(pred, succ) or + any(SharedTaintStep step).viewComponentStep(pred, succ) or + any(SharedTaintStep step).stringConcatenationStep(pred, succ) or + any(SharedTaintStep step).stringManipulationStep(pred, succ) or + any(SharedTaintStep step).serializeStep(pred, succ) or + any(SharedTaintStep step).deserializeStep(pred, succ) or + any(SharedTaintStep step).promiseStep(pred, succ) + } +} diff --git a/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll b/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll index 50183c656b27..981155a5fee3 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/Configuration.qll @@ -73,6 +73,7 @@ private import internal.FlowSteps private import internal.AccessPaths private import semmle.javascript.Unit private import semmle.javascript.internal.CachedStages +private import AdditionalFlowSteps /** * A data flow tracking configuration for finding inter-procedural paths from @@ -159,7 +160,7 @@ abstract class Configuration extends string { * Holds if the intermediate flow node `node` is prohibited. */ predicate isBarrier(DataFlow::Node node) { - exists(BarrierGuardNode guard | + exists(BarrierGuardNodeInternal guard | isBarrierGuardInternal(this, guard) and barrierGuardBlocksNode(guard, node, "") ) @@ -199,7 +200,7 @@ abstract class Configuration extends string { * Holds if flow with label `lbl` cannot flow into `node`. */ predicate isLabeledBarrier(DataFlow::Node node, FlowLabel lbl) { - exists(BarrierGuardNode guard | + exists(BarrierGuardNodeInternal guard | isBarrierGuardInternal(this, guard) and barrierGuardBlocksNode(guard, node, lbl) ) @@ -280,10 +281,12 @@ abstract class Configuration extends string { * `isBarrierGuard` or `AdditionalBarrierGuardNode`. */ pragma[nomagic] -private predicate isBarrierGuardInternal(Configuration cfg, BarrierGuardNode guard) { +private predicate isBarrierGuardInternal(Configuration cfg, BarrierGuardNodeInternal guard) { cfg.isBarrierGuard(guard) or guard.(AdditionalBarrierGuardNode).appliesTo(cfg) + or + guard.(DerivedBarrierGuardNode).appliesTo(cfg) } /** @@ -346,6 +349,8 @@ module FlowLabel { FlowLabel taint() { result = "taint" } } +abstract private class BarrierGuardNodeInternal extends DataFlow::Node { } + /** * A node that can act as a barrier when appearing in a condition. * @@ -357,7 +362,7 @@ module FlowLabel { * classes as precise as possible: if two subclasses of `BarrierGuardNode` overlap, their * implementations of `blocks` will _both_ apply to any configuration that includes either of them. */ -abstract class BarrierGuardNode extends DataFlow::Node { +abstract class BarrierGuardNode extends BarrierGuardNodeInternal { /** * Holds if this node blocks expression `e` provided it evaluates to `outcome`. * @@ -371,6 +376,20 @@ abstract class BarrierGuardNode extends DataFlow::Node { predicate blocks(boolean outcome, Expr e, FlowLabel label) { none() } } +/** + * Barrier guards derived from other barrier guards. + */ +abstract private class DerivedBarrierGuardNode extends BarrierGuardNodeInternal { + abstract predicate appliesTo(Configuration cfg); + + /** + * Holds if this node blocks expression `e` from flow of type `label`, provided it evaluates to `outcome`. + * + * `label` is bound to the empty string if it blocks all flow labels. + */ + abstract predicate blocks(boolean outcome, Expr e, string label); +} + /** * Holds if data flow node `guard` acts as a barrier for data flow. * @@ -378,24 +397,20 @@ abstract class BarrierGuardNode extends DataFlow::Node { */ pragma[nomagic] private predicate barrierGuardBlocksExpr( - BarrierGuardNode guard, boolean outcome, Expr test, string label + BarrierGuardNodeInternal guard, boolean outcome, Expr test, string label ) { - guard.blocks(outcome, test) and label = "" - or - guard.blocks(outcome, test, label) + guard.(BarrierGuardNode).blocks(outcome, test) and label = "" or - // Handle labelled barrier guard functions specially, to avoid negative recursion - // through the non-abstract 3-argument version of blocks(). - guard.(AdditionalBarrierGuardCall).internalBlocksLabel(outcome, test, label) + guard.(BarrierGuardNode).blocks(outcome, test, label) or - guard.(CallAgainstEqualityCheck).internalBlocksLabel(outcome, test, label) + guard.(DerivedBarrierGuardNode).blocks(outcome, test, label) } /** * Holds if `guard` may block the flow of a value reachable through exploratory flow. */ pragma[nomagic] -private predicate barrierGuardIsRelevant(BarrierGuardNode guard) { +private predicate barrierGuardIsRelevant(BarrierGuardNodeInternal guard) { exists(Expr e | barrierGuardBlocksExpr(guard, _, e, _) and isRelevantForward(e.flow(), _) @@ -410,7 +425,7 @@ private predicate barrierGuardIsRelevant(BarrierGuardNode guard) { */ pragma[nomagic] private predicate barrierGuardBlocksAccessPath( - BarrierGuardNode guard, boolean outcome, AccessPath ap, string label + BarrierGuardNodeInternal guard, boolean outcome, AccessPath ap, string label ) { barrierGuardIsRelevant(guard) and barrierGuardBlocksExpr(guard, outcome, ap.getAnInstance(), label) @@ -423,7 +438,7 @@ private predicate barrierGuardBlocksAccessPath( */ pragma[nomagic] private predicate barrierGuardBlocksSsaRefinement( - BarrierGuardNode guard, boolean outcome, SsaRefinementNode ref, string label + BarrierGuardNodeInternal guard, boolean outcome, SsaRefinementNode ref, string label ) { barrierGuardIsRelevant(guard) and guard.getEnclosingExpr() = ref.getGuard().getTest() and @@ -439,7 +454,7 @@ private predicate barrierGuardBlocksSsaRefinement( */ pragma[nomagic] private predicate barrierGuardUsedInCondition( - BarrierGuardNode guard, ConditionGuardNode cond, boolean outcome + BarrierGuardNodeInternal guard, ConditionGuardNode cond, boolean outcome ) { barrierGuardIsRelevant(guard) and outcome = cond.getOutcome() and @@ -457,7 +472,9 @@ private predicate barrierGuardUsedInCondition( * `label` is bound to the blocked label, or the empty string if all labels should be blocked. */ pragma[nomagic] -private predicate barrierGuardBlocksNode(BarrierGuardNode guard, DataFlow::Node nd, string label) { +private predicate barrierGuardBlocksNode( + BarrierGuardNodeInternal guard, DataFlow::Node nd, string label +) { // 1) `nd` is a use of a refinement node that blocks its input variable exists(SsaRefinementNode ref, boolean outcome | nd = DataFlow::ssaDefinitionNode(ref) and @@ -481,7 +498,7 @@ private predicate barrierGuardBlocksNode(BarrierGuardNode guard, DataFlow::Node */ pragma[nomagic] private predicate barrierGuardBlocksEdge( - BarrierGuardNode guard, DataFlow::Node pred, DataFlow::Node succ, string label + BarrierGuardNodeInternal guard, DataFlow::Node pred, DataFlow::Node succ, string label ) { exists( SsaVariable input, SsaPhiNode phi, BasicBlock bb, ConditionGuardNode cond, boolean outcome @@ -501,7 +518,7 @@ private predicate barrierGuardBlocksEdge( * This predicate exists to get a better join-order for the `barrierGuardBlocksEdge` predicate above. */ pragma[noinline] -private BasicBlock getADominatedBasicBlock(BarrierGuardNode guard, ConditionGuardNode cond) { +private BasicBlock getADominatedBasicBlock(BarrierGuardNodeInternal guard, ConditionGuardNode cond) { barrierGuardIsRelevant(guard) and guard.getEnclosingExpr() = cond.getTest() and cond.dominates(result) @@ -516,7 +533,7 @@ private BasicBlock getADominatedBasicBlock(BarrierGuardNode guard, ConditionGuar private predicate isBarrierEdgeRaw(Configuration cfg, DataFlow::Node pred, DataFlow::Node succ) { cfg.isBarrierEdge(pred, succ) or - exists(DataFlow::BarrierGuardNode guard | + exists(BarrierGuardNodeInternal guard | cfg.isBarrierGuard(guard) and barrierGuardBlocksEdge(guard, pred, succ, "") ) @@ -546,7 +563,7 @@ private predicate isLabeledBarrierEdgeRaw( ) { cfg.isBarrierEdge(pred, succ, label) or - exists(DataFlow::BarrierGuardNode guard | + exists(BarrierGuardNodeInternal guard | cfg.isBarrierGuard(guard) and barrierGuardBlocksEdge(guard, pred, succ, label) ) @@ -574,128 +591,6 @@ abstract class LabeledBarrierGuardNode extends BarrierGuardNode { override predicate blocks(boolean outcome, Expr e) { none() } } -/** - * A data flow edge that should be added to all data flow configurations in - * addition to standard data flow edges. - * - * This class is a singleton, and thus subclasses do not need to specify a characteristic predicate. - * - * Note: For performance reasons, all subclasses of this class should be part - * of the standard library. Override `Configuration::isAdditionalFlowStep` - * for analysis-specific flow steps. - */ -class SharedFlowStep extends Unit { - /** - * Holds if `pred` → `succ` should be considered a data flow edge. - */ - predicate step(DataFlow::Node pred, DataFlow::Node succ) { none() } - - /** - * Holds if `pred` → `succ` should be considered a data flow edge - * transforming values with label `predlbl` to have label `succlbl`. - */ - predicate step( - DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel predlbl, - DataFlow::FlowLabel succlbl - ) { - none() - } - - /** - * Holds if `pred` should be stored in the object `succ` under the property `prop`. - * The object `succ` must be a `DataFlow::SourceNode` for the object wherein the value is stored. - */ - predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { none() } - - /** - * Holds if the property `prop` of the object `pred` should be loaded into `succ`. - */ - predicate loadStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { none() } - - /** - * Holds if the property `prop` should be copied from the object `pred` to the object `succ`. - */ - predicate loadStoreStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { none() } - - /** - * Holds if the property `loadProp` should be copied from the object `pred` to the property `storeProp` of object `succ`. - */ - predicate loadStoreStep( - DataFlow::Node pred, DataFlow::Node succ, string loadProp, string storeProp - ) { - none() - } -} - -/** - * Contains predicates for accessing the steps contributed by `SharedFlowStep` subclasses. - */ -cached -module SharedFlowStep { - cached - private module Internal { - // Forces this to be part of the `FlowSteps` stage. - // We use a public predicate in a private module to avoid warnings about this being unused. - cached - predicate forceStage() { Stages::FlowSteps::ref() } - } - - /** - * Holds if `pred` → `succ` should be considered a data flow edge. - */ - cached - predicate step(DataFlow::Node pred, DataFlow::Node succ) { - any(SharedFlowStep s).step(pred, succ) - } - - /** - * Holds if `pred` → `succ` should be considered a data flow edge - * transforming values with label `predlbl` to have label `succlbl`. - */ - cached - predicate step( - DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel predlbl, - DataFlow::FlowLabel succlbl - ) { - any(SharedFlowStep s).step(pred, succ, predlbl, succlbl) - } - - /** - * Holds if `pred` should be stored in the object `succ` under the property `prop`. - * The object `succ` must be a `DataFlow::SourceNode` for the object wherein the value is stored. - */ - cached - predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { - any(SharedFlowStep s).storeStep(pred, succ, prop) - } - - /** - * Holds if the property `prop` of the object `pred` should be loaded into `succ`. - */ - cached - predicate loadStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { - any(SharedFlowStep s).loadStep(pred, succ, prop) - } - - /** - * Holds if the property `prop` should be copied from the object `pred` to the object `succ`. - */ - cached - predicate loadStoreStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { - any(SharedFlowStep s).loadStoreStep(pred, succ, prop) - } - - /** - * Holds if the property `loadProp` should be copied from the object `pred` to the property `storeProp` of object `succ`. - */ - cached - predicate loadStoreStep( - DataFlow::Node pred, DataFlow::Node succ, string loadProp, string storeProp - ) { - any(SharedFlowStep s).loadStoreStep(pred, succ, loadProp, storeProp) - } -} - /** * A collection of pseudo-properties that are used in multiple files. * @@ -769,6 +664,12 @@ module PseudoProperties { bindingset[key] string mapValueKey(string key) { result = pseudoProperty("mapValue", key) } + /** + * Holds if `prop` equals `mapValueKey(key)` for some value of `key`. + */ + bindingset[prop] + predicate isMapValueKey(string prop) { prop.matches("$mapValue|%$") } + /** * Gets a pseudo-property for the location of a map value where the key is `key`. */ @@ -1295,7 +1196,7 @@ private string getARelevantProp(DataFlow::Configuration cfg) { private predicate isAdditionalLoadStep( DataFlow::Node pred, DataFlow::Node succ, string prop, DataFlow::Configuration cfg ) { - SharedFlowStep::loadStep(pred, succ, prop) + LegacyFlowStep::loadStep(pred, succ, prop) or cfg.isAdditionalLoadStep(pred, succ, prop) } @@ -1306,7 +1207,7 @@ private predicate isAdditionalLoadStep( private predicate isAdditionalStoreStep( DataFlow::Node pred, DataFlow::Node succ, string prop, DataFlow::Configuration cfg ) { - SharedFlowStep::storeStep(pred, succ, prop) + LegacyFlowStep::storeStep(pred, succ, prop) or cfg.isAdditionalStoreStep(pred, succ, prop) } @@ -1318,13 +1219,13 @@ private predicate isAdditionalLoadStoreStep( DataFlow::Node pred, DataFlow::Node succ, string loadProp, string storeProp, DataFlow::Configuration cfg ) { - SharedFlowStep::loadStoreStep(pred, succ, loadProp, storeProp) + LegacyFlowStep::loadStoreStep(pred, succ, loadProp, storeProp) or cfg.isAdditionalLoadStoreStep(pred, succ, loadProp, storeProp) or loadProp = storeProp and ( - SharedFlowStep::loadStoreStep(pred, succ, loadProp) + LegacyFlowStep::loadStoreStep(pred, succ, loadProp) or cfg.isAdditionalLoadStoreStep(pred, succ, loadProp) ) @@ -1858,7 +1759,13 @@ class MidPathNode extends PathNode, MkMidNode { * Holds if this node is hidden from paths in path explanation queries, except * in cases where it is the source or sink. */ - predicate isHidden() { + predicate isHidden() { PathNode::shouldNodeBeHidden(nd) } +} + +/** Companion module to the `PathNode` class. */ +module PathNode { + /** Holds if `nd` should be hidden in data flow paths. */ + predicate shouldNodeBeHidden(DataFlow::Node nd) { // Skip phi, refinement, and capture nodes nd.(DataFlow::SsaDefinitionNode).getSsaVariable().getDefinition() instanceof SsaImplicitDefinition @@ -1881,6 +1788,8 @@ class MidPathNode extends PathNode, MkMidNode { or // Skip captured variable nodes as the successor will be a use of that variable anyway. nd = DataFlow::capturedVariableNode(_) + or + nd instanceof DataFlow::FunctionSelfReferenceNode } } @@ -1955,7 +1864,7 @@ module PathGraph { /** * Gets a logical `and` expression, or parenthesized expression, that contains `guard`. */ -private Expr getALogicalAndParent(BarrierGuardNode guard) { +private Expr getALogicalAndParent(BarrierGuardNodeInternal guard) { barrierGuardIsRelevant(guard) and result = guard.asExpr() or result.(LogAndExpr).getAnOperand() = getALogicalAndParent(guard) @@ -1966,7 +1875,7 @@ private Expr getALogicalAndParent(BarrierGuardNode guard) { /** * Gets a logical `or` expression, or parenthesized expression, that contains `guard`. */ -private Expr getALogicalOrParent(BarrierGuardNode guard) { +private Expr getALogicalOrParent(BarrierGuardNodeInternal guard) { barrierGuardIsRelevant(guard) and result = guard.asExpr() or result.(LogOrExpr).getAnOperand() = getALogicalOrParent(guard) @@ -1991,7 +1900,7 @@ abstract class AdditionalBarrierGuardNode extends BarrierGuardNode { */ private class BarrierGuardFunction extends Function { DataFlow::ParameterNode sanitizedParameter; - BarrierGuardNode guard; + BarrierGuardNodeInternal guard; boolean guardOutcome; string label; int paramIndex; @@ -2035,23 +1944,18 @@ private class BarrierGuardFunction extends Function { ) } - /** - * Holds if this function applies to the flow in `cfg`. - */ predicate appliesTo(Configuration cfg) { isBarrierGuardInternal(cfg, guard) } } /** * A call that sanitizes an argument. */ -private class AdditionalBarrierGuardCall extends AdditionalBarrierGuardNode, DataFlow::CallNode { +private class AdditionalBarrierGuardCall extends DerivedBarrierGuardNode, DataFlow::CallNode { BarrierGuardFunction f; AdditionalBarrierGuardCall() { f.isBarrierCall(this, _, _, _) } - override predicate blocks(boolean outcome, Expr e) { f.isBarrierCall(this, e, outcome, "") } - - predicate internalBlocksLabel(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocks(boolean outcome, Expr e, string label) { f.isBarrierCall(this, e, outcome, label) } @@ -2067,8 +1971,8 @@ private class AdditionalBarrierGuardCall extends AdditionalBarrierGuardNode, Dat * } * ``` */ -private class CallAgainstEqualityCheck extends AdditionalBarrierGuardNode { - DataFlow::BarrierGuardNode prev; +private class CallAgainstEqualityCheck extends DerivedBarrierGuardNode { + BarrierGuardNodeInternal prev; boolean polarity; CallAgainstEqualityCheck() { @@ -2080,11 +1984,7 @@ private class CallAgainstEqualityCheck extends AdditionalBarrierGuardNode { ) } - override predicate blocks(boolean outcome, Expr e) { - none() // handled by internalBlocksLabel - } - - predicate internalBlocksLabel(boolean outcome, Expr e, DataFlow::FlowLabel lbl) { + override predicate blocks(boolean outcome, Expr e, string lbl) { exists(boolean prevOutcome | barrierGuardBlocksExpr(prev, prevOutcome, e, lbl) and outcome = prevOutcome.booleanXor(polarity) @@ -2099,6 +1999,7 @@ private class CallAgainstEqualityCheck extends AdditionalBarrierGuardNode { * Can be added to a `isBarrier` in a data-flow configuration to block flow through such checks. */ class VarAccessBarrier extends DataFlow::Node { + // TODO: This does not work in dataflow2 when the variable is captured, since the capture-flow library bypasses the refinement node. VarAccessBarrier() { exists(ConditionGuardNode guard, SsaRefinementNode refinement | this = DataFlow::ssaDefinitionNode(refinement) and diff --git a/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll b/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll index 79fede61b8f7..a80b2e79ff9c 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/DataFlow.qll @@ -25,6 +25,7 @@ private import internal.DataFlowNode private import internal.AnalyzedParameters private import internal.PreCallGraphStep private import semmle.javascript.internal.CachedStages +private import semmle.javascript.dataflow.internal.DataFlowPrivate as Private module DataFlow { /** @@ -182,29 +183,8 @@ module DataFlow { */ cached DataFlow::Node getImmediatePredecessor() { - lvalueFlowStep(result, this) and - not lvalueDefaultFlowStep(_, this) - or immediateFlowStep(result, this) or - // Refinement of variable -> original definition of variable - exists(SsaRefinementNode refinement | - this = TSsaDefNode(refinement) and - result = TSsaDefNode(refinement.getAnInput()) - ) - or - exists(SsaPhiNode phi | - this = TSsaDefNode(phi) and - result = TSsaDefNode(phi.getRephinedVariable()) - ) - or - // IIFE call -> return value of IIFE - exists(Function fun | - localCall(this.asExpr(), fun) and - result = unique(Expr ret | ret = fun.getAReturnedExpr()).flow() and - not fun.getExit().isJoin() // can only reach exit by the return statement - ) - or FlowSteps::identityFunctionStep(result, this) } @@ -271,6 +251,11 @@ module DataFlow { or this.getFallbackTypeAnnotation().getAnUnderlyingType().hasQualifiedName(moduleName, typeName) } + + /** + * Gets the post-update node corresponding to this node, if any. + */ + final PostUpdateNode getPostUpdateNode() { result.getPreUpdateNode() = this } } /** @@ -754,16 +739,11 @@ module DataFlow { override string getPropertyName() { result = prop.getName() } - override Node getRhs() { - exists(Parameter param, Node paramNode | - param = prop.getParameter() and - parameterNode(paramNode, param) - | - result = paramNode - ) - } + override Node getRhs() { result = TValueNode(prop.getParameter()) } override ControlFlowNode getWriteNode() { result = prop.getParameter() } + + override StmtContainer getContainer() { parameter_fields(prop, result, _) } } /** @@ -971,6 +951,12 @@ module DataFlow { override BasicBlock getBasicBlock() { result = function.getExit().getBasicBlock() } + override StmtContainer getContainer() { + // Override this to ensure a container exists even for unreachable returns, + // since an unreachable exit CFG node will not have a basic block + result = function + } + /** * Gets the function corresponding to this exceptional return node. */ @@ -993,6 +979,12 @@ module DataFlow { override BasicBlock getBasicBlock() { result = function.getExit().getBasicBlock() } + override StmtContainer getContainer() { + // Override this to ensure a container exists even for unreachable returns, + // since an unreachable exit CFG node will not have a basic block + result = function + } + /** * Gets the function corresponding to this return node. */ @@ -1052,6 +1044,36 @@ module DataFlow { override string toString() { result = "global access path" } } + /** + * A node representing the value passed as `this` argument in a `new` call or a `super` call. + */ + class ConstructorThisArgumentNode extends TConstructorThisArgumentNode, DataFlow::Node { + private InvokeExpr expr; + + ConstructorThisArgumentNode() { this = TConstructorThisArgumentNode(expr) } + + override string toString() { result = "implicit 'this' argument of " + expr } + + override StmtContainer getContainer() { result = expr.getContainer() } + + override Location getLocation() { result = expr.getLocation() } + } + + /** + * A node representing the post-update node corresponding to implicit uses of `this` in a constructor. + */ + private class ConstructorThisPostUpdateNode extends TConstructorThisPostUpdate, DataFlow::Node { + private Function constructor; + + ConstructorThisPostUpdateNode() { this = TConstructorThisPostUpdate(constructor) } + + override string toString() { result = "[post-update] 'this' parameter of " + constructor } + + override StmtContainer getContainer() { result = constructor } + + override Location getLocation() { result = constructor.getLocation() } + } + /** * INTERNAL. DO NOT USE. * @@ -1076,6 +1098,14 @@ module DataFlow { * instead. */ module Impl { + /** + * INTERNAL. DO NOT USE. + * + * An alias for `Node.getImmediatePredecessor` that can be used at an earlier stage + * that does not depend on `DataFlow::Node`. + */ + predicate earlyStageImmediateFlowStep = immediateFlowStep/2; + /** * A data flow node representing a function invocation, either explicitly or reflectively, * and either with or without `new`. @@ -1342,6 +1372,61 @@ module DataFlow { override Location getLocation() { result = this.getTag().getLocation() } override string toString() { result = this.getTag().toString() } + + override StmtContainer getContainer() { result = this.getTag().getInnerTopLevel() } + } + + /** + * A node representing the hidden parameter of a function by which a function can refer to itself. + */ + class FunctionSelfReferenceNode extends DataFlow::Node, TFunctionSelfReferenceNode { + private Function function; + + FunctionSelfReferenceNode() { this = TFunctionSelfReferenceNode(function) } + + /** Gets the function. */ + Function getFunction() { result = function } + + override StmtContainer getContainer() { result = function } + + override BasicBlock getBasicBlock() { result = function.getEntryBB() } + + override string toString() { result = "[function self-reference] " + function.toString() } + + override Location getLocation() { result = function.getLocation() } + } + + /** + * A post-update node whose pre-node corresponds to an expression. See `DataFlow::PostUpdateNode` for more details. + */ + class ExprPostUpdateNode extends DataFlow::Node, TExprPostUpdateNode, Private::PostUpdateNode { + private AST::ValueNode expr; + + ExprPostUpdateNode() { this = TExprPostUpdateNode(expr) } + + /** Gets the expression for which this is the post-update node. */ + AST::ValueNode getExpr() { result = expr } + + override StmtContainer getContainer() { result = expr.getContainer() } + + override Location getLocation() { result = expr.getLocation() } + + override string toString() { result = "[post update] " + expr.toString() } + } + + /** + * A post-update node. + * + * This is a data-flow node that represents the new state of an object after its contents have been mutated. + * Most notably such nodes exist for arguments to a call and for the base of a property reference. + */ + class PostUpdateNode extends DataFlow::Node { + PostUpdateNode() { Private::postUpdatePair(_, this) } + + /** + * Gets the corresponding pre-update node, which is usually the argument to a call or the base of a property reference. + */ + final DataFlow::Node getPreUpdateNode() { Private::postUpdatePair(result, this) } } /** @@ -1374,12 +1459,12 @@ module DataFlow { /** * INTERNAL: Use `parameterNode(Parameter)` instead. */ - predicate parameterNode(DataFlow::Node nd, Parameter p) { nd = valueNode(p) } + predicate parameterNode(EarlyStageNode nd, Parameter p) { nd = TValueNode(p) } /** * INTERNAL: Use `thisNode(StmtContainer container)` instead. */ - predicate thisNode(DataFlow::Node node, StmtContainer container) { node = TThisNode(container) } + predicate thisNode(EarlyStageNode node, StmtContainer container) { node = TThisNode(container) } /** * Gets the node representing the receiver of the given function, or `this` in the given top-level. @@ -1441,7 +1526,15 @@ module DataFlow { * _before_ the l-value is assigned to, whereas `DataFlow::lvalueNode()` * represents the value _after_ the assignment. */ - Node lvalueNode(BindingPattern lvalue) { + Node lvalueNode(BindingPattern lvalue) { result = lvalueNodeInternal(lvalue) } + + /** + * INTERNAL: Do not use outside standard library. + * + * Same as `lvalueNode()` except the return type is `EarlyStageNode`, which allows it to be used + * before all data flow nodes have been materialised. + */ + EarlyStageNode lvalueNodeInternal(BindingPattern lvalue) { exists(SsaExplicitDefinition ssa | ssa.defines(lvalue.(LValue).getDefNode(), lvalue.(VarRef).getVariable()) and result = TSsaDefNode(ssa) @@ -1489,31 +1582,31 @@ module DataFlow { * Holds if there is a step from `pred -> succ` due to an assignment * to an expression in l-value position. */ - private predicate lvalueFlowStep(Node pred, Node succ) { + private predicate lvalueFlowStep(EarlyStageNode pred, EarlyStageNode succ) { exists(VarDef def | - pred = valueNode(defSourceNode(def)) and - succ = lvalueNode(def.getTarget()) + pred = TValueNode(defSourceNode(def)) and + succ = lvalueNodeInternal(def.getTarget()) ) or exists(SimpleParameter param | - pred = valueNode(param) and // The value node represents the incoming argument - succ = lvalueNode(param) // The SSA node represents the parameters's local variable + pred = TValueNode(param) and // The value node represents the incoming argument + succ = lvalueNodeInternal(param) // The SSA node represents the parameters's local variable ) or exists(Expr arg, Parameter param | localArgumentPassing(arg, param) and - pred = valueNode(arg) and - succ = valueNode(param) + pred = TValueNode(arg) and + succ = TValueNode(param) ) or exists(PropertyPattern pattern | pred = TPropNode(pattern) and - succ = lvalueNode(pattern.getValuePattern()) + succ = lvalueNodeInternal(pattern.getValuePattern()) ) or exists(Expr element | pred = TElementPatternNode(_, element) and - succ = lvalueNode(element) + succ = lvalueNodeInternal(element) ) } @@ -1521,37 +1614,37 @@ module DataFlow { * Holds if there is a step from `pred -> succ` from the default * value of a destructuring pattern or parameter. */ - private predicate lvalueDefaultFlowStep(Node pred, Node succ) { + private predicate lvalueDefaultFlowStep(EarlyStageNode pred, EarlyStageNode succ) { exists(PropertyPattern pattern | pred = TValueNode(pattern.getDefault()) and - succ = lvalueNode(pattern.getValuePattern()) + succ = lvalueNodeInternal(pattern.getValuePattern()) ) or exists(ArrayPattern array, int i | pred = TValueNode(array.getDefault(i)) and - succ = lvalueNode(array.getElement(i)) + succ = lvalueNodeInternal(array.getElement(i)) ) or exists(Parameter param | pred = TValueNode(param.getDefault()) and - parameterNode(succ, param) + succ = TValueNode(param) ) } /** - * Flow steps shared between `getImmediatePredecessor` and `localFlowStep`. + * Flow steps shared between `immediateFlowStep` and `localFlowStep`. * * Inlining is forced because the two relations are indexed differently. */ pragma[inline] - private predicate immediateFlowStep(Node pred, Node succ) { + private predicate immediateFlowStepShared(EarlyStageNode pred, EarlyStageNode succ) { exists(SsaVariable v | pred = TSsaDefNode(v.getDefinition()) and - succ = valueNode(v.getAUse()) + succ = TValueNode(v.getAUse()) ) or exists(Expr predExpr, Expr succExpr | - pred = valueNode(predExpr) and succ = valueNode(succExpr) + pred = TValueNode(predExpr) and succ = TValueNode(succExpr) | predExpr = succExpr.(ParExpr).getExpression() or @@ -1581,25 +1674,55 @@ module DataFlow { // flow from 'this' parameter into 'this' expressions exists(ThisExpr thiz | pred = TThisNode(thiz.getBindingContainer()) and - succ = valueNode(thiz) + succ = TValueNode(thiz) ) or // `f.call(...)` and `f.apply(...)` evaluate to the result of the reflective call they perform - pred = TReflectiveCallNode(succ.asExpr(), _) + exists(MethodCallExpr call | + pred = TReflectiveCallNode(call, _) and + succ = TValueNode(call) + ) + } + + pragma[nomagic] + private predicate immediateFlowStep(EarlyStageNode pred, EarlyStageNode succ) { + lvalueFlowStep(pred, succ) and + not lvalueDefaultFlowStep(_, succ) + or + immediateFlowStepShared(pred, succ) + or + // Refinement of variable -> original definition of variable + exists(SsaRefinementNode refinement | + succ = TSsaDefNode(refinement) and + pred = TSsaDefNode(refinement.getAnInput()) + ) + or + exists(SsaPhiNode phi | + succ = TSsaDefNode(phi) and + pred = TSsaDefNode(phi.getRephinedVariable()) + ) + or + // IIFE call -> return value of IIFE + exists(Function fun, Expr expr | + succ = TValueNode(expr) and + localCall(expr, fun) and + pred = TValueNode(unique(Expr ret | ret = fun.getAReturnedExpr())) and + not fun.getExit().isJoin() // can only reach exit by the return statement + ) } /** * Holds if data can flow from `pred` to `succ` in one local step. */ cached - predicate localFlowStep(Node pred, Node succ) { - Stages::DataFlowStage::ref() and + predicate localFlowStep(EarlyStageNode pred, EarlyStageNode succ) { + Stages::EarlyDataFlowStage::ref() and // flow from RHS into LHS lvalueFlowStep(pred, succ) or lvalueDefaultFlowStep(pred, succ) or - immediateFlowStep(pred, succ) + immediateFlowStepShared(pred, succ) or // From an assignment or implicit initialization of a captured variable to its flow-insensitive node. exists(SsaDefinition predDef | @@ -1623,7 +1746,7 @@ module DataFlow { ) or exists(Expr predExpr, Expr succExpr | - pred = valueNode(predExpr) and succ = valueNode(succExpr) + pred = TValueNode(predExpr) and succ = TValueNode(succExpr) | predExpr = succExpr.(LogicalOrExpr).getAnOperand() or @@ -1641,13 +1764,19 @@ module DataFlow { or // from returned expr to the FunctionReturnNode. exists(Function f | not f.isAsyncOrGenerator() | - DataFlow::functionReturnNode(succ, f) and pred = valueNode(f.getAReturnedExpr()) + succ = TFunctionReturnNode(f) and pred = TValueNode(f.getAReturnedExpr()) ) or // from a reflective params node to a reference to the arguments object. - exists(DataFlow::ReflectiveParametersNode params, Function f | f = params.getFunction() | - succ = f.getArgumentsVariable().getAnAccess().flow() and - pred = params + exists(Function f | + pred = TReflectiveParametersNode(f) and + succ = TValueNode(f.getArgumentsVariable().getAnAccess()) + ) + or + // Pass 'this' into super calls + exists(SuperCall call | + pred = TThisNode(call.getBinder()) and + succ = TConstructorThisArgumentNode(call) ) } @@ -1801,5 +1930,8 @@ module DataFlow { import TypeInference import Configuration import TypeTracking + import AdditionalFlowSteps import internal.FunctionWrapperSteps + import internal.sharedlib.DataFlow + import internal.BarrierGuards } diff --git a/javascript/ql/lib/semmle/javascript/dataflow/FlowSummary.qll b/javascript/ql/lib/semmle/javascript/dataflow/FlowSummary.qll new file mode 100644 index 000000000000..9f619a3058e6 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/FlowSummary.qll @@ -0,0 +1,39 @@ +/** Provides classes and predicates for defining flow summaries. */ + +private import javascript +private import semmle.javascript.dataflow.internal.sharedlib.FlowSummaryImpl as Impl +private import semmle.javascript.dataflow.internal.FlowSummaryPrivate +private import semmle.javascript.dataflow.internal.sharedlib.DataFlowImplCommon as DataFlowImplCommon +private import semmle.javascript.dataflow.internal.DataFlowPrivate + +/** A callable with a flow summary, identified by a unique string. */ +abstract class SummarizedCallable extends LibraryCallable, Impl::Public::SummarizedCallable { + bindingset[this] + SummarizedCallable() { any() } + + // TODO: rename 'propagatesFlowExt' and/or override 'propagatesFlow' directly + /** + * Holds if data may flow from `input` to `output` through this callable. + * + * `preservesValue` indicates whether this is a value-preserving step or a taint-step. + */ + pragma[nomagic] + predicate propagatesFlowExt(string input, string output, boolean preservesValue) { none() } + + override predicate propagatesFlow( + string input, string output, boolean preservesValue, string model + ) { + this.propagatesFlowExt(input, output, preservesValue) and model = this + } + + /** + * Gets the synthesized parameter that results from an input specification + * that starts with `Argument[s]` for this library callable. + */ + DataFlow::ParameterNode getParameter(string s) { + exists(ParameterPosition pos | + DataFlowImplCommon::parameterNode(result, MkLibraryCallable(this), pos) and + s = encodeParameterPosition(pos) + ) + } +} diff --git a/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll b/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll index 11ce802ac720..2574660fbebb 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/TaintTracking.qll @@ -18,11 +18,14 @@ private import semmle.javascript.dataflow.internal.FlowSteps as FlowSteps private import semmle.javascript.Unit private import semmle.javascript.dataflow.InferredTypes private import semmle.javascript.internal.CachedStages +private import semmle.javascript.dataflow.internal.TaintTrackingPrivate as TaintTrackingPrivate /** * Provides classes for modeling taint propagation. */ module TaintTracking { + import AdditionalTaintSteps + /** * A data flow tracking configuration that considers taint propagation through * objects, arrays, promises and strings in addition to standard data flow. @@ -228,251 +231,6 @@ module TaintTracking { override predicate sanitizes(boolean outcome, Expr e) { none() } } - /** - * A taint-propagating data flow edge that should be added to all taint tracking - * configurations in addition to standard data flow edges. - * - * This class is a singleton, and thus subclasses do not need to specify a characteristic predicate. - * - * Note: For performance reasons, all subclasses of this class should be part - * of the standard library. Override `Configuration::isAdditionalTaintStep` - * for analysis-specific taint steps. - * - * This class has multiple kinds of `step` predicates; these all have the same - * effect on taint-tracking configurations. However, the categorization of steps - * allows some data-flow configurations to opt in to specific kinds of taint steps. - */ - class SharedTaintStep extends Unit { - // Each step relation in this class should have a cached version in the `Cached` module - // and be included in the `sharedTaintStep` predicate. - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge. - */ - predicate step(DataFlow::Node pred, DataFlow::Node succ) { none() } - - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge through URI manipulation. - * - * Does not include string operations that aren't specific to URIs, such - * as concatenation and substring operations. - */ - predicate uriStep(DataFlow::Node pred, DataFlow::Node succ) { none() } - - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge contributed by the heuristics library. - * - * Such steps are provided by the `semmle.javascript.heuristics` libraries - * and will default to be being empty if those libraries are not imported. - */ - predicate heuristicStep(DataFlow::Node pred, DataFlow::Node succ) { none() } - - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge through persistent storage. - */ - predicate persistentStorageStep(DataFlow::Node pred, DataFlow::Node succ) { none() } - - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge through the heap. - */ - predicate heapStep(DataFlow::Node pred, DataFlow::Node succ) { none() } - - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge through arrays. - * - * These steps considers an array to be tainted if it contains tainted elements. - */ - predicate arrayStep(DataFlow::Node pred, DataFlow::Node succ) { none() } - - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge through the `state` or `props` or a React component. - */ - predicate viewComponentStep(DataFlow::Node pred, DataFlow::Node succ) { none() } - - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge through string concatenation. - */ - predicate stringConcatenationStep(DataFlow::Node pred, DataFlow::Node succ) { none() } - - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge through string manipulation (other than concatenation). - */ - predicate stringManipulationStep(DataFlow::Node pred, DataFlow::Node succ) { none() } - - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge through data serialization, such as `JSON.stringify`. - */ - predicate serializeStep(DataFlow::Node pred, DataFlow::Node succ) { none() } - - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge through data deserialization, such as `JSON.parse`. - */ - predicate deserializeStep(DataFlow::Node pred, DataFlow::Node succ) { none() } - - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge through a promise. - * - * These steps consider a promise object to tainted if it can resolve to - * a tainted value. - */ - predicate promiseStep(DataFlow::Node pred, DataFlow::Node succ) { none() } - } - - /** - * Module existing only to ensure all taint steps are cached as a single stage, - * and without the the `Unit` type column. - */ - cached - private module Cached { - cached - predicate forceStage() { Stages::Taint::ref() } - - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge, which doesn't fit into a more specific category. - */ - cached - predicate genericStep(DataFlow::Node pred, DataFlow::Node succ) { - any(SharedTaintStep step).step(pred, succ) - } - - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge, contribued by the heuristics library. - */ - cached - predicate heuristicStep(DataFlow::Node pred, DataFlow::Node succ) { - any(SharedTaintStep step).heuristicStep(pred, succ) - } - - /** - * Public taint step relations. - */ - cached - module Public { - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge through a URI library function. - */ - cached - predicate uriStep(DataFlow::Node pred, DataFlow::Node succ) { - any(SharedTaintStep step).uriStep(pred, succ) - } - - /** - * Holds if `pred -> succ` is a taint propagating data flow edge through persistent storage. - */ - cached - predicate persistentStorageStep(DataFlow::Node pred, DataFlow::Node succ) { - any(SharedTaintStep step).persistentStorageStep(pred, succ) - } - - /** - * Holds if `pred -> succ` is a taint propagating data flow edge through the heap. - */ - cached - predicate heapStep(DataFlow::Node pred, DataFlow::Node succ) { - any(SharedTaintStep step).heapStep(pred, succ) - } - - /** - * Holds if `pred -> succ` is a taint propagating data flow edge through an array. - */ - cached - predicate arrayStep(DataFlow::Node pred, DataFlow::Node succ) { - any(SharedTaintStep step).arrayStep(pred, succ) - } - - /** - * Holds if `pred -> succ` is a taint propagating data flow edge through the - * properties of a view compenent, such as the `state` or `props` of a React component. - */ - cached - predicate viewComponentStep(DataFlow::Node pred, DataFlow::Node succ) { - any(SharedTaintStep step).viewComponentStep(pred, succ) - } - - /** - * Holds if `pred -> succ` is a taint propagating data flow edge through string - * concatenation. - */ - cached - predicate stringConcatenationStep(DataFlow::Node pred, DataFlow::Node succ) { - any(SharedTaintStep step).stringConcatenationStep(pred, succ) - } - - /** - * Holds if `pred -> succ` is a taint propagating data flow edge through string manipulation - * (other than concatenation). - */ - cached - predicate stringManipulationStep(DataFlow::Node pred, DataFlow::Node succ) { - any(SharedTaintStep step).stringManipulationStep(pred, succ) - } - - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge through data serialization, such as `JSON.stringify`. - */ - cached - predicate serializeStep(DataFlow::Node pred, DataFlow::Node succ) { - any(SharedTaintStep step).serializeStep(pred, succ) - } - - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge through data deserialization, such as `JSON.parse`. - */ - cached - predicate deserializeStep(DataFlow::Node pred, DataFlow::Node succ) { - any(SharedTaintStep step).deserializeStep(pred, succ) - } - - /** - * Holds if `pred` → `succ` should be considered a taint-propagating - * data flow edge through a promise. - * - * These steps consider a promise object to tainted if it can resolve to - * a tainted value. - */ - cached - predicate promiseStep(DataFlow::Node pred, DataFlow::Node succ) { - any(SharedTaintStep step).promiseStep(pred, succ) - } - } - } - - import Cached::Public - - /** - * Holds if `pred -> succ` is an edge used by all taint-tracking configurations. - */ - predicate sharedTaintStep(DataFlow::Node pred, DataFlow::Node succ) { - Cached::genericStep(pred, succ) or - Cached::heuristicStep(pred, succ) or - uriStep(pred, succ) or - persistentStorageStep(pred, succ) or - heapStep(pred, succ) or - arrayStep(pred, succ) or - viewComponentStep(pred, succ) or - stringConcatenationStep(pred, succ) or - stringManipulationStep(pred, succ) or - serializeStep(pred, succ) or - deserializeStep(pred, succ) or - promiseStep(pred, succ) - } - /** Gets a data flow node referring to the client side URL. */ private DataFlow::SourceNode clientSideUrlRef(DataFlow::TypeTracker t) { t.start() and @@ -652,26 +410,29 @@ module TaintTracking { ]).getACall() and pred = c.getArgument(0) ) - or - // In and out of .replace callbacks - exists(StringReplaceCall call | - // Into the callback if the regexp does not sanitize matches - hasWildcardReplaceRegExp(call) and - pred = call.getReceiver() and - succ = call.getReplacementCallback().getParameter(0) - or - // Out of the callback - pred = call.getReplacementCallback().getReturnNode() and - succ = call - ) ) } } - /** Holds if the given call takes a regexp containing a wildcard. */ - pragma[noinline] - private predicate hasWildcardReplaceRegExp(StringReplaceCall call) { - RegExp::isWildcardLike(call.getRegExp().getRoot().getAChild*()) + /** + * A taint propagating edge for the string `replace` function. + * + * This is a legacy step as it crosses a function boundary, and would thus be converted to a jump step. + */ + private class ReplaceCallbackSteps extends LegacyTaintStep { + override predicate step(DataFlow::Node pred, DataFlow::Node succ) { + // In and out of .replace callbacks + exists(StringReplaceCall call | + // Into the callback if the regexp does not sanitize matches + call.hasRegExpContainingWildcard() and + pred = call.getReceiver() and + succ = call.getReplacementCallback().getParameter(0) + or + // Out of the callback + pred = call.getReplacementCallback().getReturnNode() and + succ = call + ) + } } /** @@ -1063,12 +824,18 @@ module TaintTracking { this.getNumArgument() = 1 } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + + /** Holds if this node blocks flow through `e`, provided it evaluates to `outcome`. */ + predicate blocksExpr(boolean outcome, Expr e) { outcome = true and e = this.getArgument(0).asExpr() } } + /** Barrier nodes derived from the `AdHocWhitelistCheckSanitizer` class. */ + module AdHocWhitelistCheckSanitizer = DataFlow::MakeBarrierGuard; + /** A check of the form `if(x in o)`, which sanitizes `x` in its "then" branch. */ class InSanitizer extends AdditionalSanitizerGuardNode, DataFlow::ValueNode { override InExpr astNode; @@ -1267,4 +1034,24 @@ module TaintTracking { override predicate appliesTo(Configuration cfg) { any() } } + + import internal.sharedlib.TaintTracking + + /** + * Holds if there is a taint step from `node1` to `node2`. + * + * This includes steps between synthesized nodes generated by flow summaries. + */ + pragma[inline] + predicate defaultTaintStep(DataFlow::Node node1, DataFlow::Node node2) { + TaintTrackingPrivate::defaultAdditionalTaintStep(node1, node2) + } + + /** + * Holds if `node` is seen as a barrier for taint-tracking. + */ + pragma[inline] + predicate defaultSanitizer(DataFlow::Node node) { + TaintTrackingPrivate::defaultTaintSanitizer(node) + } } diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/AccessPaths.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/AccessPaths.qll index 669b53418a59..3bcc36a65773 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/AccessPaths.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/AccessPaths.qll @@ -92,7 +92,7 @@ class AccessPath extends TAccessPath { * Gets an expression in `bb` represented by this access path. */ cached - Expr getAnInstanceIn(BasicBlock bb) { + Expr getAnInstanceIn(ReachableBasicBlock bb) { Stages::DataFlowStage::ref() and exists(SsaVariable var | this = MkSsaRoot(var) and diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/AdditionalFlowInternal.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/AdditionalFlowInternal.qll new file mode 100644 index 000000000000..d7f92ce8dd30 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/AdditionalFlowInternal.qll @@ -0,0 +1,34 @@ +private import javascript +private import semmle.javascript.dataflow.internal.DataFlowNode +private import semmle.javascript.dataflow.internal.DataFlowPrivate + +/** + * Gets a data-flow node synthesized using `AdditionalFlowInternal#needsSynthesizedNode`. + */ +DataFlow::Node getSynthesizedNode(AstNode node, string tag) { + result = TGenericSynthesizedNode(node, tag, _) +} + +/** + * An extension to `AdditionalFlowStep` with additional internal-only predicates. + */ +class AdditionalFlowInternal extends DataFlow::AdditionalFlowStep { + /** + * Holds if a data-flow node should be synthesized for the pair `(node, tag)`. + * + * The node can be obtained using `getSynthesizedNode(node, tag)`. + * + * `container` will be seen as the node's enclosing container. + */ + predicate needsSynthesizedNode(AstNode node, string tag, DataFlowCallable container) { none() } + + /** + * Holds if `node` should only permit flow of values stored in `contents`. + */ + predicate expectsContent(DataFlow::Node node, DataFlow::ContentSet contents) { none() } + + /** + * Holds if `node` should not permit flow of values stored in `contents`. + */ + predicate clearsContent(DataFlow::Node node, DataFlow::ContentSet contents) { none() } +} diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/BarrierGuards.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/BarrierGuards.qll new file mode 100644 index 000000000000..1235e05121af --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/BarrierGuards.qll @@ -0,0 +1,444 @@ +/** + * A copy of the barrier guard logic from `Configuration.qll` in the JS data flow library. + * + * This version considers all barrier guards to be relevant. + */ + +private import javascript +private import semmle.javascript.dataflow.internal.AccessPaths + +private signature class BarrierGuardSig extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e); +} + +/** + * Converts a barrier guard class to a set of nodes to include in an implementation of `isBarrier(node)`. + */ +module MakeBarrierGuard { + final private class FinalBaseGuard = BaseGuard; + + private class Adapter extends FinalBaseGuard { + predicate blocksExpr(boolean outcome, Expr e, Unit state) { + super.blocksExpr(outcome, e) and exists(state) + } + } + + /** + * Gets a node that is blocked by a barrier guard. + */ + DataFlow::Node getABarrierNode() { + result = MakeStateBarrierGuard::getABarrierNode(_) + } +} + +private signature class LabeledBarrierGuardSig extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for `label`, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label); +} + +/** + * Converts a barrier guard class to a set of nodes to include in an implementation of `isBarrier(node, label)`. + */ +module MakeLabeledBarrierGuard { + final private class FinalBaseGuard = BaseGuard; + + private class Adapter extends FinalBaseGuard { + predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { + super.blocksExpr(outcome, e, label) + } + } + + /** + * Gets a node and flow label that is blocked by a barrier guard. + */ + DataFlow::Node getABarrierNode(DataFlow::FlowLabel label) { + result = MakeStateBarrierGuard::getABarrierNode(label) + } +} + +private signature predicate isBarrierGuardSig(DataFlow::BarrierGuardNode node); + +/** + * Converts a labeled barrier guard class to a set of nodes to include in an implementation of `isBarrier(node)` and `isBarrier(node, label)` + * in a `DataFlow::StateConfigSig` implementation. + */ +module MakeLegacyBarrierGuardLabeled { + final private class FinalNode = DataFlow::Node; + + private class Adapter extends FinalNode instanceof DataFlow::BarrierGuardNode { + Adapter() { isBarrierGuard(this) } + + predicate blocksExpr(boolean outcome, Expr e, string label) { + super.blocks(outcome, e, label) + or + super.blocks(outcome, e) and label = "" + } + } + + private module Guards = MakeStateBarrierGuard; + + /** + * Gets a node that is blocked by a barrier guard. + */ + DataFlow::Node getABarrierNode() { result = Guards::getABarrierNode("") } + + /** + * Gets a node and flow label that is blocked by a barrier guard. + */ + DataFlow::Node getABarrierNode(DataFlow::FlowLabel label) { + result = Guards::getABarrierNode(label) + } +} + +/** + * Converts a barrier guard class to a set of nodes to include in an implementation of `isBarrier(node)` in a `DataFlow::ConfigSig` implementation. + */ +module MakeLegacyBarrierGuard { + final private class FinalNode = DataFlow::Node; + + private class Adapter extends FinalNode instanceof DataFlow::BarrierGuardNode { + Adapter() { isBarrierGuard(this) } + + predicate blocksExpr(boolean outcome, Expr e, string label) { + super.blocks(outcome, e, label) + or + super.blocks(outcome, e) and label = "" + } + } + + private module Guards = MakeStateBarrierGuard; + + /** + * Gets a node that is blocked by a barrier guard. + */ + DataFlow::Node getABarrierNode() { result = Guards::getABarrierNode(["", "data", "taint"]) } +} + +bindingset[this] +private signature class FlowStateSig; + +private module WithFlowState { + signature class BarrierGuardSig extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for `state`, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e, FlowState state); + } +} + +/** + * Projects the dominator tree onto a tree that only considers dominance between `ConditionGuardNode`s. + * + * This exists to speeds up the dominance check for barrier guards acting on an access path, avoiding the following two + * bad join orders: + * + * - Enumerate all basic blocks dominated by a barrier guard, and then find uses of the access path in those blocks. + * - Enumerate all uses of an access path and then select those that are in a dominated block. + * + * Both joins have pathological cases in different benchmarks. + * + * We use a join order that is essentially the first one above, except we only enumerate condition guards, not all the blocks. + */ +cached +private module ConditionGuardDominators { + /** Gets the condition guard that most-immediately dominates `bb`. */ + private ConditionGuardNode getDominatingCondition(ReachableBasicBlock bb) { + result.getBasicBlock() = bb + or + not bb = any(ConditionGuardNode guard).getBasicBlock() and + result = getDominatingCondition(bb.getImmediateDominator()) + } + + private predicate immediateDom(ConditionGuardNode dominator, ConditionGuardNode dominated) { + dominator = getDominatingCondition(dominated.getBasicBlock().getImmediateDominator()) + or + dominator = dominated // make the fastTC below reflexive + } + + /** Gets a condition guard dominated by `node` */ + cached + ConditionGuardNode getADominatedConditionGuard(ConditionGuardNode node) = + fastTC(immediateDom/2)(node, result) + + /** Gets a use of `ap` and binds `guard` to its immediately-dominating condition guard (if any). */ + cached + Expr getAnAccessPathUseUnderCondition(AccessPath ap, ConditionGuardNode guard) { + exists(ReachableBasicBlock bb | + result = ap.getAnInstanceIn(bb) and + guard = getDominatingCondition(bb) + ) + } +} + +/** + * Converts a barrier guard class to a set of nodes to include in an implementation of `isBarrier(node, state)`. + */ +module MakeStateBarrierGuard< + FlowStateSig FlowState, WithFlowState::BarrierGuardSig BaseGuard> +{ + final private class FinalNode = DataFlow::Node; + + abstract private class BarrierGuard extends FinalNode { + abstract predicate blocksExpr(boolean outcome, Expr test, FlowState state); + } + + private class ExplicitBarrierGuard extends BarrierGuard instanceof BaseGuard { + override predicate blocksExpr(boolean outcome, Expr test, FlowState state) { + BaseGuard.super.blocksExpr(outcome, test, state) + } + } + + /** + * Gets a node and flow state that is blocked by a barrier guard. + */ + pragma[nomagic] + DataFlow::Node getABarrierNode(FlowState state) { barrierGuardBlocksNode(result, state) } + + // + // ================================================================================================ + // NOTE + // The rest of this file is a copy of the barrier-guard logic in Configuration.qll except: + // - FlowLabel is replaced by FlowState + // - BarrierGuardNode and AdditionalBarrierGuardNode are replaced by the BarrierGuard class defined above + // - `barrierGuardBlocksEdge` is missing as dataflow2 does not support barrier edges + // - `barrierGuardIsRelevant` does not check pruning results as we can't access that from here + // - `barrierGuardBlocksNode` has been rewritten to perform better without pruning. + // ================================================================================================ + // + /** + * Holds if data flow node `guard` acts as a barrier for data flow. + * + * `state` is bound to the blocked state, or the empty FlowState if all labels should be blocked. + */ + pragma[nomagic] + private predicate barrierGuardBlocksExpr( + BarrierGuard guard, boolean outcome, Expr test, FlowState state + ) { + guard.blocksExpr(outcome, test, state) + } + + /** + * Holds if `guard` may block the flow of a value reachable through exploratory flow. + */ + pragma[nomagic] + private predicate barrierGuardIsRelevant(BarrierGuard guard) { + exists(Expr e | + barrierGuardBlocksExpr(guard, _, e, _) + // All guards are considered relevant (this is the difference from the main JS lib) + // isRelevantForward(e.flow(), _) + ) + } + + /** + * Holds if data flow node `guard` acts as a barrier for data flow due to aliasing through + * an access path. + * + * `state` is bound to the blocked state, or the empty FlowState if all labels should be blocked. + */ + pragma[nomagic] + private predicate barrierGuardBlocksAccessPath( + BarrierGuard guard, boolean outcome, AccessPath ap, FlowState state + ) { + barrierGuardIsRelevant(guard) and + barrierGuardBlocksExpr(guard, outcome, ap.getAnInstance(), state) + } + + /** + * Holds if there exists an input variable of `ref` that blocks the state `state`. + * + * This predicate is outlined to give the optimizer a hint about the join ordering. + */ + pragma[nomagic] + private predicate barrierGuardBlocksSsaRefinement( + BarrierGuard guard, boolean outcome, SsaRefinementNode ref, FlowState state + ) { + barrierGuardIsRelevant(guard) and + guard.getEnclosingExpr() = ref.getGuard().getTest() and + forex(SsaVariable input | input = ref.getAnInput() | + barrierGuardBlocksExpr(guard, outcome, input.getAUse(), state) + ) + } + + /** + * Holds if the result of `guard` is used in the branching condition `cond`. + * + * `outcome` is bound to the outcome of `cond` for join-ordering purposes. + */ + pragma[nomagic] + private predicate barrierGuardUsedInCondition( + BarrierGuard guard, ConditionGuardNode cond, boolean outcome + ) { + barrierGuardIsRelevant(guard) and + outcome = cond.getOutcome() and + ( + cond.getTest() = guard.getEnclosingExpr() + or + cond.getTest().flow().getImmediatePredecessor+() = guard + ) + } + + /** Holds if a barrier guard blocks uses of `ap` in basic blocks dominated by `cond`. */ + pragma[nomagic] + private predicate barrierGuardBlocksAccessPathIn( + AccessPath ap, ConditionGuardNode cond, FlowState state + ) { + exists(BarrierGuard guard, boolean outcome | + barrierGuardBlocksAccessPath(guard, outcome, ap, state) and + barrierGuardUsedInCondition(guard, cond, outcome) + ) + } + + /** + * Holds if `expr` is an access path reference that is blocked by a barrier guard. + */ + pragma[noopt] + private predicate barrierGuardBlocksAccessPathUse(Expr use, FlowState state) { + exists(AccessPath p, ConditionGuardNode cond, ConditionGuardNode useDominator | + barrierGuardBlocksAccessPathIn(p, cond, state) and + useDominator = ConditionGuardDominators::getADominatedConditionGuard(cond) and + use = ConditionGuardDominators::getAnAccessPathUseUnderCondition(p, useDominator) + ) + } + + /** + * Holds if data flow node `nd` acts as a barrier for data flow, possibly due to aliasing + * through an access path. + * + * `state` is bound to the blocked state. + */ + pragma[nomagic] + private predicate barrierGuardBlocksNode(DataFlow::Node nd, FlowState state) { + exists(BarrierGuard guard, SsaRefinementNode ref, boolean outcome | + nd = DataFlow::ssaDefinitionNode(ref) and + outcome = ref.getGuard().(ConditionGuardNode).getOutcome() and + barrierGuardBlocksSsaRefinement(guard, outcome, ref, state) + ) + or + exists(Expr use | + barrierGuardBlocksAccessPathUse(use, state) and + nd = DataFlow::valueNode(use) + ) + } + + /** + * Gets a logical `and` expression, or parenthesized expression, that contains `guard`. + */ + private Expr getALogicalAndParent(BarrierGuard guard) { + barrierGuardIsRelevant(guard) and result = guard.asExpr() + or + result.(LogAndExpr).getAnOperand() = getALogicalAndParent(guard) + or + result.getUnderlyingValue() = getALogicalAndParent(guard) + } + + /** + * Gets a logical `or` expression, or parenthesized expression, that contains `guard`. + */ + private Expr getALogicalOrParent(BarrierGuard guard) { + barrierGuardIsRelevant(guard) and result = guard.asExpr() + or + result.(LogOrExpr).getAnOperand() = getALogicalOrParent(guard) + or + result.getUnderlyingValue() = getALogicalOrParent(guard) + } + + final private class FinalFunction = Function; + + /** + * A function that returns the result of a barrier guard. + */ + private class BarrierGuardFunction extends FinalFunction { + DataFlow::ParameterNode sanitizedParameter; + BarrierGuard guard; + boolean guardOutcome; + FlowState state; + int paramIndex; + + BarrierGuardFunction() { + barrierGuardIsRelevant(guard) and + exists(Expr e | + exists(Expr returnExpr | + returnExpr = guard.asExpr() + or + // ad hoc support for conjunctions: + getALogicalAndParent(guard) = returnExpr and guardOutcome = true + or + // ad hoc support for disjunctions: + getALogicalOrParent(guard) = returnExpr and guardOutcome = false + | + exists(SsaExplicitDefinition ssa | + ssa.getDef().getSource() = returnExpr and + ssa.getVariable().getAUse() = this.getAReturnedExpr() + ) + or + returnExpr = this.getAReturnedExpr() + ) and + sanitizedParameter.flowsToExpr(e) and + barrierGuardBlocksExpr(guard, guardOutcome, e, state) + ) and + sanitizedParameter.getParameter() = this.getParameter(paramIndex) + } + + /** + * Holds if this function sanitizes argument `e` of call `call`, provided the call evaluates to `outcome`. + */ + predicate isBarrierCall(DataFlow::CallNode call, Expr e, boolean outcome, FlowState st) { + exists(DataFlow::Node arg | + DataFlow::argumentPassingStep(pragma[only_bind_into](call), pragma[only_bind_into](arg), + pragma[only_bind_into](this), pragma[only_bind_into](sanitizedParameter)) and + arg.asExpr() = e and + arg = call.getArgument(paramIndex) and + outcome = guardOutcome and + state = st + ) + } + } + + /** + * A call that sanitizes an argument. + */ + private class AdditionalBarrierGuardCall extends BarrierGuard instanceof DataFlow::CallNode { + BarrierGuardFunction f; + + AdditionalBarrierGuardCall() { f.isBarrierCall(this, _, _, _) } + + override predicate blocksExpr(boolean outcome, Expr e, FlowState state) { + f.isBarrierCall(this, e, outcome, state) + } + } + + /** + * A sanitizer where an inner sanitizer is compared against a boolean. + * E.g. (assuming `sanitizes(e)` is an existing sanitizer): + * ```javascript + * if (sanitizes(e) === true) { + * // e is sanitized + * } + * ``` + */ + private class CallAgainstEqualityCheck extends BarrierGuard { + BarrierGuard prev; + boolean polarity; + + CallAgainstEqualityCheck() { + prev instanceof DataFlow::CallNode and + exists(EqualityTest test, BooleanLiteral bool | + this.asExpr() = test and + test.hasOperands(prev.asExpr(), bool) and + polarity = test.getPolarity().booleanXor(bool.getBoolValue()) + ) + } + + override predicate blocksExpr(boolean outcome, Expr e, FlowState state) { + exists(boolean prevOutcome | + barrierGuardBlocksExpr(prev, prevOutcome, e, state) and + outcome = prevOutcome.booleanXor(polarity) + ) + } + } +} diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/Contents.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/Contents.qll new file mode 100644 index 000000000000..a359ee0d1d5b --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/Contents.qll @@ -0,0 +1,499 @@ +private import javascript +private import semmle.javascript.frameworks.data.internal.ApiGraphModels as ApiGraphModels +private import semmle.javascript.dataflow.internal.FlowSummaryPrivate as FlowSummaryPrivate +private import codeql.dataflow.internal.AccessPathSyntax as AccessPathSyntax + +module Private { + import Public + + /** + * Gets the largest array index should be propagated precisely through flow summaries. + * + * Note that all known array indices have a corresponding singleton content, but some will + * be collapsed in flow summaries that operate on array elements. + */ + int getMaxPreciseArrayIndex() { result = 9 } + + /** Gets the largest array index should be propagated precisely through flow summaries. */ + int getAPreciseArrayIndex() { result = [0 .. getMaxPreciseArrayIndex()] } + + /** + * Holds if a MaD access path token of form `name[arg]` exists. + */ + predicate isAccessPathTokenPresent(string name, string arg) { + arg = any(FlowSummaryPrivate::AccessPathToken tok).getAnArgument(name) + or + arg = any(ApiGraphModels::AccessPathToken tok).getAnArgument(name) + } + + /** + * Holds if values associated with `key` should be tracked as a individual contents of a `Map` object. + */ + private predicate isKnownMapKey(string key) { + exists(MethodCallExpr call | + call.getMethodName() = "get" and + call.getNumArgument() = 1 and + call.getArgument(0).getStringValue() = key + ) + or + isAccessPathTokenPresent("MapValue", key) + } + + /** + * A known property name. + */ + class PropertyName extends string { + // Note: unlike the similarly-named class in StepSummary.qll, this class must not depend on DataFlow::Node + PropertyName() { + this = any(PropAccess access).getPropertyName() + or + this = any(Property p).getName() + or + this = any(PropertyPattern p).getName() + or + this = any(GlobalVariable v).getName() + or + this = getAPreciseArrayIndex().toString() + or + isAccessPathTokenPresent("Member", this) + } + + /** Gets the array index corresponding to this property name. */ + pragma[nomagic] + int asArrayIndex() { result = this.toInt() and result >= 0 and this = result.toString() } + } + + cached + newtype TContent = + MkPropertyContent(PropertyName name) or + MkArrayElementUnknown() or // note: array elements with known index are just properties + MkMapKey() or + MkMapValueWithUnknownKey() or + MkMapValueWithKnownKey(string key) { isKnownMapKey(key) } or + MkSetElement() or + MkIteratorElement() or + MkIteratorError() or + MkPromiseValue() or + MkPromiseError() or + MkCapturedContent(LocalVariable v) { v.isCaptured() } + + cached + newtype TContentSet = + MkSingletonContent(Content content) or + MkArrayElementKnown(int index) { index = any(PropertyName name).asArrayIndex() } or + MkArrayElementLowerBound(int index) { index = [0 .. getMaxPreciseArrayIndex() + 1] } or + MkMapValueKnown(string key) { isKnownMapKey(key) } or + MkMapValueAll() or + MkPromiseFilter() or + MkIteratorFilter() or + MkAnyProperty() or + MkAnyCapturedContent() or + // The following content sets are used exclusively as an intermediate value in flow summaries. + // These are encoded as a ContentSummaryComponent, although the flow graphs we generate are different + // than an ordinary content component. These special content sets should never appear in a step. + MkAwaited() or + MkAnyPropertyDeep() or + MkArrayElementDeep() + + /** + * Holds if `cs` is used to encode a special operation as a content component, but should not + * be treated as an ordinary content component. + */ + predicate isSpecialContentSet(ContentSet cs) { + cs = MkAwaited() or cs = MkAnyPropertyDeep() or cs = MkArrayElementDeep() + } +} + +module Public { + private import Private + + /** + * A storage location on an object, such as a property name. + */ + class Content extends TContent { + /** Gets a string representation of this content. */ + cached + string toString() { + // Note that these strings are visible to the end-user, in the access path of a PathNode. + result = this.asPropertyName() + or + this.isUnknownArrayElement() and + result = "ArrayElement" + or + this = MkMapKey() and + result = "MapKey" + or + this = MkMapValueWithUnknownKey() and + result = "MapValue" + or + exists(string key | + this = MkMapValueWithKnownKey(key) and + result = "MapValue[" + key + "]" + ) + or + this = MkSetElement() and + result = "SetElement" + or + this = MkIteratorElement() and + result = "IteratorElement" + or + this = MkIteratorError() and + result = "IteratorError" + or + this = MkPromiseValue() and + result = "PromiseValue" + or + this = MkPromiseError() and + result = "PromiseError" + or + result = this.asCapturedVariable().getName() + } + + /** Gets the property name represented by this content, if any. */ + string asPropertyName() { this = MkPropertyContent(result) } + + /** Gets the array index represented by this content, if any. */ + pragma[nomagic] + int asArrayIndex() { result = this.asPropertyName().(PropertyName).asArrayIndex() } + + /** Gets the captured variable represented by this content, if any. */ + LocalVariable asCapturedVariable() { this = MkCapturedContent(result) } + + /** Holds if this represents values stored at an unknown array index. */ + predicate isUnknownArrayElement() { this = MkArrayElementUnknown() } + + /** Holds if this represents values stored in a `Map` at an unknown key. */ + predicate isMapValueWithUnknownKey() { this = MkMapValueWithUnknownKey() } + + /** Holds if this represents values stored in a `Map` as the given string key. */ + predicate isMapValueWithKnownKey(string key) { this = MkMapValueWithKnownKey(key) } + } + + /** + * An entity that represents the set of `Content`s being accessed at a read or store operation. + */ + class ContentSet extends TContentSet { + /** Gets a content that may be stored into when storing into this set. */ + pragma[inline] + Content getAStoreContent() { + result = this.asSingleton() + or + // For array element access with known lower bound, just store into the unknown array element + this = ContentSet::arrayElementLowerBound(_) and + result.isUnknownArrayElement() + or + exists(int n | + this = ContentSet::arrayElementKnown(n) and + result.asArrayIndex() = n + ) + or + exists(string key | + this = ContentSet::mapValueWithKnownKey(key) and + result.isMapValueWithKnownKey(key) + ) + or + this = ContentSet::mapValueAll() and + result.isMapValueWithUnknownKey() + } + + /** Gets a content that may be read from when reading from this set. */ + pragma[nomagic] + Content getAReadContent() { + result = this.asSingleton() + or + this = ContentSet::promiseFilter() and + ( + result = MkPromiseValue() + or + result = MkPromiseError() + ) + or + this = ContentSet::iteratorFilter() and + ( + result = MkIteratorElement() + or + result = MkIteratorError() + ) + or + exists(int bound | this = ContentSet::arrayElementLowerBound(bound) | + result.isUnknownArrayElement() + or + result.asArrayIndex() >= bound + ) + or + exists(int n | this = ContentSet::arrayElementKnown(n) | + result.isUnknownArrayElement() + or + result.asArrayIndex() = n + ) + or + exists(string key | this = ContentSet::mapValueWithKnownKey(key) | + result.isMapValueWithUnknownKey() + or + result.isMapValueWithKnownKey(key) + ) + or + this = ContentSet::mapValueAll() and + ( + result.isMapValueWithUnknownKey() + or + result.isMapValueWithKnownKey(_) + ) + or + this = ContentSet::anyProperty() and + ( + result instanceof MkPropertyContent + or + result instanceof MkArrayElementUnknown + ) + or + this = ContentSet::anyCapturedContent() and + result instanceof Private::MkCapturedContent + } + + /** Gets the singleton content to be accessed. */ + Content asSingleton() { this = MkSingletonContent(result) } + + /** Gets the property name to be accessed. */ + PropertyName asPropertyName() { result = this.asSingleton().asPropertyName() } + + /** Gets the array index to be accessed. */ + int asArrayIndex() { result = this.asSingleton().asArrayIndex() } + + /** + * Gets a string representation of this content set. + */ + string toString() { + result = this.asSingleton().toString() + or + this = ContentSet::promiseFilter() and result = "PromiseFilter" + or + this = ContentSet::iteratorFilter() and result = "IteratorFilter" + or + exists(int bound | + this = ContentSet::arrayElementLowerBound(bound) and + result = "ArrayElement[" + bound + "..]" + ) + or + exists(int n | this = ContentSet::arrayElementKnown(n) and result = "ArrayElement[" + n + "]") + or + this = ContentSet::mapValueAll() and + result = "MapValue" + or + this = ContentSet::anyProperty() and + result = "AnyMember" + or + this = MkAwaited() and result = "Awaited (with coercion)" + or + this = MkAnyPropertyDeep() and result = "AnyMemberDeep" + or + this = MkArrayElementDeep() and result = "ArrayElementDeep" + or + this = MkAnyCapturedContent() and + result = "AnyCapturedContent" + } + } + + /** + * Companion module to the `ContentSet` class, providing access to various content sets. + */ + module ContentSet { + /** + * A content set containing only the given content. + */ + pragma[inline] + ContentSet singleton(Content content) { result.asSingleton() = content } + + /** + * A content set corresponding to the given property name. + */ + pragma[inline] + ContentSet property(PropertyName name) { result.asSingleton().asPropertyName() = name } + + /** + * A content set that should only be used in `withContent` and `withoutContent` steps, which + * matches the two promise-related contents, `Awaited[value]` and `Awaited[error]`. + */ + ContentSet promiseFilter() { result = MkPromiseFilter() } + + /** + * A content set that should only be used in `withContent` and `withoutContent` steps, which + * matches the two iterator-related contents, `IteratorElement` and `IteratorError`. + */ + ContentSet iteratorFilter() { result = MkIteratorFilter() } + + /** + * A content set describing the result of a resolved promise. + */ + ContentSet promiseValue() { result = singleton(MkPromiseValue()) } + + /** + * A content set describing the error stored in a rejected promise. + */ + ContentSet promiseError() { result = singleton(MkPromiseError()) } + + /** + * A content set describing all array elements, regardless of their index in the array. + */ + ContentSet arrayElement() { result = MkArrayElementLowerBound(0) } + + /** + * A content set describing array elements at index `bound` or greater. + * + * For `bound=0` this gets the same content set as `ContentSet::arrayElement()`, that is, + * the content set describing all array elements. + * + * For large values of `bound` this has no result - see `ContentSet::arrayElementLowerBoundFromInt`. + */ + ContentSet arrayElementLowerBound(int bound) { result = MkArrayElementLowerBound(bound) } + + /** + * A content set describing an access to array index `n`. + * + * This content set reads from element `n` and the unknown element, and stores to index `n`. + * + * For large values of `n` this has no result - see `ContentSet::arrayElementFromInt`. + */ + ContentSet arrayElementKnown(int n) { result = MkArrayElementKnown(n) } + + /** + * The singleton content set describing array elements stored at an unknown index. + */ + ContentSet arrayElementUnknown() { result = singleton(MkArrayElementUnknown()) } + + /** + * Gets a content set describing array elements at index `bound` or greater. + * + * If `bound` is too large, it is truncated to the greatest lower bound we can represent. + */ + bindingset[bound] + ContentSet arrayElementLowerBoundFromInt(int bound) { + result = arrayElementLowerBound(bound.minimum(getMaxPreciseArrayIndex() + 1)) + } + + /** + * Gets the content set describing an access to array index `n`. + * + * If `n` is too large, it is truncated to the greatest lower bound we can represent. + */ + bindingset[n] + ContentSet arrayElementFromInt(int n) { + result = arrayElementKnown(n) + or + not exists(arrayElementKnown(n)) and + result = arrayElementLowerBoundFromInt(n) + } + + /** Gets the content set describing the keys of a `Map` object. */ + ContentSet mapKey() { result = singleton(MkMapKey()) } + + /** Gets the content set describing the values of a `Map` object stored with an unknown key. */ + ContentSet mapValueWithUnknownKey() { result = singleton(MkMapValueWithUnknownKey()) } + + /** + * Gets the content set describing the value of a `Map` object stored with the given known `key`. + * + * This has no result if `key` is not one of the keys we track precisely. See also `mapValueFromKey`. + */ + ContentSet mapValueWithKnownKeyStrict(string key) { result = MkMapValueKnown(key) } + + /** + * Gets the content set describing an access to a map value with the given `key`. + * + * This content set also reads from a value stored with an unknown key. Use `mapValueWithKnownKeyStrict` to strictly + * refer to known keys. + * + * This has no result if `key` is not one of the keys we track precisely. See also `mapValueFromKey`. + */ + ContentSet mapValueWithKnownKey(string key) { result = singleton(MkMapValueWithKnownKey(key)) } + + /** Gets the content set describing all values in a map (with known or unknown key). */ + ContentSet mapValueAll() { result = MkMapValueAll() } + + /** + * Gets the content set describing the value in a `Map` object stored at the given `key`. + * + * If `key` is not one of the keys we track precisely, this is mapped to the unknown key instead. + */ + bindingset[key] + ContentSet mapValueFromKey(string key) { + result = mapValueWithKnownKey(key) + or + not exists(mapValueWithKnownKey(key)) and + result = mapValueWithUnknownKey() + } + + /** Gets the content set describing the elements of a `Set` object. */ + ContentSet setElement() { result = singleton(MkSetElement()) } + + /** Gets the content set describing the elements of an iterator object. */ + ContentSet iteratorElement() { result = singleton(MkIteratorElement()) } + + /** Gets the content set describing the exception to be thrown when attempting to iterate over the given value. */ + ContentSet iteratorError() { result = singleton(MkIteratorError()) } + + /** + * Gets a content set that reads from all ordinary properties. + * + * This includes array elements, but not the contents of `Map`, `Set`, `Promise`, or iterator objects. + * + * This content set has no effect if used in a store step. + */ + ContentSet anyProperty() { result = MkAnyProperty() } + + /** + * Gets a content set corresponding to the pseudo-property `propertyName`. + */ + pragma[nomagic] + private ContentSet fromLegacyPseudoProperty(string propertyName) { + propertyName = Promises::valueProp() and + result = promiseValue() + or + propertyName = Promises::errorProp() and + result = promiseError() + or + propertyName = DataFlow::PseudoProperties::arrayElement() and + result = arrayElement() + or + propertyName = DataFlow::PseudoProperties::iteratorElement() and + result = iteratorElement() + or + propertyName = DataFlow::PseudoProperties::setElement() and + result = setElement() + or + propertyName = DataFlow::PseudoProperties::mapValueAll() and + result = mapValueAll() + or + propertyName = DataFlow::PseudoProperties::mapValueUnknownKey() and + result = mapValueWithUnknownKey() + or + exists(string key | + propertyName = DataFlow::PseudoProperties::mapValueKey(key) and + result = mapValueWithKnownKey(key) + ) + } + + /** + * Gets the content set corresponding to the given property name, where legacy pseudo-properties + * are mapped to their corresponding content sets (which are no longer seen as property names). + */ + bindingset[propertyName] + ContentSet fromLegacyProperty(string propertyName) { + result = fromLegacyPseudoProperty(propertyName) + or + not exists(fromLegacyPseudoProperty(propertyName)) and + ( + // In case a map-value key was contributed via a SharedFlowStep, but we don't have a ContentSet for it, + // convert it to the unknown key. + if DataFlow::PseudoProperties::isMapValueKey(propertyName) + then result = mapValueWithUnknownKey() + else result = property(propertyName) + ) + } + + /** + * Gets a content set that reads from all captured variables stored on a function. + */ + ContentSet anyCapturedContent() { result = Private::MkAnyCapturedContent() } + } +} diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowImplConsistency.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowImplConsistency.qll new file mode 100644 index 000000000000..84f0f3e39b4f --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowImplConsistency.qll @@ -0,0 +1,42 @@ +private import javascript +private import codeql.dataflow.internal.DataFlowImplConsistency +private import sharedlib.DataFlowArg +private import semmle.javascript.dataflow.internal.DataFlowPrivate +private import semmle.javascript.dataflow.internal.DataFlowNode + +private module ConsistencyConfig implements InputSig { + private predicate isAmbientNode(DataFlow::Node node) { + exists(AstNode n | n.isAmbient() | + node = TValueNode(n) or + node = TThisNode(n) or + node = TReflectiveParametersNode(n) or + node = TPropNode(n) or + node = TFunctionSelfReferenceNode(n) or + node = TExceptionalFunctionReturnNode(n) or + node = TExprPostUpdateNode(n) or + node = TExceptionalInvocationReturnNode(n) or + node = TDestructuredModuleImportNode(n) + ) + } + + predicate missingLocationExclude(DataFlow::Node n) { + n instanceof FlowSummaryNode + or + n instanceof FlowSummaryIntermediateAwaitStoreNode + or + n instanceof GenericSynthesizedNode + or + n = DataFlow::globalAccessPathRootPseudoNode() + } + + predicate uniqueNodeLocationExclude(DataFlow::Node n) { missingLocationExclude(n) } + + predicate uniqueEnclosingCallableExclude(DataFlow::Node n) { isAmbientNode(n) } + + predicate uniqueCallEnclosingCallableExclude(DataFlowCall call) { + isAmbientNode(call.asOrdinaryCall()) or + isAmbientNode(call.asAccessorCall()) + } +} + +module Consistency = MakeConsistency; diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll index d6ba48d77cb5..4e10b6b27e19 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowNode.qll @@ -5,38 +5,116 @@ */ private import javascript +private import semmle.javascript.dataflow.internal.AdditionalFlowInternal +private import semmle.javascript.dataflow.internal.Contents::Private +private import semmle.javascript.dataflow.internal.sharedlib.DataFlowImplCommon as DataFlowImplCommon +private import semmle.javascript.dataflow.internal.DataFlowPrivate as DataFlowPrivate +private import semmle.javascript.dataflow.internal.sharedlib.FlowSummaryImpl as FlowSummaryImpl +private import semmle.javascript.dataflow.internal.FlowSummaryPrivate as FlowSummaryPrivate +private import semmle.javascript.dataflow.internal.VariableCapture as VariableCapture -/** - * The raw data type underlying `DataFlow::Node`. - */ cached -newtype TNode = - TValueNode(AST::ValueNode nd) or - TSsaDefNode(SsaDefinition d) or - TCapturedVariableNode(LocalVariable v) { v.isCaptured() } or - TPropNode(@property p) or - TRestPatternNode(DestructuringPattern dp, Expr rest) { rest = dp.getRest() } or - TElementPatternNode(ArrayPattern ap, Expr p) { p = ap.getElement(_) } or - TElementNode(ArrayExpr arr, Expr e) { e = arr.getAnElement() } or - TReflectiveCallNode(MethodCallExpr ce, string kind) { - ce.getMethodName() = kind and - (kind = "call" or kind = "apply") - } or - TThisNode(StmtContainer f) { f.(Function).getThisBinder() = f or f instanceof TopLevel } or - TDestructuredModuleImportNode(ImportDeclaration decl) { - exists(decl.getASpecifier().getImportedName()) - } or - THtmlAttributeNode(HTML::Attribute attr) or - TXmlAttributeNode(XmlAttribute attr) or - TFunctionReturnNode(Function f) or - TExceptionalFunctionReturnNode(Function f) or - TExceptionalInvocationReturnNode(InvokeExpr e) or - TGlobalAccessPathRoot() or - TTemplatePlaceholderTag(Templating::TemplatePlaceholderTag tag) or - TReflectiveParametersNode(Function f) or - TForbiddenRecursionGuard() { - none() and - // We want to prune irrelevant models before materialising data flow nodes, so types contributed - // directly from CodeQL must expose their pruning info without depending on data flow nodes. - (any(ModelInput::TypeModel tm).isTypeUsed("") implies any()) +private module Cached { + /** + * The raw data type underlying `DataFlow::Node`. + */ + cached + newtype TNode = + TValueNode(AST::ValueNode nd) or + TSsaDefNode(SsaDefinition d) or + TCapturedVariableNode(LocalVariable v) { v.isCaptured() } or + TPropNode(@property p) or + TRestPatternNode(DestructuringPattern dp, Expr rest) { rest = dp.getRest() } or + TElementPatternNode(ArrayPattern ap, Expr p) { p = ap.getElement(_) } or + TElementNode(ArrayExpr arr, Expr e) { e = arr.getAnElement() } or + TReflectiveCallNode(MethodCallExpr ce, string kind) { + ce.getMethodName() = kind and + (kind = "call" or kind = "apply") + } or + TThisNode(StmtContainer f) { f.(Function).getThisBinder() = f or f instanceof TopLevel } or + TFunctionSelfReferenceNode(Function f) or + TDestructuredModuleImportNode(ImportDeclaration decl) { + exists(decl.getASpecifier().getImportedName()) + } or + THtmlAttributeNode(HTML::Attribute attr) or + TXmlAttributeNode(XmlAttribute attr) or + TFunctionReturnNode(Function f) or + TExceptionalFunctionReturnNode(Function f) or + TExceptionalInvocationReturnNode(InvokeExpr e) or + TGlobalAccessPathRoot() or + TTemplatePlaceholderTag(Templating::TemplatePlaceholderTag tag) or + TReflectiveParametersNode(Function f) or + TExprPostUpdateNode(AST::ValueNode e) { + e = any(InvokeExpr invoke).getAnArgument() or + e = any(PropAccess access).getBase() or + e = any(DestructuringPattern pattern) or + e = any(InvokeExpr invoke).getCallee() or + // We have read steps out of the await operand, so it technically needs a post-update + e = any(AwaitExpr a).getOperand() or + e = any(Function f) or // functions are passed as their own self-reference argument + // The RHS of an assignment can be an argument to a setter-call, so it needs a post-update node + e = any(Assignment asn | asn.getTarget() instanceof PropAccess).getRhs() + } or + TConstructorThisArgumentNode(InvokeExpr e) { e instanceof NewExpr or e instanceof SuperCall } or + TConstructorThisPostUpdate(Constructor ctor) or + TFlowSummaryNode(FlowSummaryImpl::Private::SummaryNode sn) or + TFlowSummaryIntermediateAwaitStoreNode(FlowSummaryImpl::Private::SummaryNode sn) { + // NOTE: This dependency goes through the 'Steps' module whose instantiation depends on the call graph, + // but the specific predicate we're referering to does not use that information. + // So it doesn't cause negative recursion but it might look a bit surprising. + FlowSummaryPrivate::Steps::summaryStoreStep(sn, MkAwaited(), _) + } or + TSynthCaptureNode(VariableCapture::VariableCaptureOutput::SynthesizedCaptureNode node) or + TGenericSynthesizedNode(AstNode node, string tag, DataFlowPrivate::DataFlowCallable container) { + any(AdditionalFlowInternal flow).needsSynthesizedNode(node, tag, container) + } or + TForbiddenRecursionGuard() { + none() and + // We want to prune irrelevant models before materialising data flow nodes, so types contributed + // directly from CodeQL must expose their pruning info without depending on data flow nodes. + (any(ModelInput::TypeModel tm).isTypeUsed("") implies any()) + } + + cached + private module Backref { + cached + predicate backref() { + DataFlowImplCommon::forceCachingInSameStage() or + exists(any(DataFlow::Node node).toString()) or + exists(any(DataFlow::Node node).getContainer()) or + any(DataFlow::Node node).hasLocationInfo(_, _, _, _, _) or + exists(any(Content c).toString()) + } } +} + +import Cached + +private class TEarlyStageNode = + TValueNode or TSsaDefNode or TCapturedVariableNode or TPropNode or TRestPatternNode or + TElementPatternNode or TElementNode or TReflectiveCallNode or TThisNode or + TFunctionSelfReferenceNode or TDestructuredModuleImportNode or THtmlAttributeNode or + TFunctionReturnNode or TExceptionalFunctionReturnNode or TExceptionalInvocationReturnNode or + TGlobalAccessPathRoot or TTemplatePlaceholderTag or TReflectiveParametersNode or + TExprPostUpdateNode or TConstructorThisArgumentNode; + +/** + * A data-flow node that is not a flow summary node. + * + * This node exists to avoid an unwanted dependency on flow summaries in some parts of the codebase + * that should not depend on them. + * + * In particular, this dependency chain must not result in negative recursion: + * - Flow summaries can only be created after pruning irrelevant flow summaries + * - To prune irrelevant flow summaries, we must know which packages are imported + * - To know which packages are imported, module systems must be evaluated + * - The AMD and NodeJS module systems rely on data flow to find calls to `require` and similar. + * These module systems must therefore use `EarlyStageNode` instead of `DataFlow::Node`. + */ +class EarlyStageNode extends TEarlyStageNode { + /** Gets a string representation of this data flow node. */ + string toString() { result = this.(DataFlow::Node).toString() } + + /** Gets the location of this data flow node. */ + Location getLocation() { result = this.(DataFlow::Node).getLocation() } +} diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll new file mode 100644 index 000000000000..941ce88f3d9f --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/DataFlowPrivate.qll @@ -0,0 +1,1084 @@ +private import javascript +private import semmle.javascript.dataflow.internal.CallGraphs +private import semmle.javascript.dataflow.internal.DataFlowNode +private import semmle.javascript.dataflow.internal.FlowSteps as FlowSteps +private import semmle.javascript.dataflow.internal.AdditionalFlowInternal +private import semmle.javascript.dataflow.internal.Contents::Private +private import semmle.javascript.dataflow.internal.VariableCapture +private import semmle.javascript.dataflow.internal.sharedlib.DataFlowImplCommon as DataFlowImplCommon +private import semmle.javascript.internal.flow_summaries.AllFlowSummaries +private import sharedlib.FlowSummaryImpl as FlowSummaryImpl +private import semmle.javascript.dataflow.internal.FlowSummaryPrivate as FlowSummaryPrivate +private import semmle.javascript.dataflow.FlowSummary as FlowSummary +private import semmle.javascript.dataflow.internal.BarrierGuards + +class DataFlowSecondLevelScope = Unit; + +private class Node = DataFlow::Node; + +class PostUpdateNode = DataFlow::PostUpdateNode; + +class FlowSummaryNode extends DataFlow::Node, TFlowSummaryNode { + FlowSummaryImpl::Private::SummaryNode getSummaryNode() { this = TFlowSummaryNode(result) } + + /** Gets the summarized callable that this node belongs to. */ + FlowSummaryImpl::Public::SummarizedCallable getSummarizedCallable() { + result = this.getSummaryNode().getSummarizedCallable() + } + + cached + override string toString() { result = this.getSummaryNode().toString() } +} + +class FlowSummaryIntermediateAwaitStoreNode extends DataFlow::Node, + TFlowSummaryIntermediateAwaitStoreNode +{ + FlowSummaryImpl::Private::SummaryNode getSummaryNode() { + this = TFlowSummaryIntermediateAwaitStoreNode(result) + } + + /** Gets the summarized callable that this node belongs to. */ + FlowSummaryImpl::Public::SummarizedCallable getSummarizedCallable() { + result = this.getSummaryNode().getSummarizedCallable() + } + + override string toString() { + result = this.getSummaryNode().toString() + " [intermediate node for Awaited store]" + } +} + +class CaptureNode extends DataFlow::Node, TSynthCaptureNode { + /** Gets the underlying node from the variable-capture library. */ + VariableCaptureOutput::SynthesizedCaptureNode getNode() { + this = TSynthCaptureNode(result) and DataFlowImplCommon::forceCachingInSameStage() + } + + cached + override StmtContainer getContainer() { result = this.getNode().getEnclosingCallable() } + + cached + private string toStringInternal() { result = this.getNode().toString() + " [capture node]" } + + override string toString() { result = this.toStringInternal() } // cached in parent class + + cached + override Location getLocation() { result = this.getNode().getLocation() } +} + +class GenericSynthesizedNode extends DataFlow::Node, TGenericSynthesizedNode { + private AstNode node; + private string tag; + private DataFlowCallable container; + + GenericSynthesizedNode() { this = TGenericSynthesizedNode(node, tag, container) } + + override StmtContainer getContainer() { result = container.asSourceCallable() } + + override string toString() { result = "[synthetic node] " + tag } + + override Location getLocation() { result = node.getLocation() } + + string getTag() { result = tag } +} + +cached +newtype TReturnKind = + MkNormalReturnKind() or + MkExceptionalReturnKind() + +class ReturnKind extends TReturnKind { + string toString() { + this = MkNormalReturnKind() and result = "return" + or + this = MkExceptionalReturnKind() and result = "exception" + } +} + +private predicate returnNodeImpl(DataFlow::Node node, ReturnKind kind) { + node instanceof TFunctionReturnNode and kind = MkNormalReturnKind() + or + exists(Function fun | + node = TExceptionalFunctionReturnNode(fun) and + kind = MkExceptionalReturnKind() and + // For async/generators, the exception is caught and wrapped in the returned promise/iterator object. + // See the models for AsyncAwait and Generator. + not fun.isAsyncOrGenerator() + ) + or + FlowSummaryImpl::Private::summaryReturnNode(node.(FlowSummaryNode).getSummaryNode(), kind) +} + +private DataFlow::Node getAnOutNodeImpl(DataFlowCall call, ReturnKind kind) { + kind = MkNormalReturnKind() and result = call.asOrdinaryCall() + or + kind = MkExceptionalReturnKind() and result = call.asOrdinaryCall().getExceptionalReturn() + or + kind = MkNormalReturnKind() and result = call.asBoundCall(_) + or + kind = MkExceptionalReturnKind() and result = call.asBoundCall(_).getExceptionalReturn() + or + kind = MkNormalReturnKind() and result = call.asAccessorCall().(DataFlow::PropRead) + or + FlowSummaryImpl::Private::summaryOutNode(call.(SummaryCall).getReceiver(), + result.(FlowSummaryNode).getSummaryNode(), kind) +} + +class ReturnNode extends DataFlow::Node { + ReturnNode() { returnNodeImpl(this, _) } + + ReturnKind getKind() { returnNodeImpl(this, result) } +} + +/** A node that receives an output from a call. */ +class OutNode extends DataFlow::Node { + OutNode() { this = getAnOutNodeImpl(_, _) } +} + +OutNode getAnOutNode(DataFlowCall call, ReturnKind kind) { result = getAnOutNodeImpl(call, kind) } + +cached +predicate postUpdatePair(Node pre, Node post) { + exists(AST::ValueNode expr | + pre = TValueNode(expr) and + post = TExprPostUpdateNode(expr) + ) + or + exists(NewExpr expr | + pre = TConstructorThisArgumentNode(expr) and + post = TValueNode(expr) + ) + or + exists(SuperCall expr | + pre = TConstructorThisArgumentNode(expr) and + post = TConstructorThisPostUpdate(expr.getBinder()) + ) + or + exists(Function constructor | + pre = TThisNode(constructor) and + post = TConstructorThisPostUpdate(constructor) + ) + or + FlowSummaryImpl::Private::summaryPostUpdateNode(post.(FlowSummaryNode).getSummaryNode(), + pre.(FlowSummaryNode).getSummaryNode()) + or + VariableCaptureOutput::capturePostUpdateNode(getClosureNode(post), getClosureNode(pre)) +} + +class CastNode extends DataFlow::Node { + CastNode() { none() } +} + +cached +newtype TDataFlowCallable = + MkSourceCallable(StmtContainer container) or + MkLibraryCallable(LibraryCallable callable) + +/** + * A callable entity. This is a wrapper around either a `StmtContainer` or a `LibraryCallable`. + */ +class DataFlowCallable extends TDataFlowCallable { + /** Gets a string representation of this callable. */ + string toString() { + result = this.asSourceCallable().toString() + or + result = this.asLibraryCallable() + } + + /** Gets the location of this callable, if it is present in the source code. */ + Location getLocation() { result = this.asSourceCallable().getLocation() } + + /** Gets the corresponding `StmtContainer` if this is a source callable. */ + StmtContainer asSourceCallable() { this = MkSourceCallable(result) } + + /** Gets the corresponding `StmtContainer` if this is a source callable. */ + pragma[nomagic] + StmtContainer asSourceCallableNotExterns() { + this = MkSourceCallable(result) and + not result.inExternsFile() + } + + /** Gets the corresponding `LibraryCallable` if this is a library callable. */ + LibraryCallable asLibraryCallable() { this = MkLibraryCallable(result) } + + int totalorder() { + result = TotalOrdering::astNodeId(this.asSourceCallable()).bitShiftLeft(1) + or + result = TotalOrdering::libraryCallableId(this.asLibraryCallable()).bitShiftLeft(1) + 1 + } +} + +/** A callable defined in library code, identified by a unique string. */ +abstract class LibraryCallable extends string { + bindingset[this] + LibraryCallable() { any() } + + /** Gets a call to this library callable. */ + DataFlow::InvokeNode getACall() { none() } + + /** Same as `getACall()` except this does not depend on the call graph or API graph. */ + DataFlow::InvokeNode getACallSimple() { none() } +} + +private predicate isParameterNodeImpl(Node p, DataFlowCallable c, ParameterPosition pos) { + p = c.asSourceCallable().(Function).getParameter(pos.asPositional()).flow() + or + pos.isThis() and p = TThisNode(c.asSourceCallable().(Function)) + or + pos.isFunctionSelfReference() and p = TFunctionSelfReferenceNode(c.asSourceCallable()) + or + pos.isArgumentsArray() and p = TReflectiveParametersNode(c.asSourceCallable()) + or + exists(FlowSummaryNode summaryNode | + summaryNode = p and + FlowSummaryImpl::Private::summaryParameterNode(summaryNode.getSummaryNode(), pos) and + c.asLibraryCallable() = summaryNode.getSummarizedCallable() + ) +} + +predicate isParameterNode(ParameterNode p, DataFlowCallable c, ParameterPosition pos) { + isParameterNodeImpl(p, c, pos) +} + +private predicate isArgumentNodeImpl(Node n, DataFlowCall call, ArgumentPosition pos) { + n = call.asOrdinaryCall().getArgument(pos.asPositional()) + or + pos.isThis() and n = call.asOrdinaryCall().(DataFlow::CallNode).getReceiver() + or + exists(DataFlow::PartialInvokeNode invoke, DataFlow::Node callback | + call = MkPartialCall(invoke, callback) and + invoke.isPartialArgument(callback, n, pos.asPositional()) + ) + or + pos.isThis() and n = call.asPartialCall().getBoundReceiver() + or + exists(int boundArgs | + n = call.asBoundCall(boundArgs).getArgument(pos.asPositional() - boundArgs) + ) + or + pos.isFunctionSelfReference() and n = call.asOrdinaryCall().getCalleeNode() + or + pos.isFunctionSelfReference() and n = call.asImpliedLambdaCall().flow() + or + exists(Function fun | + call.asImpliedLambdaCall() = fun and + CallGraph::impliedReceiverStep(n, TThisNode(fun)) and + sameContainerAsEnclosingContainer(n, fun) and + pos.isThis() + ) + or + pos.isThis() and n = TConstructorThisArgumentNode(call.asOrdinaryCall().asExpr()) + or + // For now, treat all spread argument as flowing into the 'arguments' array, regardless of preceding arguments + n = call.asOrdinaryCall().getASpreadArgument() and + pos.isArgumentsArray() + or + // receiver of accessor call + pos.isThis() and n = call.asAccessorCall().getBase() + or + // argument to setter (TODO: this has no post-update node) + pos.asPositional() = 0 and n = call.asAccessorCall().(DataFlow::PropWrite).getRhs() + or + FlowSummaryImpl::Private::summaryArgumentNode(call.(SummaryCall).getReceiver(), + n.(FlowSummaryNode).getSummaryNode(), pos) +} + +predicate isArgumentNode(ArgumentNode n, DataFlowCall call, ArgumentPosition pos) { + isArgumentNodeImpl(n, call, pos) +} + +DataFlowCallable nodeGetEnclosingCallable(Node node) { + result.asSourceCallable() = node.getContainer() + or + result.asLibraryCallable() = node.(FlowSummaryNode).getSummarizedCallable() + or + result.asLibraryCallable() = node.(FlowSummaryIntermediateAwaitStoreNode).getSummarizedCallable() + or + node = TGenericSynthesizedNode(_, _, result) +} + +newtype TDataFlowType = + TFunctionType(Function f) or + TAnyType() + +class DataFlowType extends TDataFlowType { + string toString() { + this instanceof TFunctionType and + result = + "TFunctionType(" + this.asFunction().toString() + ") at line " + + this.asFunction().getLocation().getStartLine() + or + this instanceof TAnyType and result = "TAnyType" + } + + Function asFunction() { this = TFunctionType(result) } +} + +/** + * Holds if `t1` is strictly stronger than `t2`. + */ +predicate typeStrongerThan(DataFlowType t1, DataFlowType t2) { + t1 instanceof TFunctionType and t2 = TAnyType() +} + +private DataFlowType getPreciseType(Node node) { + exists(Function f | + (node = TValueNode(f) or node = TFunctionSelfReferenceNode(f)) and + result = TFunctionType(f) + ) + or + result = getPreciseType(node.getImmediatePredecessor()) + or + result = getPreciseType(node.(PostUpdateNode).getPreUpdateNode()) +} + +DataFlowType getNodeType(Node node) { + result = getPreciseType(node) + or + not exists(getPreciseType(node)) and + result = TAnyType() +} + +predicate nodeIsHidden(Node node) { + DataFlow::PathNode::shouldNodeBeHidden(node) + or + node instanceof FlowSummaryNode + or + node instanceof FlowSummaryIntermediateAwaitStoreNode + or + node instanceof CaptureNode + or + // Hide function expressions, as capture-flow causes them to appear in unhelpful ways + // TODO: Instead hide PathNodes with a capture content as the head of its access path? + node.asExpr() instanceof Function + or + // Also hide post-update nodes for function expressions + node.(DataFlow::ExprPostUpdateNode).getExpr() instanceof Function + or + node instanceof GenericSynthesizedNode +} + +predicate neverSkipInPathGraph(Node node) { + // Include the left-hand side of assignments + node = DataFlow::lvalueNode(_) + or + // Include the return-value expression + node.asExpr() = any(Function f).getAReturnedExpr() + or + // Include calls (which may have been modelled as steps) + node.asExpr() instanceof InvokeExpr + or + // Include references to a variable + node.asExpr() instanceof VarRef +} + +string ppReprType(DataFlowType t) { none() } + +pragma[inline] +private predicate compatibleTypesNonSymRefl(DataFlowType t1, DataFlowType t2) { + t1 != TAnyType() and + t2 = TAnyType() +} + +pragma[inline] +predicate compatibleTypes(DataFlowType t1, DataFlowType t2) { + t1 = t2 + or + compatibleTypesNonSymRefl(t1, t2) + or + compatibleTypesNonSymRefl(t2, t1) +} + +predicate forceHighPrecision(Content c) { none() } + +newtype TContentApprox = + TApproxPropertyContent() or + TApproxMapKey() or + TApproxMapValue() or + TApproxSetElement() or + TApproxIteratorElement() or + TApproxIteratorError() or + TApproxPromiseValue() or + TApproxPromiseError() or + TApproxCapturedContent() + +class ContentApprox extends TContentApprox { + string toString() { + this = TApproxPropertyContent() and result = "TApproxPropertyContent" + or + this = TApproxMapKey() and result = "TApproxMapKey" + or + this = TApproxMapValue() and result = "TApproxMapValue" + or + this = TApproxSetElement() and result = "TApproxSetElement" + or + this = TApproxIteratorElement() and result = "TApproxIteratorElement" + or + this = TApproxIteratorError() and result = "TApproxIteratorError" + or + this = TApproxPromiseValue() and result = "TApproxPromiseValue" + or + this = TApproxPromiseError() and result = "TApproxPromiseError" + or + this = TApproxCapturedContent() and result = "TApproxCapturedContent" + } +} + +pragma[inline] +ContentApprox getContentApprox(Content c) { + c instanceof MkPropertyContent and result = TApproxPropertyContent() + or + c instanceof MkArrayElementUnknown and result = TApproxPropertyContent() + or + c instanceof MkMapKey and result = TApproxMapKey() + or + c instanceof MkMapValueWithKnownKey and result = TApproxMapValue() + or + c instanceof MkMapValueWithUnknownKey and result = TApproxMapValue() + or + c instanceof MkSetElement and result = TApproxSetElement() + or + c instanceof MkIteratorElement and result = TApproxIteratorElement() + or + c instanceof MkIteratorError and result = TApproxIteratorError() + or + c instanceof MkPromiseValue and result = TApproxPromiseValue() + or + c instanceof MkPromiseError and result = TApproxPromiseError() + or + c instanceof MkCapturedContent and result = TApproxCapturedContent() +} + +cached +private newtype TDataFlowCall = + MkOrdinaryCall(DataFlow::InvokeNode node) or + MkPartialCall(DataFlow::PartialInvokeNode node, DataFlow::Node callback) { + callback = node.getACallbackNode() + } or + MkBoundCall(DataFlow::InvokeNode node, int boundArgs) { + FlowSteps::callsBound(node, _, boundArgs) + } or + MkAccessorCall(DataFlow::PropRef node) { + // Some PropRefs can't result in an accessor call, such as Object.defineProperty. + // Restrict to PropRefs that can result in an accessor call. + node = TValueNode(any(PropAccess p)) or + node = TPropNode(any(PropertyPattern p)) + } or + MkImpliedLambdaCall(Function f) { + VariableCaptureConfig::captures(f, _) or CallGraph::impliedReceiverStep(_, TThisNode(f)) + } or + MkSummaryCall( + FlowSummaryImpl::Public::SummarizedCallable c, FlowSummaryImpl::Private::SummaryNode receiver + ) { + FlowSummaryImpl::Private::summaryCallbackRange(c, receiver) + } + +private module TotalOrdering { + private predicate astNodeRefl(AstNode x, AstNode y) { x = y } + + int astNodeId(AstNode n) = equivalenceRelation(astNodeRefl/2)(n, result) + + predicate dataFlowNodeId(DataFlow::Node node, int cls, int content) { + exists(AstNode n | + node = TValueNode(n) and cls = 1 and content = astNodeId(n) + or + node = TReflectiveCallNode(n, _) and cls = 2 and content = astNodeId(n) + ) + } + + predicate callId(DataFlowCall call, int cls, int child, int extra) { + exists(DataFlow::Node node | + call = MkOrdinaryCall(node) and dataFlowNodeId(node, cls - 1000, child) and extra = 0 + or + call = MkPartialCall(node, _) and dataFlowNodeId(node, cls - 2000, child) and extra = 0 + or + call = MkBoundCall(node, extra) and dataFlowNodeId(node, cls - 3000, child) + or + call = MkAccessorCall(node) and dataFlowNodeId(node, cls - 4000, child) and extra = 0 + ) + or + exists(Function f | + call = MkImpliedLambdaCall(f) and cls = 5000 and child = astNodeId(f) and extra = 0 + ) + or + exists( + FlowSummaryImpl::Public::SummarizedCallable c, FlowSummaryImpl::Private::SummaryNode receiver + | + call = MkSummaryCall(c, receiver) and + cls = 6000 and + c = rank[child](FlowSummaryImpl::Public::SummarizedCallable cs) and + extra = 0 + ) + } + + int libraryCallableId(LibraryCallable callable) { callable = rank[result](LibraryCallable c) } +} + +class DataFlowCall extends TDataFlowCall { + DataFlowCallable getEnclosingCallable() { none() } // Overridden in subclass + + string toString() { none() } // Overridden in subclass + + DataFlow::InvokeNode asOrdinaryCall() { this = MkOrdinaryCall(result) } + + DataFlow::PropRef asAccessorCall() { this = MkAccessorCall(result) } + + DataFlow::PartialInvokeNode asPartialCall() { this = MkPartialCall(result, _) } + + DataFlow::InvokeNode asBoundCall(int boundArgs) { this = MkBoundCall(result, boundArgs) } + + Function asImpliedLambdaCall() { this = MkImpliedLambdaCall(result) } + + predicate isSummaryCall( + FlowSummaryImpl::Public::SummarizedCallable enclosingCallable, + FlowSummaryImpl::Private::SummaryNode receiver + ) { + this = MkSummaryCall(enclosingCallable, receiver) + } + + Location getLocation() { none() } // Overridden in subclass + + int totalorder() { + this = + rank[result](DataFlowCall call, int x, int y, int z | + TotalOrdering::callId(call, x, y, z) + | + call order by x, y, z + ) + } +} + +private class OrdinaryCall extends DataFlowCall, MkOrdinaryCall { + private DataFlow::InvokeNode node; + + OrdinaryCall() { this = MkOrdinaryCall(node) } + + DataFlow::InvokeNode getNode() { result = node } + + override DataFlowCallable getEnclosingCallable() { + result.asSourceCallable() = node.getContainer() + } + + override string toString() { result = node.toString() } + + override Location getLocation() { result = node.getLocation() } +} + +private class PartialCall extends DataFlowCall, MkPartialCall { + private DataFlow::PartialInvokeNode node; + private DataFlow::Node callback; + + PartialCall() { this = MkPartialCall(node, callback) } + + DataFlow::PartialInvokeNode getNode() { result = node } + + DataFlow::Node getCallback() { result = callback } + + override DataFlowCallable getEnclosingCallable() { + result.asSourceCallable() = node.getContainer() + } + + override string toString() { result = node.toString() + " (as partial invocation)" } + + override Location getLocation() { result = node.getLocation() } +} + +private class BoundCall extends DataFlowCall, MkBoundCall { + private DataFlow::InvokeNode node; + private int boundArgs; + + BoundCall() { this = MkBoundCall(node, boundArgs) } + + override DataFlowCallable getEnclosingCallable() { + result.asSourceCallable() = node.getContainer() + } + + override string toString() { + result = node.toString() + " (as call with " + boundArgs + " bound arguments)" + } + + override Location getLocation() { result = node.getLocation() } +} + +private class AccessorCall extends DataFlowCall, MkAccessorCall { + private DataFlow::PropRef ref; + + AccessorCall() { this = MkAccessorCall(ref) } + + override DataFlowCallable getEnclosingCallable() { + result.asSourceCallable() = ref.getContainer() + } + + override string toString() { result = ref.toString() + " (as accessor call)" } + + override Location getLocation() { result = ref.getLocation() } +} + +class SummaryCall extends DataFlowCall, MkSummaryCall { + private FlowSummaryImpl::Public::SummarizedCallable enclosingCallable; + private FlowSummaryImpl::Private::SummaryNode receiver; + + SummaryCall() { this = MkSummaryCall(enclosingCallable, receiver) } + + override DataFlowCallable getEnclosingCallable() { + result.asLibraryCallable() = enclosingCallable + } + + override string toString() { + result = "[summary] call to " + receiver + " in " + enclosingCallable + } + + /** Gets the receiver node. */ + FlowSummaryImpl::Private::SummaryNode getReceiver() { result = receiver } +} + +/** + * A call that invokes a lambda with nothing but its self-reference node. + * + * This is to help ensure captured variables can flow into the lambda in cases where + * we can't find its call sites. + */ +private class ImpliedLambdaCall extends DataFlowCall, MkImpliedLambdaCall { + private Function function; + + ImpliedLambdaCall() { this = MkImpliedLambdaCall(function) } + + override string toString() { result = "[implied lambda call] " + function } + + override Location getLocation() { result = function.getLocation() } + + override DataFlowCallable getEnclosingCallable() { + result.asSourceCallable() = function.getEnclosingContainer() + } +} + +private int getMaxArity() { + // TODO: account for flow summaries + result = + max(int n | + n = any(InvokeExpr e).getNumArgument() or + n = any(Function f).getNumParameter() or + n = 10 + ) +} + +cached +newtype TParameterPosition = + MkPositionalParameter(int n) { n = [0 .. getMaxArity()] } or + MkPositionalLowerBound(int n) { n = [0 .. getMaxArity()] } or + MkThisParameter() or + MkFunctionSelfReferenceParameter() or + MkArgumentsArrayParameter() + +class ParameterPosition extends TParameterPosition { + predicate isPositionalExact() { this instanceof MkPositionalParameter } + + predicate isPositionalLowerBound() { this instanceof MkPositionalLowerBound } + + predicate isPositionalLike() { this.isPositionalExact() or this.isPositionalLowerBound() } + + int asPositional() { this = MkPositionalParameter(result) } + + int asPositionalLowerBound() { this = MkPositionalLowerBound(result) } + + predicate isThis() { this = MkThisParameter() } + + predicate isFunctionSelfReference() { this = MkFunctionSelfReferenceParameter() } + + predicate isArgumentsArray() { this = MkArgumentsArrayParameter() } + + string toString() { + result = this.asPositional().toString() + or + result = this.asPositionalLowerBound().toString() + ".." + or + this.isThis() and result = "this" + or + this.isFunctionSelfReference() and result = "function" + or + this.isArgumentsArray() and result = "arguments-array" + } +} + +class ArgumentPosition extends ParameterPosition { } + +class DataFlowExpr = Expr; + +Node exprNode(DataFlowExpr expr) { result = DataFlow::exprNode(expr) } + +pragma[nomagic] +predicate parameterMatch(ParameterPosition ppos, ArgumentPosition apos) { + ppos = apos + or + apos.asPositional() >= ppos.asPositionalLowerBound() + or + ppos.asPositional() >= apos.asPositionalLowerBound() + // + // Note: for now, there is no need to match lower bounds agaist lower bounds since we + // are only using these in cases where either the call or callee is generated by a flow summary. +} + +pragma[inline] +DataFlowCallable viableCallable(DataFlowCall node) { + // Note: we never include call edges externs here, as it negatively affects the field-flow branch limit, + // particularly when the call can also target a flow summary. + result.asSourceCallableNotExterns() = node.asOrdinaryCall().getACallee() + or + result.asSourceCallableNotExterns() = + node.(PartialCall).getCallback().getAFunctionValue().getFunction() + or + exists(DataFlow::InvokeNode invoke, int boundArgs | + invoke = node.asBoundCall(boundArgs) and + FlowSteps::callsBound(invoke, result.asSourceCallableNotExterns(), boundArgs) + ) + or + result.asSourceCallableNotExterns() = node.asAccessorCall().getAnAccessorCallee().getFunction() + or + exists(LibraryCallable callable | + result = MkLibraryCallable(callable) and + node.asOrdinaryCall() = [callable.getACall(), callable.getACallSimple()] + ) + or + result.asSourceCallableNotExterns() = node.asImpliedLambdaCall() +} + +/** + * Holds if the set of viable implementations that can be called by `call` + * might be improved by knowing the call context. + */ +predicate mayBenefitFromCallContext(DataFlowCall call) { none() } + +/** + * Gets a viable dispatch target of `call` in the context `ctx`. This is + * restricted to those `call`s for which a context might make a difference. + */ +DataFlowCallable viableImplInCallContext(DataFlowCall call, DataFlowCall ctx) { none() } + +bindingset[node1, node2] +pragma[inline_late] +private predicate sameContainer(Node node1, Node node2) { + node1.getContainer() = node2.getContainer() +} + +bindingset[node, fun] +pragma[inline_late] +private predicate sameContainerAsEnclosingContainer(Node node, Function fun) { + node.getContainer() = fun.getEnclosingContainer() +} + +private class BarrierGuardAdapter extends DataFlow::Node instanceof DataFlow::AdditionalBarrierGuardNode +{ + // Note: avoid depending on DataFlow::FlowLabel here as it will cause these barriers to be re-evaluated + predicate blocksExpr(boolean outcome, Expr e) { super.blocks(outcome, e) } +} + +/** + * Holds if `node` should be a barrier in all data flow configurations due to custom subclasses + * of `AdditionalBarrierGuardNode`. + * + * The standard library contains no subclasses of that class; this is for backwards compatibility only. + */ +pragma[nomagic] +private predicate legacyBarrier(DataFlow::Node node) { + node = MakeBarrierGuard::getABarrierNode() +} + +/** + * Holds if `node` should be removed from the local data flow graph, for compatibility with legacy code. + */ +pragma[nomagic] +private predicate isBlockedLegacyNode(Node node) { + // Ignore captured variable nodes for those variables that are handled by the captured-variable library. + // Note that some variables, such as top-level variables, are still modelled with these nodes (which will result in jump steps). + exists(LocalVariable variable | + node = TCapturedVariableNode(variable) and + variable instanceof VariableCaptureConfig::CapturedVariable + ) + or + legacyBarrier(node) +} + +/** + * Holds if there is a value-preserving steps `node1` -> `node2` that might + * be cross function boundaries. + */ +private predicate valuePreservingStep(Node node1, Node node2) { + node1.getASuccessor() = node2 and + not isBlockedLegacyNode(node1) and + not isBlockedLegacyNode(node2) + or + FlowSteps::propertyFlowStep(node1, node2) + or + FlowSteps::globalFlowStep(node1, node2) + or + node2 = FlowSteps::getThrowTarget(node1) + or + FlowSummaryPrivate::Steps::summaryLocalStep(node1.(FlowSummaryNode).getSummaryNode(), + node2.(FlowSummaryNode).getSummaryNode(), true, _) // TODO: preserve 'model' + or + // Step from post-update nodes to local sources of the pre-update node. This emulates how JS usually tracks side effects. + exists(PostUpdateNode postUpdate | + node1 = postUpdate and + node2 = postUpdate.getPreUpdateNode().getALocalSource() and + node1 != node2 and // exclude trivial edges + sameContainer(node1, node2) + ) +} + +predicate knownSourceModel(Node sink, string model) { none() } + +predicate knownSinkModel(Node sink, string model) { none() } + +predicate simpleLocalFlowStep(Node node1, Node node2, string model) { + simpleLocalFlowStep(node1, node2) and model = "" +} + +predicate simpleLocalFlowStep(Node node1, Node node2) { + valuePreservingStep(node1, node2) and + nodeGetEnclosingCallable(pragma[only_bind_out](node1)) = + nodeGetEnclosingCallable(pragma[only_bind_out](node2)) + or + exists(FlowSummaryImpl::Private::SummaryNode input, FlowSummaryImpl::Private::SummaryNode output | + FlowSummaryPrivate::Steps::summaryStoreStep(input, MkAwaited(), output) and + node1 = TFlowSummaryNode(input) and + ( + node2 = TFlowSummaryNode(output) and + not node2 instanceof PostUpdateNode // When doing a store-back, do not add the local flow edge + or + node2 = TFlowSummaryIntermediateAwaitStoreNode(input) + ) + or + FlowSummaryPrivate::Steps::summaryReadStep(input, MkAwaited(), output) and + node1 = TFlowSummaryNode(input) and + node2 = TFlowSummaryNode(output) + ) + or + VariableCaptureOutput::localFlowStep(getClosureNode(node1), getClosureNode(node2)) + or + // NOTE: For consistency with readStep/storeStep, we do not translate these steps to jump steps automatically. + DataFlow::AdditionalFlowStep::step(node1, node2) +} + +predicate localMustFlowStep(Node node1, Node node2) { node1 = node2.getImmediatePredecessor() } + +/** + * Holds if data can flow from `node1` to `node2` through a non-local step + * that does not follow a call edge. For example, a step through a global + * variable. + */ +predicate jumpStep(Node node1, Node node2) { + valuePreservingStep(node1, node2) and + node1.getContainer() != node2.getContainer() + or + FlowSummaryPrivate::Steps::summaryJumpStep(node1.(FlowSummaryNode).getSummaryNode(), + node2.(FlowSummaryNode).getSummaryNode()) + or + DataFlow::AdditionalFlowStep::jumpStep(node1, node2) +} + +/** + * Holds if data can flow from `node1` to `node2` via a read of `c`. Thus, + * `node1` references an object with a content `c.getAReadContent()` whose + * value ends up in `node2`. + */ +predicate readStep(Node node1, ContentSet c, Node node2) { + exists(DataFlow::PropRead read | + node1 = read.getBase() and + node2 = read + | + c.asPropertyName() = read.getPropertyName() + or + not exists(read.getPropertyName()) and + c = ContentSet::arrayElement() + ) + or + exists(ContentSet contentSet | + FlowSummaryPrivate::Steps::summaryReadStep(node1.(FlowSummaryNode).getSummaryNode(), contentSet, + node2.(FlowSummaryNode).getSummaryNode()) + | + not isSpecialContentSet(contentSet) and + c = contentSet + or + contentSet = MkAwaited() and + c = ContentSet::promiseValue() + ) + or + // For deep reads, generate read edges with a self-loop + exists(Node origin, ContentSet contentSet | + FlowSummaryPrivate::Steps::summaryReadStep(origin.(FlowSummaryNode).getSummaryNode(), + contentSet, node2.(FlowSummaryNode).getSummaryNode()) and + node1 = [origin, node2] + | + contentSet = MkAnyPropertyDeep() and + c = ContentSet::anyProperty() + or + contentSet = MkArrayElementDeep() and + c = ContentSet::arrayElement() + ) + or + exists(LocalVariable variable | + VariableCaptureOutput::readStep(getClosureNode(node1), variable, getClosureNode(node2)) and + c.asSingleton() = MkCapturedContent(variable) + ) + or + DataFlow::AdditionalFlowStep::readStep(node1, c, node2) +} + +/** Gets the post-update node for which `node` is the corresponding pre-update node. */ +private Node getPostUpdate(Node node) { result.(PostUpdateNode).getPreUpdateNode() = node } + +/** Gets the post-update node for which node is the pre-update node, if one exists, otherwise gets `node` itself. */ +pragma[inline] +private Node tryGetPostUpdate(Node node) { + result = getPostUpdate(node) + or + not exists(getPostUpdate(node)) and + result = node +} + +/** + * Holds if data can flow from `node1` to `node2` via a store into `c`. Thus, + * `node2` references an object with a content `c.getAStoreContent()` that + * contains the value of `node1`. + */ +predicate storeStep(Node node1, ContentSet c, Node node2) { + exists(DataFlow::PropWrite write | + node1 = write.getRhs() and + c.asPropertyName() = write.getPropertyName() and + // Target the post-update node if one exists (for object literals we do not generate post-update nodes) + node2 = tryGetPostUpdate(write.getBase()) + ) + or + FlowSummaryPrivate::Steps::summaryStoreStep(node1.(FlowSummaryNode).getSummaryNode(), c, + node2.(FlowSummaryNode).getSummaryNode()) and + not isSpecialContentSet(c) + or + // Store into Awaited + exists(FlowSummaryImpl::Private::SummaryNode input, FlowSummaryImpl::Private::SummaryNode output | + FlowSummaryPrivate::Steps::summaryStoreStep(input, MkAwaited(), output) and + node1 = TFlowSummaryIntermediateAwaitStoreNode(input) and + node2 = TFlowSummaryNode(output) and + c = ContentSet::promiseValue() + ) + or + exists(LocalVariable variable | + VariableCaptureOutput::storeStep(getClosureNode(node1), variable, getClosureNode(node2)) and + c.asSingleton() = MkCapturedContent(variable) + ) + or + DataFlow::AdditionalFlowStep::storeStep(node1, c, node2) +} + +/** + * Holds if values stored inside content `c` are cleared at node `n`. For example, + * any value stored inside `f` is cleared at the pre-update node associated with `x` + * in `x.f = newValue`. + */ +predicate clearsContent(Node n, ContentSet c) { + FlowSummaryPrivate::Steps::summaryClearsContent(n.(FlowSummaryNode).getSummaryNode(), c) + or + // Clear promise content before storing into promise value, to avoid creating nested promises + n = TFlowSummaryIntermediateAwaitStoreNode(_) and + c = MkPromiseFilter() + or + // After reading from Awaited, the output must not be stored in a promise content + FlowSummaryPrivate::Steps::summaryReadStep(_, MkAwaited(), n.(FlowSummaryNode).getSummaryNode()) and + c = MkPromiseFilter() + or + any(AdditionalFlowInternal flow).clearsContent(n, c) + or + // When a function `f` captures itself, all its access paths can be prefixed by an arbitrary number of `f.f.f...`. + // When multiple functions `f,g` capture each other, these prefixes can become interleaved, like `f.g.f.g...`. + // To avoid creating these trivial prefixes, we never allow two consecutive captured variables in the access path. + // We implement this rule by clearing any captured-content before storing into another captured-content. + VariableCaptureOutput::storeStep(getClosureNode(n), _, _) and + c = MkAnyCapturedContent() + or + // Block flow into the "window.location" property, as any assignment/mutation to this causes a page load and stops execution. + // The use of clearsContent here ensures we also block assignments like `window.location.href = ...` + exists(DataFlow::PropRef ref | + ref = DataFlow::globalObjectRef().getAPropertyReference("location") and + n = ref.getBase().getPostUpdateNode() and + c = ContentSet::property("location") + ) +} + +/** + * Holds if the value that is being tracked is expected to be stored inside content `c` + * at node `n`. + */ +predicate expectsContent(Node n, ContentSet c) { + FlowSummaryPrivate::Steps::summaryExpectsContent(n.(FlowSummaryNode).getSummaryNode(), c) + or + // After storing into Awaited, the result must be stored in a promise-content. + // There is a value step from the input directly to this node, hence the need for expectsContent. + FlowSummaryPrivate::Steps::summaryStoreStep(_, MkAwaited(), n.(FlowSummaryNode).getSummaryNode()) and + c = MkPromiseFilter() + or + any(AdditionalFlowInternal flow).expectsContent(n, c) +} + +abstract class NodeRegion extends Unit { + NodeRegion() { none() } + + /** Holds if this region contains `n`. */ + predicate contains(Node n) { none() } + + int totalOrder() { none() } +} + +/** + * Holds if the node `n` is unreachable when the call context is `call`. + */ +predicate isUnreachableInCall(NodeRegion n, DataFlowCall call) { + none() // TODO: could be useful, but not currently implemented for JS +} + +int accessPathLimit() { result = 2 } + +/** + * Holds if flow is allowed to pass from parameter `p` and back to itself as a + * side-effect, resulting in a summary from `p` to itself. + * + * One example would be to allow flow like `p.foo = p.bar;`, which is disallowed + * by default as a heuristic. + */ +predicate allowParameterReturnInSelf(ParameterNode p) { + exists(DataFlowCallable callable, ParameterPosition pos | + isParameterNodeImpl(p, callable, pos) and + FlowSummaryImpl::Private::summaryAllowParameterReturnInSelf(callable.asLibraryCallable(), pos) + ) + or + exists(Function f | + VariableCaptureOutput::heuristicAllowInstanceParameterReturnInSelf(f) and + p = TFunctionSelfReferenceNode(f) + ) +} + +class LambdaCallKind = Unit; + +/** Holds if `creation` is an expression that creates a lambda of kind `kind` for `c`. */ +predicate lambdaCreation(Node creation, LambdaCallKind kind, DataFlowCallable c) { + creation.(DataFlow::FunctionNode).getFunction() = c.asSourceCallable() and exists(kind) +} + +/** Holds if `call` is a lambda call of kind `kind` where `receiver` is the lambda expression. */ +predicate lambdaCall(DataFlowCall call, LambdaCallKind kind, Node receiver) { + call.isSummaryCall(_, receiver.(FlowSummaryNode).getSummaryNode()) and exists(kind) + or + receiver = call.asOrdinaryCall().getCalleeNode() and exists(kind) +} + +/** Extra data-flow steps needed for lambda flow analysis. */ +predicate additionalLambdaFlowStep(Node nodeFrom, Node nodeTo, boolean preservesValue) { none() } + +class ArgumentNode extends DataFlow::Node { + ArgumentNode() { isArgumentNodeImpl(this, _, _) } + + predicate argumentOf(DataFlowCall call, ArgumentPosition pos) { + isArgumentNodeImpl(this, call, pos) + } +} + +class ParameterNode extends DataFlow::Node { + ParameterNode() { isParameterNodeImpl(this, _, _) } +} diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSteps.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSteps.qll index e65a38908fe5..2ee04b8dbf56 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSteps.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSteps.qll @@ -30,6 +30,20 @@ predicate returnExpr(Function f, DataFlow::Node source, DataFlow::Node sink) { not f = any(SetterMethodDeclaration decl).getBody() } +/** + * A step from a post-update node to the local sources of the corresponding pre-update node. + * + * This ensures that `getPostUpdateNode()` can be used in place of `getALocalSource()` when generating + * store steps, and the resulting step will work in both data flow analyses. + */ +pragma[nomagic] +private predicate legacyPostUpdateStep(DataFlow::Node pred, DataFlow::Node succ) { + exists(DataFlow::Node node | + pred = node.getPostUpdateNode() and + succ = node.getALocalSource() + ) +} + /** * Holds if data can flow in one step from `pred` to `succ`, taking * additional steps from the configuration into account. @@ -41,9 +55,11 @@ predicate localFlowStep( ) { pred = succ.getAPredecessor() and predlbl = succlbl or - DataFlow::SharedFlowStep::step(pred, succ) and predlbl = succlbl + legacyPostUpdateStep(pred, succ) and predlbl = succlbl + or + DataFlow::LegacyFlowStep::step(pred, succ) and predlbl = succlbl or - DataFlow::SharedFlowStep::step(pred, succ, predlbl, succlbl) + DataFlow::LegacyFlowStep::step(pred, succ, predlbl, succlbl) or exists(boolean vp | configuration.isAdditionalFlowStep(pred, succ, vp) | vp = true and diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll new file mode 100644 index 000000000000..d978f81fb8a1 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/FlowSummaryPrivate.qll @@ -0,0 +1,241 @@ +/** + * Provides JS specific classes and predicates for defining flow summaries. + */ + +private import javascript +private import semmle.javascript.dataflow.internal.DataFlowPrivate +private import semmle.javascript.dataflow.internal.Contents::Private +private import sharedlib.DataFlowImplCommon +private import sharedlib.FlowSummaryImpl::Private as Private +private import sharedlib.FlowSummaryImpl::Public +private import codeql.dataflow.internal.AccessPathSyntax as AccessPathSyntax + +/** + * A class of callables that are candidates for flow summary modeling. + */ +class SummarizedCallableBase = string; + +/** Gets the parameter position representing a callback itself, if any. */ +ArgumentPosition callbackSelfParameterPosition() { result.isFunctionSelfReference() } + +/** + * Gets the content set corresponding to `Awaited[arg]`. + */ +private ContentSet getPromiseContent(string arg) { + arg = "value" and result = ContentSet::promiseValue() + or + arg = "error" and result = ContentSet::promiseError() +} + +pragma[nomagic] +private predicate positionName(ParameterPosition pos, string operand) { + operand = pos.asPositional().toString() + or + pos.isThis() and operand = "this" + or + pos.isFunctionSelfReference() and operand = "function" + or + pos.isArgumentsArray() and operand = "arguments-array" + or + operand = pos.asPositionalLowerBound() + ".." +} + +/** + * Holds if `operand` desugars to the given `pos`. Only used for parsing. + */ +bindingset[operand] +private predicate desugaredPositionName(ParameterPosition pos, string operand) { + operand = "any" and + pos.asPositionalLowerBound() = 0 + or + pos.asPositional() = AccessPathSyntax::parseInt(operand) // parse closed intervals +} + +private string encodeContentAux(ContentSet cs, string arg) { + cs = ContentSet::arrayElement() and + result = "ArrayElement" and + arg = "" + or + cs = ContentSet::arrayElementUnknown() and + result = "ArrayElement" and + arg = "?" + or + exists(int n | + cs = ContentSet::arrayElementLowerBound(n) and + result = "ArrayElement" and + arg = n + ".." and + n > 0 // n=0 is just 'ArrayElement' + or + cs = ContentSet::arrayElementKnown(n) and + result = "ArrayElement" and + arg = n.toString() + or + n = cs.asPropertyName().toInt() and + n >= 0 and + result = "ArrayElement" and + arg = n + "!" + ) + or + arg = "" and + ( + cs = ContentSet::mapValueAll() and result = "MapValue" + or + cs = ContentSet::mapKey() and result = "MapKey" + or + cs = ContentSet::setElement() and result = "SetElement" + or + cs = ContentSet::iteratorElement() and result = "IteratorElement" + or + cs = ContentSet::iteratorError() and result = "IteratorError" + ) + or + cs = getPromiseContent(arg) and + result = "Awaited" + or + cs = MkAwaited() and result = "Awaited" and arg = "" + or + cs = MkAnyPropertyDeep() and result = "AnyMemberDeep" and arg = "" + or + cs = MkArrayElementDeep() and result = "ArrayElementDeep" and arg = "" +} + +/** + * Gets the textual representation of content `cs` used in MaD. + * + * `arg` will be printed in square brackets (`[]`) after the result, unless + * `arg` is the empty string. + */ +string encodeContent(ContentSet cs, string arg) { + result = encodeContentAux(cs, arg) + or + not exists(encodeContentAux(cs, _)) and + result = "Member" and + arg = cs.asSingleton().toString() +} + +/** Gets the textual representation of a parameter position in the format used for flow summaries. */ +string encodeParameterPosition(ParameterPosition pos) { + positionName(pos, result) and result != "any" +} + +/** Gets the textual representation of an argument position in the format used for flow summaries. */ +string encodeArgumentPosition(ArgumentPosition pos) { + positionName(pos, result) and result != "any" +} + +/** Gets the return kind corresponding to specification `"ReturnValue"`. */ +ReturnKind getStandardReturnValueKind() { result = MkNormalReturnKind() } + +/** Gets the return kind corresponding to specification `"ReturnValue"`. */ +MkNormalReturnKind getReturnValueKind() { any() } + +private module FlowSummaryStepInput implements Private::StepsInputSig { + DataFlowCall getACall(SummarizedCallable sc) { + exists(LibraryCallable callable | callable = sc | + result.asOrdinaryCall() = [callable.getACall(), callable.getACallSimple()] + ) + } +} + +module Steps = Private::Steps; + +module RenderSummarizedCallable = Private::RenderSummarizedCallable; + +class AccessPath = Private::AccessPath; + +class AccessPathToken = Private::AccessPathToken; + +/** + * Gets the textual representation of return kind `rk` used in MaD. + * + * `arg` will be printed in square brackets (`[]`) after the result, unless + * `arg` is the empty string. + */ +string encodeReturn(ReturnKind rk, string arg) { + result = "ReturnValue" and + ( + rk = MkNormalReturnKind() and arg = "" + or + rk = MkExceptionalReturnKind() and arg = "exception" + ) +} + +/** + * Gets the textual representation of without-content `c` used in MaD. + * + * `arg` will be printed in square brackets (`[]`) after the result, unless + * `arg` is the empty string. + */ +string encodeWithoutContent(ContentSet c, string arg) { result = "Without" + encodeContent(c, arg) } + +/** + * Gets the textual representation of with-content `c` used in MaD. + * + * `arg` will be printed in square brackets (`[]`) after the result, unless + * `arg` is the empty string. + */ +string encodeWithContent(ContentSet c, string arg) { result = "With" + encodeContent(c, arg) } + +/** + * Gets a parameter position corresponding to the unknown token `token`. + * + * The token is unknown because it could not be reverse-encoded using the + * `encodeParameterPosition` predicate. This is useful for example when a + * single token gives rise to multiple parameter positions, such as ranges + * `0..n`. + */ +bindingset[token] +ParameterPosition decodeUnknownParameterPosition(AccessPathSyntax::AccessPathTokenBase token) { + token.getName() = "Argument" and + desugaredPositionName(result, token.getAnArgument()) +} + +/** + * Gets an argument position corresponding to the unknown token `token`. + * + * The token is unknown because it could not be reverse-encoded using the + * `encodeArgumentPosition` predicate. This is useful for example when a + * single token gives rise to multiple argument positions, such as ranges + * `0..n`. + */ +bindingset[token] +ArgumentPosition decodeUnknownArgumentPosition(AccessPathSyntax::AccessPathTokenBase token) { + token.getName() = "Parameter" and + desugaredPositionName(result, token.getAnArgument()) +} + +/** + * Gets a content corresponding to the unknown token `token`. + * + * The token is unknown because it could not be reverse-encoded using the + * `encodeContent` predicate. + */ +bindingset[token] +ContentSet decodeUnknownContent(AccessPathSyntax::AccessPathTokenBase token) { none() } + +/** + * Gets a return kind corresponding to the unknown token `token`. + * + * The token is unknown because it could not be reverse-encoded using the + * `encodeReturn` predicate. + */ +bindingset[token] +ReturnKind decodeUnknownReturn(AccessPathSyntax::AccessPathTokenBase token) { none() } + +/** + * Gets a without-content corresponding to the unknown token `token`. + * + * The token is unknown because it could not be reverse-encoded using the + * `encodeWithoutContent` predicate. + */ +bindingset[token] +ContentSet decodeUnknownWithoutContent(AccessPathSyntax::AccessPathTokenBase token) { none() } + +/** + * Gets a with-content corresponding to the unknown token `token`. + * + * The token is unknown because it could not be reverse-encoded using the + * `encodeWithContent` predicate. + */ +bindingset[token] +ContentSet decodeUnknownWithContent(AccessPathSyntax::AccessPathTokenBase token) { none() } diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/PreCallGraphStep.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/PreCallGraphStep.qll index 18db549300a7..01b109ba2762 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/internal/PreCallGraphStep.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/PreCallGraphStep.qll @@ -46,6 +46,7 @@ class PreCallGraphStep extends Unit { } } +cached module PreCallGraphStep { /** * Holds if there is a step from `pred` to `succ`. @@ -83,6 +84,7 @@ module PreCallGraphStep { /** * Holds if there is a step from the `loadProp` property of `pred` to the `storeProp` property in `succ`. */ + cached predicate loadStoreStep( DataFlow::Node pred, DataFlow::SourceNode succ, string loadProp, string storeProp ) { @@ -90,6 +92,91 @@ module PreCallGraphStep { } } +/** + * Internal extension point for adding legacy flow edges prior to call graph construction + * and type tracking, but where the steps should not be used by the new data flow library. + * + * Steps added here will be added to both `LegacyFlowStep` and `SharedTypeTrackingStep`. + * + * Contributing steps that rely on type tracking will lead to negative recursion. + */ +class LegacyPreCallGraphStep extends Unit { + /** + * Holds if there is a step from `pred` to `succ`. + */ + predicate step(DataFlow::Node pred, DataFlow::Node succ) { none() } + + /** + * Holds if there is a step from `pred` into the `prop` property of `succ`. + */ + predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { none() } + + /** + * Holds if there is a step from the `prop` property of `pred` to `succ`. + */ + predicate loadStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { none() } + + /** + * Holds if there is a step from the `prop` property of `pred` to the same property in `succ`. + */ + predicate loadStoreStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { none() } + + /** + * Holds if there is a step from the `loadProp` property of `pred` to the `storeProp` property in `succ`. + */ + predicate loadStoreStep( + DataFlow::Node pred, DataFlow::SourceNode succ, string loadProp, string storeProp + ) { + none() + } +} + +cached +module LegacyPreCallGraphStep { + /** + * Holds if there is a step from `pred` to `succ`. + */ + cached + predicate step(DataFlow::Node pred, DataFlow::Node succ) { + any(LegacyPreCallGraphStep s).step(pred, succ) + } + + /** + * Holds if there is a step from `pred` into the `prop` property of `succ`. + */ + cached + predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { + any(LegacyPreCallGraphStep s).storeStep(pred, succ, prop) + } + + /** + * Holds if there is a step from the `prop` property of `pred` to `succ`. + */ + cached + predicate loadStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { + Stages::TypeTracking::ref() and + any(LegacyPreCallGraphStep s).loadStep(pred, succ, prop) + } + + /** + * Holds if there is a step from the `prop` property of `pred` to the same property in `succ`. + */ + cached + predicate loadStoreStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { + any(LegacyPreCallGraphStep s).loadStoreStep(pred, succ, prop) + } + + /** + * Holds if there is a step from the `loadProp` property of `pred` to the `storeProp` property in `succ`. + */ + cached + predicate loadStoreStep( + DataFlow::Node pred, DataFlow::SourceNode succ, string loadProp, string storeProp + ) { + any(LegacyPreCallGraphStep s).loadStoreStep(pred, succ, loadProp, storeProp) + } +} + private class SharedFlowStepFromPreCallGraph extends DataFlow::SharedFlowStep { override predicate step(DataFlow::Node pred, DataFlow::Node succ) { PreCallGraphStep::step(pred, succ) @@ -114,26 +201,60 @@ private class SharedFlowStepFromPreCallGraph extends DataFlow::SharedFlowStep { } } +private class LegacyFlowStepFromPreCallGraph extends DataFlow::LegacyFlowStep { + override predicate step(DataFlow::Node pred, DataFlow::Node succ) { + LegacyPreCallGraphStep::step(pred, succ) + } + + override predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { + LegacyPreCallGraphStep::storeStep(pred, succ, prop) + } + + override predicate loadStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { + LegacyPreCallGraphStep::loadStep(pred, succ, prop) + } + + override predicate loadStoreStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { + LegacyPreCallGraphStep::loadStoreStep(pred, succ, prop) + } + + override predicate loadStoreStep( + DataFlow::Node pred, DataFlow::Node succ, string loadProp, string storeProp + ) { + LegacyPreCallGraphStep::loadStoreStep(pred, succ, loadProp, storeProp) + } +} + private class SharedTypeTrackingStepFromPreCallGraph extends DataFlow::SharedTypeTrackingStep { override predicate step(DataFlow::Node pred, DataFlow::Node succ) { PreCallGraphStep::step(pred, succ) + or + LegacyPreCallGraphStep::step(pred, succ) } override predicate storeStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { PreCallGraphStep::storeStep(pred, succ, prop) + or + LegacyPreCallGraphStep::storeStep(pred, succ, prop) } override predicate loadStep(DataFlow::Node pred, DataFlow::Node succ, string prop) { PreCallGraphStep::loadStep(pred, succ, prop) + or + LegacyPreCallGraphStep::loadStep(pred, succ, prop) } override predicate loadStoreStep(DataFlow::Node pred, DataFlow::SourceNode succ, string prop) { PreCallGraphStep::loadStoreStep(pred, succ, prop) + or + LegacyPreCallGraphStep::loadStoreStep(pred, succ, prop) } override predicate loadStoreStep( DataFlow::Node pred, DataFlow::SourceNode succ, string loadProp, string storeProp ) { PreCallGraphStep::loadStoreStep(pred, succ, loadProp, storeProp) + or + LegacyPreCallGraphStep::loadStoreStep(pred, succ, loadProp, storeProp) } } diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/TaintTrackingPrivate.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/TaintTrackingPrivate.qll new file mode 100644 index 000000000000..7b4d8a8e94b4 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/TaintTrackingPrivate.qll @@ -0,0 +1,51 @@ +private import javascript +private import semmle.javascript.dataflow.internal.DataFlowPrivate +private import semmle.javascript.dataflow.internal.Contents::Public +private import semmle.javascript.dataflow.internal.sharedlib.FlowSummaryImpl as FlowSummaryImpl +private import semmle.javascript.dataflow.internal.FlowSummaryPrivate as FlowSummaryPrivate +private import semmle.javascript.dataflow.internal.BarrierGuards + +cached +predicate defaultAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { + TaintTracking::AdditionalTaintStep::step(node1, node2) + or + FlowSummaryPrivate::Steps::summaryLocalStep(node1.(FlowSummaryNode).getSummaryNode(), + node2.(FlowSummaryNode).getSummaryNode(), false, _) // TODO: preserve 'model' parameter + or + // Convert steps into and out of array elements to plain taint steps + FlowSummaryPrivate::Steps::summaryReadStep(node1.(FlowSummaryNode).getSummaryNode(), + ContentSet::arrayElement(), node2.(FlowSummaryNode).getSummaryNode()) + or + FlowSummaryPrivate::Steps::summaryStoreStep(node1.(FlowSummaryNode).getSummaryNode(), + ContentSet::arrayElement(), node2.(FlowSummaryNode).getSummaryNode()) +} + +predicate defaultAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2, string model) { + defaultAdditionalTaintStep(node1, node2) and model = "" // TODO: set model +} + +private class SanitizerGuardAdapter extends DataFlow::Node instanceof TaintTracking::AdditionalSanitizerGuardNode +{ + // Note: avoid depending on DataFlow::FlowLabel here as it will cause these barriers to be re-evaluated + predicate blocksExpr(boolean outcome, Expr e) { super.sanitizes(outcome, e) } +} + +/** + * Holds if `node` should be a sanitizer in all global taint flow configurations + * but not in local taint. + */ +cached +predicate defaultTaintSanitizer(DataFlow::Node node) { + node instanceof DataFlow::VarAccessBarrier or + node = MakeBarrierGuard::getABarrierNode() +} + +/** + * Holds if default taint-tracking should allow implicit reads + * of `c` at sinks and inputs to additional taint steps. + */ +bindingset[node] +predicate defaultImplicitTaintRead(DataFlow::Node node, ContentSet c) { + exists(node) and + c = ContentSet::promiseValue() +} diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableCapture.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableCapture.qll new file mode 100644 index 000000000000..f170b99e8924 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/VariableCapture.qll @@ -0,0 +1,317 @@ +private import javascript as js +private import semmle.javascript.dataflow.internal.DataFlowNode +private import codeql.dataflow.VariableCapture +private import semmle.javascript.dataflow.internal.sharedlib.DataFlowImplCommon as DataFlowImplCommon + +module VariableCaptureConfig implements InputSig { + private js::Function getLambdaFromVariable(js::LocalVariable variable) { + result.getVariable() = variable + or + result = variable.getAnAssignedExpr() + or + exists(js::ClassDeclStmt cls | + result = cls.getConstructor().getBody() and + variable = cls.getVariable() + ) + } + + additional predicate isTopLevelLike(js::StmtContainer container) { + container instanceof js::TopLevel + or + container = any(js::AmdModuleDefinition mod).getFactoryFunction() + or + isTopLevelLike(container.(js::ImmediatelyInvokedFunctionExpr).getEnclosingContainer()) + or + // Functions declared in a top-level with no parameters and can't generate flow-through, except through 'this' + // which we rule out with a few syntactic checks. In this case we treat its captured variables as singletons. + // NOTE: This was done to prevent a blow-up in fiddlesalad where a function called 'Runtime' captures 7381 variables but is only called once. + exists(js::Function fun | + container = fun and + fun.getNumParameter() = 0 and + isTopLevelLike(fun.getEnclosingContainer()) and + not mayHaveFlowThroughThisArgument(fun) + ) + or + // Container declaring >100 captured variables tend to be singletons and are too expensive anyway + strictcount(js::LocalVariable v | v.isCaptured() and v.getDeclaringContainer() = container) > + 100 + } + + private predicate hasLocalConstructorCall(js::Function fun) { + fun = getLambdaFromVariable(any(js::NewExpr e).getCallee().(js::VarAccess).getVariable()) + } + + private predicate mayHaveFlowThroughThisArgument(js::Function fun) { + any(js::ThisExpr e).getBinder() = fun and + not hasLocalConstructorCall(fun) and // 'this' argument is assumed to be a fresh object + ( + exists(fun.getAReturnedExpr()) + or + exists(js::YieldExpr e | e.getContainer() = fun) + ) + } + + class CapturedVariable extends js::LocalVariable { + CapturedVariable() { + DataFlowImplCommon::forceCachingInSameStage() and + this.isCaptured() and + not isTopLevelLike(this.getDeclaringContainer()) + } + + Callable getCallable() { result = this.getDeclaringContainer().getFunctionBoundary() } + } + + additional predicate captures(js::Function fun, CapturedVariable variable) { + ( + variable.getAnAccess().getContainer().getFunctionBoundary() = fun + or + exists(js::Function inner | + captures(inner, variable) and + containsReferenceTo(fun, inner) + ) + ) and + not variable.getDeclaringContainer() = fun + } + + private predicate containsReferenceTo(js::Function fun, js::Function other) { + other.getEnclosingContainer() = fun + or + exists(js::LocalVariable variable | + other = getLambdaFromVariable(variable) and + variable.getAnAccess().getEnclosingFunction() = fun and + fun.getEnclosingContainer() = other.getEnclosingContainer().getEnclosingContainer*() and + other != fun + ) + } + + private js::Function getACapturingFunctionInTree(js::AstNode e) { + result = e and + captures(e, _) + or + not e instanceof js::Function and + result = getACapturingFunctionInTree(e.getAChild()) + } + + /** + * Holds if `decl` declares a variable that is captured by its own initializer, that is, the initializer of `decl`. + * + * For example, the declaration of `obj` below captures itself in its initializer: + * ```js + * const obj = { + * method: () => { ...obj... } + * } + * ``` + * + * The lambda can only observe values of `obj` at one of the aliases of that lambda. Due to limited aliases analysis, + * the only alias we can see is the lambda itself. However, at this stage the `obj` variable is still unassigned, so it + * just sees its implicit initialization, thus failing to capture any real flows through `obj`. + * + * Consider that the similar example does not have this problem: + * + * ```js + * const obj = {}; + * obj.method = () => { ...obj... }; + * ``` + * + * In this case, `obj` has already been assigned at the point of the lambda creation, so we propagate the correct value + * into the lambda. + * + * Our workaround is to make the first example look like the second one, by placing the assignment of + * `obj` before the object literal. We do this whenever a variable captures itself in its initializer. + */ + private predicate isCapturedByOwnInitializer(js::VariableDeclarator decl) { + exists(js::Function function | + function = getACapturingFunctionInTree(decl.getInit()) and + captures(function, decl.getBindingPattern().(js::VarDecl).getVariable()) + ) + } + + class BasicBlock extends js::BasicBlock { + Callable getEnclosingCallable() { result = this.getContainer().getFunctionBoundary() } + } + + class Callable extends js::StmtContainer { + predicate isConstructor() { + // TODO: clarify exactly what the library wants to know here as the meaning of "constructor" varies between languages. + // JS constructors should not be seen as "constructors" in this context. + none() + } + } + + class CapturedParameter extends CapturedVariable { + CapturedParameter() { this.isParameter() } + } + + class Expr extends js::AST::ValueNode { + /** Holds if the `i`th node of basic block `bb` evaluates this expression. */ + predicate hasCfgNode(BasicBlock bb, int i) { + // Note: this is overridden for FunctionDeclStmt + bb.getNode(i) = this + } + } + + class VariableRead extends Expr instanceof js::VarAccess, js::RValue { + private CapturedVariable variable; + + VariableRead() { this = variable.getAnAccess() } + + CapturedVariable getVariable() { result = variable } + } + + class ClosureExpr extends Expr { + ClosureExpr() { captures(this, _) } + + predicate hasBody(Callable c) { c = this } + + predicate hasAliasedAccess(Expr e) { + e = this + or + exists(js::LocalVariable variable | + this = getLambdaFromVariable(variable) and + e = variable.getAnAccess() + ) + } + } + + private newtype TVariableWrite = + MkExplicitVariableWrite(js::VarRef pattern) { + exists(js::DataFlow::lvalueNodeInternal(pattern)) and + pattern.getVariable() instanceof CapturedVariable + } or + MkImplicitVariableInit(CapturedVariable v) { not v instanceof CapturedParameter } + + class VariableWrite extends TVariableWrite { + CapturedVariable getVariable() { none() } // Overridden in subclass + + string toString() { none() } // Overridden in subclass + + js::DbLocation getLocation() { none() } // Overridden in subclass + + predicate hasCfgNode(BasicBlock bb, int i) { none() } // Overridden in subclass + + // note: langauge-specific + js::DataFlow::Node getSource() { none() } // Overridden in subclass + } + + additional class ExplicitVariableWrite extends VariableWrite, MkExplicitVariableWrite { + private js::VarRef pattern; + + ExplicitVariableWrite() { this = MkExplicitVariableWrite(pattern) } + + override CapturedVariable getVariable() { result = pattern.getVariable() } + + override string toString() { result = pattern.toString() } + + /** Gets the location of this write. */ + override js::DbLocation getLocation() { result = pattern.getLocation() } + + override js::DataFlow::Node getSource() { + // Note: there is not always an expression corresponding to the RHS of the assignment. + // We do however have a data-flow node for this purpose (the lvalue-node). + // We use the pattern as a placeholder here, to be mapped to a data-flow node with `DataFlow::lvalueNode`. + result = js::DataFlow::lvalueNodeInternal(pattern) + } + + /** + * Gets a CFG node that should act at the place where this variable write happens, overriding its "true" CFG node. + */ + private js::ControlFlowNode getCfgNodeOverride() { + exists(js::VariableDeclarator decl | + decl.getBindingPattern() = pattern and + isCapturedByOwnInitializer(decl) and + result = decl.getInit().getFirstControlFlowNode() + ) + } + + /** Holds if the `i`th node of basic block `bb` evaluates this expression. */ + override predicate hasCfgNode(BasicBlock bb, int i) { + bb.getNode(i) = this.getCfgNodeOverride() + or + not exists(this.getCfgNodeOverride()) and + bb.getNode(i) = pattern.(js::LValue).getDefNode() + } + } + + additional class ImplicitVariableInit extends VariableWrite, MkImplicitVariableInit { + private CapturedVariable variable; + + ImplicitVariableInit() { this = MkImplicitVariableInit(variable) } + + override string toString() { result = "[implicit init] " + variable } + + override js::DbLocation getLocation() { result = variable.getLocation() } + + override CapturedVariable getVariable() { result = variable } + + override predicate hasCfgNode(BasicBlock bb, int i) { + // 'i' would normally be bound to 0, but we lower it to -1 so FunctionDeclStmts can be evaluated + // at index 0. + any(js::SsaImplicitInit def).definesAt(bb, _, variable) and i = -1 + } + } + + BasicBlock getABasicBlockSuccessor(BasicBlock bb) { result = bb.getASuccessor() } + + BasicBlock getImmediateBasicBlockDominator(BasicBlock bb) { result = bb.getImmediateDominator() } + + predicate entryBlock(BasicBlock bb) { bb instanceof js::EntryBasicBlock } + + predicate exitBlock(BasicBlock bb) { bb.getLastNode() instanceof js::ControlFlowExitNode } +} + +module VariableCaptureOutput = Flow; + +js::DataFlow::Node getNodeFromClosureNode(VariableCaptureOutput::ClosureNode node) { + result = TValueNode(node.(VariableCaptureOutput::ExprNode).getExpr()) + or + result = TValueNode(node.(VariableCaptureOutput::ParameterNode).getParameter().getADeclaration()) // TODO: is this subsumed by the ExprNode case? + or + result = TExprPostUpdateNode(node.(VariableCaptureOutput::ExprPostUpdateNode).getExpr()) + or + // Note: the `this` parameter in the capture library is expected to be a parameter that refers to the lambda object itself, + // which for JS means the `TFunctionSelfReferenceNode`, not `TThisNode` as one might expect. + result = TFunctionSelfReferenceNode(node.(VariableCaptureOutput::ThisParameterNode).getCallable()) + or + result = TSynthCaptureNode(node.(VariableCaptureOutput::SynthesizedCaptureNode)) + or + result = node.(VariableCaptureOutput::VariableWriteSourceNode).getVariableWrite().getSource() +} + +VariableCaptureOutput::ClosureNode getClosureNode(js::DataFlow::Node node) { + node = getNodeFromClosureNode(result) +} + +private module Debug { + private import VariableCaptureConfig + + predicate relevantContainer(js::StmtContainer container) { + container.getEnclosingContainer*().(js::Function).getName() = "exists" + } + + predicate localFlowStep( + VariableCaptureOutput::ClosureNode node1, VariableCaptureOutput::ClosureNode node2 + ) { + VariableCaptureOutput::localFlowStep(node1, node2) + } + + predicate localFlowStepMapped(js::DataFlow::Node node1, js::DataFlow::Node node2) { + localFlowStep(getClosureNode(node1), getClosureNode(node2)) and + relevantContainer(node1.getContainer()) + } + + predicate readBB(VariableRead read, BasicBlock bb, int i) { read.hasCfgNode(bb, i) } + + predicate writeBB(VariableWrite write, BasicBlock bb, int i) { write.hasCfgNode(bb, i) } + + int captureDegree(js::Function fun) { + result = strictcount(CapturedVariable v | captures(fun, v)) + } + + int maxDegree() { result = max(captureDegree(_)) } + + int captureMax(js::Function fun) { result = captureDegree(fun) and result = maxDegree() } + + int captureMax(js::Function fun, CapturedVariable v) { + result = captureDegree(fun) and result = maxDegree() and captures(fun, v) + } +} diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlow.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlow.qll new file mode 100644 index 000000000000..d9e711ee07a8 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlow.qll @@ -0,0 +1,7 @@ +/** Provides the instantiation of the shared data flow library. */ + +private import semmle.javascript.Locations +private import codeql.dataflow.DataFlow +private import DataFlowArg +import DataFlowMake +import DataFlowImplSpecific::Public diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowArg.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowArg.qll new file mode 100644 index 000000000000..c911461788dc --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowArg.qll @@ -0,0 +1,53 @@ +private import semmle.javascript.Locations +private import DataFlowImplSpecific +private import codeql.dataflow.DataFlow as SharedDataFlow +private import codeql.dataflow.TaintTracking as SharedTaintTracking +private import codeql.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl + +module JSDataFlow implements SharedDataFlow::InputSig { + import Private + import Public + + // Explicitly implement signature members that have a default + predicate typeStrongerThan = Private::typeStrongerThan/2; + + predicate neverSkipInPathGraph = Private::neverSkipInPathGraph/1; + + predicate accessPathLimit = Private::accessPathLimit/0; + + predicate viableImplInCallContext = Private::viableImplInCallContext/2; + + predicate mayBenefitFromCallContext = Private::mayBenefitFromCallContext/1; +} + +module JSTaintFlow implements SharedTaintTracking::InputSig { + import semmle.javascript.dataflow.internal.TaintTrackingPrivate +} + +module JSFlowSummary implements FlowSummaryImpl::InputSig { + private import semmle.javascript.dataflow.internal.FlowSummaryPrivate as FlowSummaryPrivate + import FlowSummaryPrivate + + // Explicitly implement signature members that have a default + predicate callbackSelfParameterPosition = FlowSummaryPrivate::callbackSelfParameterPosition/0; + + predicate encodeContent = FlowSummaryPrivate::encodeContent/2; + + predicate encodeReturn = FlowSummaryPrivate::encodeReturn/2; + + predicate encodeWithoutContent = FlowSummaryPrivate::encodeWithoutContent/2; + + predicate encodeWithContent = FlowSummaryPrivate::encodeWithContent/2; + + predicate decodeUnknownParameterPosition = FlowSummaryPrivate::decodeUnknownParameterPosition/1; + + predicate decodeUnknownArgumentPosition = FlowSummaryPrivate::decodeUnknownArgumentPosition/1; + + predicate decodeUnknownContent = FlowSummaryPrivate::decodeUnknownContent/1; + + predicate decodeUnknownReturn = FlowSummaryPrivate::decodeUnknownReturn/1; + + predicate decodeUnknownWithoutContent = FlowSummaryPrivate::decodeUnknownWithoutContent/1; + + predicate decodeUnknownWithContent = FlowSummaryPrivate::decodeUnknownWithContent/1; +} diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowImpl.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowImpl.qll new file mode 100644 index 000000000000..3ddcb693f540 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowImpl.qll @@ -0,0 +1,4 @@ +private import semmle.javascript.Locations +private import codeql.dataflow.internal.DataFlowImpl +private import DataFlowArg +import MakeImpl diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowImplCommon.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowImplCommon.qll new file mode 100644 index 000000000000..62188d47b809 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowImplCommon.qll @@ -0,0 +1,4 @@ +private import semmle.javascript.Locations +private import DataFlowArg +private import codeql.dataflow.internal.DataFlowImplCommon +import MakeImplCommon diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowImplSpecific.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowImplSpecific.qll new file mode 100644 index 000000000000..a8b541c1b318 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/DataFlowImplSpecific.qll @@ -0,0 +1,12 @@ +private import javascript + +// This file provides the input to FlowSummaryImpl.qll, which is shared via identical-files.json. +module Private { + import semmle.javascript.dataflow.internal.DataFlowPrivate +} + +module Public { + import semmle.javascript.dataflow.internal.Contents::Public + + class Node = DataFlow::Node; +} diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll new file mode 100644 index 000000000000..bf370eb9a271 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/FlowSummaryImpl.qll @@ -0,0 +1,4 @@ +private import semmle.javascript.Locations +private import codeql.dataflow.internal.FlowSummaryImpl +private import DataFlowArg +import Make diff --git a/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/TaintTracking.qll b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/TaintTracking.qll new file mode 100644 index 000000000000..e2215a8afc32 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/dataflow/internal/sharedlib/TaintTracking.qll @@ -0,0 +1,6 @@ +/** Provides the instantiation of the shared taint tracking library. */ + +private import semmle.javascript.Locations +private import codeql.dataflow.TaintTracking +private import DataFlowArg +import TaintFlowMake diff --git a/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsSpecific.qll b/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsSpecific.qll index 1b616a199bc0..1b1df4ceef35 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsSpecific.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModelsSpecific.qll @@ -56,13 +56,15 @@ predicate parseTypeString(string rawType, string package, string qualifiedName) * Holds if models describing `package` may be relevant for the analysis of this database. */ predicate isPackageUsed(string package) { - exists(DataFlow::moduleImport(package)) + package = "global" or - exists(JS::PackageJson json | json.getPackageName() = package) + package = any(JS::Import imp).getImportedPath().getValue() or - package = "global" + any(JS::TypeName t).hasQualifiedName(package, _) or - any(DataFlow::SourceNode sn).hasUnderlyingType(package, _) + any(JS::TypeAnnotation t).hasQualifiedName(package, _) + or + exists(JS::PackageJson json | json.getPackageName() = package) } bindingset[type] diff --git a/javascript/ql/lib/semmle/javascript/internal/CachedStages.qll b/javascript/ql/lib/semmle/javascript/internal/CachedStages.qll index 39da790b6b94..8f77419d638a 100644 --- a/javascript/ql/lib/semmle/javascript/internal/CachedStages.qll +++ b/javascript/ql/lib/semmle/javascript/internal/CachedStages.qll @@ -106,6 +106,30 @@ module Stages { } } + /** + * The part of data flow computed before flow summary nodes. + */ + cached + module EarlyDataFlowStage { + /** + * Always holds. + * Ensures that a predicate is evaluated as part of the early DataFlow stage. + */ + cached + predicate ref() { 1 = 1 } + + /** + * DONT USE! + * Contains references to each predicate that use the above `ref` predicate. + */ + cached + predicate backref() { + 1 = 1 + or + DataFlow::localFlowStep(_, _) + } + } + /** * The `dataflow` stage. */ @@ -128,8 +152,6 @@ module Stages { or exists(AmdModule a) or - DataFlow::localFlowStep(_, _) - or exists(any(DataFlow::SourceNode s).getAPropertyReference("foo")) or exists(any(Expr e).getExceptionTarget()) diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll new file mode 100644 index 000000000000..d7eba4852db2 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll @@ -0,0 +1,11 @@ +private import AmbiguousCoreMethods +private import Arrays +private import AsyncAwait +private import ForOfLoops +private import Generators +private import Iterators +private import JsonStringify +private import Maps +private import Promises +private import Sets +private import Strings diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AmbiguousCoreMethods.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AmbiguousCoreMethods.qll new file mode 100644 index 000000000000..9c74cc7e33fe --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AmbiguousCoreMethods.qll @@ -0,0 +1,151 @@ +/** + * Contains flow summaries for methods with a name that can found on more than one of the core types: Array, String, Map, Set, Promise. + * + * This is an overview of the ambiguous methods and the classes that contain them (not all of these require a flow summary): + * ``` + * at: String, Array + * concat: String, Array + * includes: String, Array + * indexOf: String, Array + * lastIndexOf: String, Array + * slice: String, Array + * entries: Array, Map, Set + * forEach: Array, Map, Set + * keys: Array, Map, Set + * values: Array, Map, Set + * clear: Map, Set + * delete: Map, Set + * has: Map, Set + * ``` + * + * (Promise is absent in the table above as there currently are no name clashes with Promise methods) + */ + +private import javascript +private import semmle.javascript.dataflow.internal.DataFlowNode +private import semmle.javascript.dataflow.FlowSummary +private import FlowSummaryUtil + +class At extends SummarizedCallable { + At() { this = "Array#at / String#at" } + + override InstanceCall getACallSimple() { result.getMethodName() = "at" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[this].ArrayElement" and + output = "ReturnValue" + // + // There is no flow for String#at since we currently consider single-character extraction to be too restrictive + } +} + +class Concat extends SummarizedCallable { + Concat() { this = "Array#concat / String#concat" } + + override InstanceCall getACallSimple() { result.getMethodName() = "concat" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[this,0..].ArrayElement" and + output = "ReturnValue.ArrayElement" + or + preservesValue = false and + input = "Argument[this,0..]" and + output = "ReturnValue" + } +} + +class Slice extends SummarizedCallable { + Slice() { this = "Array#slice / String#slice" } + + override InstanceCall getACallSimple() { result.getMethodName() = "slice" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[this].ArrayElement" and + output = "ReturnValue.ArrayElement" + or + preservesValue = false and + input = "Argument[this]" and + output = "ReturnValue" + } +} + +class Entries extends SummarizedCallable { + Entries() { this = "Array#entries / Map#entries / Set#entries" } + + override InstanceCall getACall() { + result.getMethodName() = "entries" and + result.getNumArgument() = 0 + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[this]." + ["MapKey", "SetElement"] and + output = "ReturnValue.IteratorElement.Member[0]" + or + input = "Argument[this]." + ["ArrayElement", "SetElement", "MapValue"] and + output = "ReturnValue.IteratorElement.Member[1]" + ) + } +} + +class ForEach extends SummarizedCallable { + ForEach() { this = "Array#forEach / Map#forEach / Set#forEach" } + + override InstanceCall getACallSimple() { result.getMethodName() = "forEach" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + /* + * array.forEach(callbackfn, thisArg) + * callbackfn(value, index, array) + */ + + ( + input = "Argument[this]." + ["ArrayElement", "SetElement", "MapValue"] and + output = "Argument[0].Parameter[0]" + or + input = "Argument[this]." + ["MapKey", "SetElement"] and + output = "Argument[0].Parameter[1]" + or + input = "Argument[this]" and + output = "Argument[0].Parameter[2]" // object being iterated over + or + input = "Argument[1]" and // thisArg + output = "Argument[0].Parameter[this]" + ) + } +} + +class Keys extends SummarizedCallable { + Keys() { this = "Array#keys / Map#keys / Set#keys" } + + override InstanceCall getACallSimple() { + result.getMethodName() = "keys" and + result.getNumArgument() = 0 + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[this]." + ["MapKey", "SetElement"] and + output = "ReturnValue.IteratorElement" + } +} + +class Values extends SummarizedCallable { + Values() { this = "Array#values / Map#values / Set#values" } + + override InstanceCall getACallSimple() { + result.getMethodName() = "values" and + result.getNumArgument() = 0 + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[this]." + ["ArrayElement", "SetElement", "MapValue"] and + output = "ReturnValue.IteratorElement" + } +} diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Arrays.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Arrays.qll new file mode 100644 index 000000000000..054e617721e2 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Arrays.qll @@ -0,0 +1,577 @@ +/** + * Contains a summary for relevant methods on arrays, except Array.prototype.join which is currently special-cased in StringConcatenation.qll. + * + * Note that some of Array methods are modelled in `AmbiguousCoreMethods.qll`, and `join` and `toString` are special-cased elsewhere. + */ + +private import javascript +private import semmle.javascript.dataflow.FlowSummary +private import semmle.javascript.dataflow.InferredTypes +private import semmle.javascript.dataflow.internal.DataFlowPrivate as Private +private import FlowSummaryUtil + +pragma[nomagic] +DataFlow::SourceNode arrayConstructorRef() { result = DataFlow::globalVarRef("Array") } + +pragma[nomagic] +private int firstSpreadIndex(ArrayExpr expr) { + result = min(int i | expr.getElement(i) instanceof SpreadElement) +} + +/** + * Store and read steps for an array literal. Since literals are not seen as calls, this is not a flow summary. + * + * In case of spread elements `[x, ...y]`, we generate a read from `y -> ...y` and then a store from `...y` into + * the array literal (to ensure constant-indices get broken up). + */ +class ArrayLiteralStep extends DataFlow::AdditionalFlowStep { + override predicate storeStep( + DataFlow::Node pred, DataFlow::ContentSet contents, DataFlow::Node succ + ) { + exists(ArrayExpr array, int i | + pred = array.getElement(i).flow() and + succ = array.flow() + | + if i >= firstSpreadIndex(array) + then contents = DataFlow::ContentSet::arrayElement() // after a spread operator, store into unknown indices + else contents = DataFlow::ContentSet::arrayElementFromInt(i) + ) + } + + override predicate readStep( + DataFlow::Node pred, DataFlow::ContentSet contents, DataFlow::Node succ + ) { + exists(SpreadElement spread | + spread = any(ArrayExpr array).getAnElement() and + pred = spread.getOperand().flow() and + succ = spread.flow() and + contents = DataFlow::ContentSet::arrayElement() + ) + } +} + +pragma[nomagic] +private predicate isForLoopVariable(Variable v) { + v.getADeclarationStatement() = any(ForStmt stmt).getInit() + or + // Handle the somewhat rare case: `for (v; ...; ++v) { ... }` + v.getADeclaration() = any(ForStmt stmt).getInit() +} + +private predicate isLikelyArrayIndex(Expr e) { + // Require that 'e' is of type number and refers to a for-loop variable. + // TODO: This is here to mirror the old behaviour. Experiment with turning the 'and' into an 'or'. + TTNumber() = unique(InferredType type | type = e.flow().analyze().getAType()) and + isForLoopVariable(e.(VarAccess).getVariable()) + or + e.(PropAccess).getPropertyName() = "length" +} + +/** + * A dynamic property store `obj[e] = rhs` seen as a potential array access. + * + * We need to restrict to cases where `e` is likely to be an array index, as + * propagating data between arbitrary unknown property accesses is too imprecise. + */ +class DynamicArrayStoreStep extends DataFlow::AdditionalFlowStep { + override predicate storeStep( + DataFlow::Node pred, DataFlow::ContentSet contents, DataFlow::Node succ + ) { + exists(Assignment assignment, IndexExpr lvalue | + lvalue = assignment.getLhs() and + not exists(lvalue.getPropertyName()) and + isLikelyArrayIndex(lvalue.getPropertyNameExpr()) and + contents = DataFlow::ContentSet::arrayElement() and + succ.(DataFlow::ExprPostUpdateNode).getPreUpdateNode() = lvalue.getBase().flow() + | + pred = assignment.(Assignment).getRhs().flow() + or + // for compound assignments, use the result of the operator + pred = assignment.(CompoundAssignExpr).flow() + ) + } +} + +class ArrayConstructorSummary extends SummarizedCallable { + ArrayConstructorSummary() { this = "Array constructor" } + + override DataFlow::InvokeNode getACallSimple() { + result = arrayConstructorRef().getAnInvocation() + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[0..]" and + output = "ReturnValue.ArrayElement" + or + input = "Argument[arguments-array].WithArrayElement" and + output = "ReturnValue" + ) + or + // TODO: workaround for WithArrayElement not being converted to a taint step + preservesValue = false and + input = "Argument[arguments-array]" and + output = "ReturnValue" + } +} + +class CopyWithin extends SummarizedCallable { + CopyWithin() { this = "Array#copyWithin" } + + override InstanceCall getACallSimple() { result.getMethodName() = "copyWithin" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[this].WithArrayElement" and + output = "ReturnValue" + or + // TODO: workaround for WithArrayElement not being converted to a taint step + preservesValue = false and + input = "Argument[this]" and + output = "ReturnValue" + } +} + +class FlowIntoCallback extends SummarizedCallable { + FlowIntoCallback() { this = "Array method with flow into callback" } + + override InstanceCall getACallSimple() { + result.getMethodName() = ["every", "findIndex", "findLastIndex", "some"] + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[this].ArrayElement" and + output = "Argument[0].Parameter[0]" + or + input = "Argument[1]" and + output = "Argument[0].Parameter[this]" + ) + } +} + +class Filter extends SummarizedCallable { + Filter() { this = "Array#filter" } + + override InstanceCall getACallSimple() { result.getMethodName() = "filter" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[this].ArrayElement" and + output = "Argument[0].Parameter[0]" + or + input = "Argument[1]" and + output = "Argument[0].Parameter[this]" + or + // Note: in case the filter condition acts as a barrier/sanitizer, + // it is up to the query to mark the 'filter' call as a barrier/sanitizer + input = "Argument[this].WithArrayElement" and + output = "ReturnValue" + ) + or + // TODO: workaround for WithArrayElement not being converted to a taint step + preservesValue = false and + input = "Argument[this]" and + output = "ReturnValue" + } +} + +class Fill extends SummarizedCallable { + Fill() { this = "Array#fill" } // TODO: clear contents if no interval is given + + override InstanceCall getACallSimple() { result.getMethodName() = "fill" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[0..]" and + output = ["ReturnValue.ArrayElement", "Argument[this].ArrayElement"] + } +} + +class FindLike extends SummarizedCallable { + FindLike() { this = "Array#find / Array#findLast" } + + override InstanceCall getACallSimple() { result.getMethodName() = ["find", "findLast"] } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[this].ArrayElement" and + output = ["Argument[0].Parameter[0]", "ReturnValue"] + or + input = "Argument[1]" and + output = "Argument[0].Parameter[this]" + ) + } +} + +class FindLibrary extends SummarizedCallable { + FindLibrary() { this = "'array.prototype.find' / 'array-find'" } + + override DataFlow::CallNode getACallSimple() { + result = DataFlow::moduleImport(["array.prototype.find", "array-find"]).getACall() + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[0].ArrayElement" and + output = ["Argument[1].Parameter[0]", "ReturnValue"] + or + input = "Argument[2]" and + output = "Argument[1].Parameter[this]" + ) + } +} + +class Flat extends SummarizedCallable { + private int depth; + + Flat() { this = "Array#flat(" + depth + ")" and depth in [1 .. 3] } + + override InstanceCall getACallSimple() { + result.getMethodName() = "flat" and + ( + result.getNumArgument() = 1 and + result.getArgument(0).getIntValue() = depth + or + depth = 1 and + result.getNumArgument() = 0 + ) + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[this]" + concat(int n | n in [0 .. depth] | ".ArrayElement") + or + exists(int partialDepth | partialDepth in [1 .. depth - 1] | + input = + "Argument[this]" + concat(int n | n in [0 .. partialDepth] | ".ArrayElement") + + ".WithoutArrayElement" + ) + ) and + output = "ReturnValue.ArrayElement" + } +} + +class FlatMap extends SummarizedCallable { + FlatMap() { this = "Array#flatMap" } + + override InstanceCall getACallSimple() { result.getMethodName() = "flatMap" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[this].ArrayElement" and + output = "Argument[0].Parameter[0]" + or + input = "Argument[this]" and + output = "Argument[0].Parameter[2]" + or + input = "Argument[1]" and + output = "Argument[0].Parameter[1]" + or + input = "Argument[0].ReturnValue." + ["ArrayElement", "WithoutArrayElement"] and + output = "ReturnValue.ArrayElement" + ) + } +} + +private DataFlow::CallNode arrayFromCall() { + // TODO: update fromAsync model when async iterators are supported + result = arrayConstructorRef().getAMemberCall(["from", "fromAsync"]) + or + result = DataFlow::moduleImport("array-from").getACall() +} + +class From1Arg extends SummarizedCallable { + From1Arg() { this = "Array.from(arg)" } + + override DataFlow::CallNode getACallSimple() { + result = arrayFromCall() and result.getNumArgument() = 1 + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[0].WithArrayElement" and + output = "ReturnValue" + or + input = "Argument[0]." + ["SetElement", "IteratorElement"] and + output = "ReturnValue.ArrayElement" + or + input = "Argument[0].MapKey" and + output = "ReturnValue.ArrayElement.Member[0]" + or + input = "Argument[0].MapValue" and + output = "ReturnValue.ArrayElement.Member[1]" + or + input = "Argument[0].IteratorError" and + output = "ReturnValue[exception]" + ) + or + // TODO: we currently convert ArrayElement read/store steps to taint steps, but this does not + // work for WithArrayElement because it's just an expectsContent node, and there's no way easy + // to omit the expectsContent restriction in taint tracking. + // Work around this for now. + preservesValue = false and + input = "Argument[0]" and + output = "ReturnValue" + } +} + +class FromManyArg extends SummarizedCallable { + FromManyArg() { this = "Array.from(arg, callback, [thisArg])" } + + override DataFlow::CallNode getACallSimple() { + result = arrayFromCall() and + result.getNumArgument() > 1 + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[0]." + ["ArrayElement", "SetElement", "IteratorElement"] and + output = "Argument[1].Parameter[0]" + or + input = "Argument[0].MapKey" and + output = "Argument[1].Parameter[0].Member[0]" + or + input = "Argument[0].MapValue" and + output = "Argument[1].Parameter[0].Member[1]" + or + input = "Argument[1].ReturnValue" and + output = "ReturnValue.ArrayElement" + or + input = "Argument[2]" and + output = "Argument[1].Parameter[this]" + or + input = "Argument[0].IteratorError" and + output = "ReturnValue[exception]" + ) + } +} + +class Map extends SummarizedCallable { + Map() { this = "Array#map" } + + override InstanceCall getACallSimple() { + // Note that this summary may spuriously apply to library methods named `map` such as from lodash/underscore. + // However, this will not cause spurious flow, because for such functions, the first argument will be an array, not a callback, + // and every part of the summary below uses Argument[0] in a way that requires it to be a callback. + result.getMethodName() = "map" + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[this].ArrayElement" and + output = "Argument[0].Parameter[0]" + or + input = "Argument[this]" and + output = "Argument[0].Parameter[2]" + or + input = "Argument[1]" and + output = "Argument[0].Parameter[this]" + or + input = "Argument[0].ReturnValue" and + output = "ReturnValue.ArrayElement" + ) + } +} + +class Of extends SummarizedCallable { + Of() { this = "Array.of" } + + override DataFlow::CallNode getACallSimple() { + result = arrayConstructorRef().getAMemberCall("of") + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[0..]" and + output = "ReturnValue.ArrayElement" + } +} + +class Pop extends SummarizedCallable { + Pop() { this = "Array#pop" } + + override InstanceCall getACallSimple() { result.getMethodName() = "pop" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[this].ArrayElement" and + output = "ReturnValue" + } +} + +class PushLike extends SummarizedCallable { + PushLike() { this = "Array#push / Array#unshift" } + + override InstanceCall getACallSimple() { result.getMethodName() = ["push", "unshift"] } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + // TODO: make it so `arguments-array` is handled without needing to reference it explicitly in every flow-summary + input = ["Argument[0..]", "Argument[arguments-array].ArrayElement"] and + output = "Argument[this].ArrayElement" + } +} + +class ReduceLike extends SummarizedCallable { + ReduceLike() { this = "Array#reduce / Array#reduceRight" } + + override InstanceCall getACallSimple() { result.getMethodName() = ["reduce", "reduceRight"] } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + /* + * Signatures: + * reduce(callbackFn, [initialValue]) + * callbackfn(accumulator, currentValue, index, array) + */ + + ( + input = ["Argument[1]", "Argument[0].ReturnValue"] and + output = "Argument[0].Parameter[0]" // accumulator + or + input = "Argument[this].ArrayElement" and + output = "Argument[0].Parameter[1]" // currentValue + or + input = "Argument[this]" and + output = "Argument[0].Parameter[3]" // array + or + input = "Argument[0].ReturnValue" and + output = "ReturnValue" + ) + } +} + +class Reverse extends SummarizedCallable { + Reverse() { this = "Array#reverse / Array#toReversed" } + + override InstanceCall getACallSimple() { result.getMethodName() = ["reverse", "toReversed"] } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[this].ArrayElement" and + output = "ReturnValue.ArrayElement" + } +} + +class Shift extends SummarizedCallable { + Shift() { this = "Array#shift" } + + override InstanceCall getACallSimple() { result.getMethodName() = "shift" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[this].ArrayElement" and + output = "ReturnValue" + } +} + +class Sort extends SummarizedCallable { + Sort() { this = "Array#sort / Array#toSorted" } + + override InstanceCall getACallSimple() { result.getMethodName() = ["sort", "toSorted"] } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[this].ArrayElement" and + output = "ReturnValue.ArrayElement" + or + input = "Argument[this].ArrayElement" and + output = "Argument[0].Parameter[0,1]" + ) + } +} + +class Splice extends SummarizedCallable { + Splice() { this = "Array#splice" } + + override InstanceCall getACallSimple() { result.getMethodName() = "splice" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[this].ArrayElement" and + output = "ReturnValue.ArrayElement" + or + input = "Argument[2..]" and + output = ["Argument[this].ArrayElement", "ReturnValue.ArrayElement"] + ) + } +} + +class ToSpliced extends SummarizedCallable { + ToSpliced() { this = "Array#toSpliced" } + + override InstanceCall getACallSimple() { result.getMethodName() = "toSpliced" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[this].ArrayElement" and + output = "ReturnValue.ArrayElement" + or + input = "Argument[2..]" and + output = "ReturnValue.ArrayElement" + ) + } +} + +class ArrayCoercionPackage extends FunctionalPackageSummary { + ArrayCoercionPackage() { this = "ArrayCoercionPackage" } + + override string getAPackageName() { result = ["arrify", "array-ify"] } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[0].WithArrayElement" and + output = "ReturnValue" + or + input = "Argument[0].WithoutArrayElement" and + output = "ReturnValue.ArrayElement" + ) + or + // TODO: workaround for WithArrayElement not being converted to a taint step + preservesValue = false and + input = "Argument[0]" and + output = "ReturnValue" + } +} + +class ArrayCopyingPackage extends FunctionalPackageSummary { + ArrayCopyingPackage() { this = "ArrayCopyingPackage" } + + override string getAPackageName() { result = ["array-union", "array-uniq", "uniq"] } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[0..].ArrayElement" and + output = "ReturnValue.ArrayElement" + } +} + +class ArrayFlatteningPackage extends FunctionalPackageSummary { + ArrayFlatteningPackage() { this = "ArrayFlatteningPackage" } + + override string getAPackageName() { + result = ["array-flatten", "arr-flatten", "flatten", "array.prototype.flat"] + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + // TODO: properly support these. For the moment we're just adding parity with the old model + preservesValue = false and + input = "Argument[0..]" and + output = "ReturnValue" + } +} diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AsyncAwait.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AsyncAwait.qll new file mode 100644 index 000000000000..a39b0e6f43d7 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AsyncAwait.qll @@ -0,0 +1,104 @@ +/** + * Contains flow steps to model flow through `async` functions and the `await` operator. + */ + +private import javascript +private import semmle.javascript.dataflow.internal.DataFlowNode +private import semmle.javascript.dataflow.internal.AdditionalFlowInternal +private import semmle.javascript.dataflow.internal.DataFlowPrivate + +/** + * Steps modelling flow in an `async` function. + * + * Note about promise-coercion and flattening: + * - `await` preserves non-promise values, e.g. `await "foo"` is just `"foo"`. + * - `return` preserves existing promise values, and boxes other values in a promise. + * + * We rely on `expectsContent` and `clearsContent` to handle coercion/flattening without risk of creating a nested promise object. + * + * The following is a brief overview of the steps we generate: + * ```js + * async function foo() { + * await x; // x --- READ[promise-value] ---> await x + * await x; // x --- VALUE -----------------> await x (has clearsContent) + * await x; // x --- READ[promise-error] ---> exception target + * + * return x; // x --- VALUE --> return node (has expectsContent) + * return x; // x --- VALUE --> synthetic node (clearsContent) --- STORE[promise-value] --> return node + * + * // exceptional return node --> STORE[promise-error] --> return node + * } + * ``` + */ +class AsyncAwait extends AdditionalFlowInternal { + override predicate needsSynthesizedNode(AstNode node, string tag, DataFlowCallable container) { + // We synthesize a clearsContent node to contain the values that need to be boxed in a promise before returning + node.(Function).isAsync() and + container.asSourceCallable() = node and + tag = "async-raw-return" + } + + override predicate clearsContent(DataFlow::Node node, DataFlow::ContentSet contents) { + node = getSynthesizedNode(_, "async-raw-return") and + contents = DataFlow::ContentSet::promiseFilter() + or + // The result of 'await' cannot be a promise. This is needed for the local flow step into 'await' + node.asExpr() instanceof AwaitExpr and + contents = DataFlow::ContentSet::promiseFilter() + } + + override predicate expectsContent(DataFlow::Node node, DataFlow::ContentSet contents) { + // The final return value must be a promise. This is needed for the local flow step into the return node. + exists(Function f | + f.isAsync() and + node = TFunctionReturnNode(f) and + contents = DataFlow::ContentSet::promiseFilter() + ) + } + + override predicate step(DataFlow::Node pred, DataFlow::Node succ) { + exists(AwaitExpr await | + // Allow non-promise values to propagate through await. + pred = await.getOperand().flow() and + succ = await.flow() // clears promise-content + ) + or + exists(Function f | + // To avoid creating a nested promise, flow to two different nodes which only permit promises/non-promises respectively + f.isAsync() and + pred = f.getAReturnedExpr().flow() + | + succ = getSynthesizedNode(f, "async-raw-return") // clears promise-content + or + succ = TFunctionReturnNode(f) // expects promise-content + ) + } + + override predicate readStep( + DataFlow::Node pred, DataFlow::ContentSet contents, DataFlow::Node succ + ) { + exists(AwaitExpr await | pred = await.getOperand().flow() | + contents = DataFlow::ContentSet::promiseValue() and + succ = await.flow() + or + contents = DataFlow::ContentSet::promiseError() and + succ = await.getExceptionTarget() + ) + } + + override predicate storeStep( + DataFlow::Node pred, DataFlow::ContentSet contents, DataFlow::Node succ + ) { + exists(Function f | f.isAsync() | + // Box returned non-promise values in a promise + pred = getSynthesizedNode(f, "async-raw-return") and + contents = DataFlow::ContentSet::promiseValue() and + succ = TFunctionReturnNode(f) + or + // Store thrown exceptions in promise-error + pred = TExceptionalFunctionReturnNode(f) and + contents = DataFlow::ContentSet::promiseError() and + succ = TFunctionReturnNode(f) + ) + } +} diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/FlowSummaryUtil.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/FlowSummaryUtil.qll new file mode 100644 index 000000000000..a5df1d4716af --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/FlowSummaryUtil.qll @@ -0,0 +1,51 @@ +private import javascript +private import semmle.javascript.dataflow.FlowSummary +private import semmle.javascript.dataflow.internal.Contents::Private + +/** + * A method call or a reflective invocation (`call` or `apply`) that takes a receiver. + * + * Note that `DataFlow::MethodCallNode` does not include reflective invocation. + */ +class InstanceCall extends DataFlow::CallNode { + InstanceCall() { exists(this.getReceiver()) } + + /** Gets the name of method being invoked */ + string getMethodName() { result = this.getCalleeName() } +} + +/** + * A summary a function that is the default export from an NPM package. + */ +abstract class FunctionalPackageSummary extends SummarizedCallable { + bindingset[this] + FunctionalPackageSummary() { any() } + + /** Gets a name of a package for which this summary applies. */ + abstract string getAPackageName(); + + override DataFlow::InvokeNode getACallSimple() { + result = DataFlow::moduleImport(this.getAPackageName()).getAnInvocation() + } + + override DataFlow::InvokeNode getACall() { + result = API::moduleImport(this.getAPackageName()).getAnInvocation() + } +} + +/** + * Gets a content from a set of contents that together represent all valid array indices. + * + * This can be used to generate flow summaries that should preserve precise array indices, + * in cases where `WithArrayElement` is not sufficient. + */ +string getAnArrayContent() { + // Values stored at a known, small index + result = "ArrayElement[" + getAPreciseArrayIndex() + "!]" + or + // Values stored at a known, but large index + result = "ArrayElement[" + (getMaxPreciseArrayIndex() + 1) + "..]" + or + // Values stored at an unknown index + result = "ArrayElement[?]" +} diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/ForOfLoops.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/ForOfLoops.qll new file mode 100644 index 000000000000..1407ce7c79e5 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/ForOfLoops.qll @@ -0,0 +1,59 @@ +/** + * Contains flow steps to model flow through `for..of` loops. + */ + +private import javascript +private import semmle.javascript.dataflow.internal.DataFlowNode +private import semmle.javascript.dataflow.internal.AdditionalFlowInternal +private import semmle.javascript.dataflow.internal.DataFlowPrivate + +class ForOfLoopStep extends AdditionalFlowInternal { + override predicate needsSynthesizedNode(AstNode node, string tag, DataFlowCallable container) { + // Intermediate nodes to convert (MapKey, MapValue) to a `[key, value]` array. + // + // For the loop `for (let lvalue of domain)` we generate the following steps: + // + // domain --- READ[MapKey] ---> synthetic node 1 --- STORE[0] ---> lvalue + // domain --- READ[MapValue] ---> synthetic node 2 --- STORE[1] ---> lvalue + // + node instanceof ForOfStmt and + tag = ["for-of-map-key", "for-of-map-value"] and + container.asSourceCallable() = node.getContainer() + } + + override predicate readStep( + DataFlow::Node pred, DataFlow::ContentSet contents, DataFlow::Node succ + ) { + exists(ForOfStmt stmt | pred = stmt.getIterationDomain().flow() | + contents = + [ + DataFlow::ContentSet::arrayElement(), DataFlow::ContentSet::setElement(), + DataFlow::ContentSet::iteratorElement() + ] and + succ = DataFlow::lvalueNode(stmt.getLValue()) + or + contents = DataFlow::ContentSet::mapKey() and + succ = getSynthesizedNode(stmt, "for-of-map-key") + or + contents = DataFlow::ContentSet::mapValueAll() and + succ = getSynthesizedNode(stmt, "for-of-map-value") + or + contents = DataFlow::ContentSet::iteratorError() and + succ = stmt.getIterationDomain().getExceptionTarget() + ) + } + + override predicate storeStep( + DataFlow::Node pred, DataFlow::ContentSet contents, DataFlow::Node succ + ) { + exists(ForOfStmt stmt | + pred = getSynthesizedNode(stmt, "for-of-map-key") and + contents.asArrayIndex() = 0 + or + pred = getSynthesizedNode(stmt, "for-of-map-value") and + contents.asArrayIndex() = 1 + | + succ = DataFlow::lvalueNode(stmt.getLValue()) + ) + } +} diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Generators.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Generators.qll new file mode 100644 index 000000000000..e187b5751cfd --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Generators.qll @@ -0,0 +1,59 @@ +/** + * Contains flow steps to model flow through generator functions. + */ + +private import javascript +private import semmle.javascript.dataflow.internal.DataFlowNode +private import semmle.javascript.dataflow.internal.AdditionalFlowInternal + +/** + * Steps modelling flow out of a generator function: + * ```js + * function* foo() { + * yield x; // store 'x' in the return value's IteratorElement + * yield* y; // flow directly to return value, which has expectsContent, so only iterator contents can pass through. + * throw z; // store 'z' in the return value's IteratorError + * } + * ``` + */ +class GeneratorFunctionStep extends AdditionalFlowInternal { + override predicate expectsContent(DataFlow::Node node, DataFlow::ContentSet contents) { + // Ensure that the return value can only return iterator contents. This is needed for 'yield*'. + exists(Function fun | + fun.isGenerator() and + node = TFunctionReturnNode(fun) and + contents = DataFlow::ContentSet::iteratorFilter() + ) + } + + override predicate storeStep( + DataFlow::Node pred, DataFlow::ContentSet contents, DataFlow::Node succ + ) { + // `yield x`. Store into the return value's iterator element. + exists(Function fun, YieldExpr yield | fun.isGenerator() | + not yield.isDelegating() and + yield.getContainer() = fun and + pred = yield.getOperand().flow() and + contents = DataFlow::ContentSet::iteratorElement() and + succ = TFunctionReturnNode(fun) + ) + or + exists(Function f | f.isGenerator() | + // Store thrown exceptions in the iterator-error + pred = TExceptionalFunctionReturnNode(f) and + succ = TFunctionReturnNode(f) and + contents = DataFlow::ContentSet::iteratorError() + ) + } + + override predicate step(DataFlow::Node pred, DataFlow::Node succ) { + // `yield* x`. Flow into the return value, which has expectsContent, so only iterator contents can pass through. + exists(Function fun, YieldExpr yield | + fun.isGenerator() and + yield.getContainer() = fun and + yield.isDelegating() and + pred = yield.getOperand().flow() and + succ = TFunctionReturnNode(fun) + ) + } +} diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Iterators.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Iterators.qll new file mode 100644 index 000000000000..94afac527873 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Iterators.qll @@ -0,0 +1,29 @@ +/** + * Contains flow summaries and steps modelling flow through iterators. + */ + +private import javascript +private import semmle.javascript.dataflow.internal.DataFlowNode +private import semmle.javascript.dataflow.FlowSummary +private import semmle.javascript.dataflow.internal.AdditionalFlowInternal +private import FlowSummaryUtil + +class IteratorNext extends SummarizedCallable { + IteratorNext() { this = "Iterator#next" } + + override DataFlow::MethodCallNode getACallSimple() { + result.getMethodName() = "next" and + result.getNumArgument() = 0 + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[this].IteratorElement" and + output = "ReturnValue.Member[value]" + or + input = "Argument[this].IteratorError" and + output = "ReturnValue[exception]" + ) + } +} diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/JsonStringify.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/JsonStringify.qll new file mode 100644 index 000000000000..86779b8e7ecb --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/JsonStringify.qll @@ -0,0 +1,20 @@ +/** + * Contains implicit read steps at the input to any function that converts a deep object to a string, such as `JSON.stringify`. + */ + +private import javascript +private import FlowSummaryUtil +private import semmle.javascript.dataflow.internal.AdditionalFlowInternal +private import semmle.javascript.dataflow.FlowSummary + +private class JsonStringifySummary extends SummarizedCallable { + JsonStringifySummary() { this = "JSON.stringify" } + + override DataFlow::InvokeNode getACall() { result instanceof JsonStringifyCall } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = false and + input = ["Argument[0]", "Argument[0].AnyMemberDeep"] and + output = "ReturnValue" + } +} diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Maps.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Maps.qll new file mode 100644 index 000000000000..c80bee19aaa7 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Maps.qll @@ -0,0 +1,120 @@ +/** + * Contains flow summaries and steps modelling flow through `Map` objects. + */ + +private import javascript +private import semmle.javascript.dataflow.FlowSummary +private import FlowSummaryUtil + +private DataFlow::SourceNode mapConstructorRef() { result = DataFlow::globalVarRef("Map") } + +class MapConstructor extends SummarizedCallable { + MapConstructor() { this = "Map constructor" } + + override DataFlow::InvokeNode getACallSimple() { + result = mapConstructorRef().getAnInstantiation() + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[0]." + ["ArrayElement", "SetElement", "IteratorElement"] + ".Member[0]" and + output = "ReturnValue.MapKey" + or + input = "Argument[0]." + ["ArrayElement", "SetElement", "IteratorElement"] + ".Member[1]" and + output = "ReturnValue.MapValue" + or + input = ["Argument[0].WithMapKey", "Argument[0].WithMapValue"] and + output = "ReturnValue" + ) + } +} + +/** + * A read step for `Map#get`. + * + * This is implemented as a step instead of a flow summary, as we currently do not expose a MaD syntax + * for map values with a known key. + */ +class MapGetStep extends DataFlow::AdditionalFlowStep { + override predicate readStep( + DataFlow::Node pred, DataFlow::ContentSet contents, DataFlow::Node succ + ) { + exists(DataFlow::MethodCallNode call | + call.getMethodName() = "get" and + call.getNumArgument() = 1 and + pred = call.getReceiver() and + succ = call + | + contents = DataFlow::ContentSet::mapValueFromKey(call.getArgument(0).getStringValue()) + or + not exists(call.getArgument(0).getStringValue()) and + contents = DataFlow::ContentSet::mapValueAll() + ) + } +} + +/** + * A read step for `Map#set`. + * + * This is implemented as a step instead of a flow summary, as we currently do not expose a MaD syntax + * for map values with a known key. + */ +class MapSetStep extends DataFlow::AdditionalFlowStep { + override predicate storeStep( + DataFlow::Node pred, DataFlow::ContentSet contents, DataFlow::Node succ + ) { + exists(DataFlow::MethodCallNode call | + call.getMethodName() = "set" and + call.getNumArgument() = 2 and + pred = call.getArgument(1) and + succ.(DataFlow::ExprPostUpdateNode).getPreUpdateNode() = call.getReceiver() + | + contents = DataFlow::ContentSet::mapValueFromKey(call.getArgument(0).getStringValue()) + or + not exists(call.getArgument(0).getStringValue()) and + contents = DataFlow::ContentSet::mapValueWithUnknownKey() + ) + } +} + +class MapGet extends SummarizedCallable { + MapGet() { this = "Map#get" } + + override DataFlow::MethodCallNode getACallSimple() { + none() and // TODO: Disabled for now - need MaD syntax for known map values + result.getMethodName() = "get" and + result.getNumArgument() = 1 + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[this].MapValue" and + output = "ReturnValue" + } +} + +class MapSet extends SummarizedCallable { + MapSet() { this = "Map#set" } + + override DataFlow::MethodCallNode getACallSimple() { + result.getMethodName() = "set" and + result.getNumArgument() = 2 + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + input = ["Argument[this].WithMapKey", "Argument[this].WithMapValue"] and + output = "ReturnValue" + or + preservesValue = true and + none() and // TODO: Disabled for now - need MaD syntax for known map values + ( + input = "Argument[0]" and + output = "Argument[this].MapKey" + or + input = "Argument[1]" and + output = "Argument[this].MapValue" + ) + } +} diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Promises.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Promises.qll new file mode 100644 index 000000000000..fb2f05f17b79 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Promises.qll @@ -0,0 +1,324 @@ +/** + * Contains flow summaries and steps modelling flow through `Promise` objects. + */ + +private import javascript +private import semmle.javascript.dataflow.FlowSummary +private import FlowSummaryUtil + +private DataFlow::SourceNode promiseConstructorRef() { + result = Promises::promiseConstructorRef() + or + result = DataFlow::moduleImport("bluebird") + or + result = DataFlow::moduleMember(["q", "kew", "bluebird"], "Promise") // note: bluebird.Promise == bluebird + or + result = Closure::moduleImport("goog.Promise") +} + +// +// Note that the 'Awaited' token has a special interpretation. +// See a write-up here: https://github.com/github/codeql-javascript-team/issues/423 +// +private class PromiseConstructor extends SummarizedCallable { + PromiseConstructor() { this = "new Promise()" } + + override DataFlow::InvokeNode getACallSimple() { + // Disabled for now. The field-flow branch limit will be negatively affected by having + // calls to multiple variants of `new Promise()`. + none() + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + // TODO: when FlowSummaryImpl.qll supports these summaries, remove the workaround in PromiseConstructorWorkaround + // resolve(value) + input = "Argument[0].Parameter[0].Argument[0]" and output = "ReturnValue.Awaited" + or + // reject(value) + input = "Argument[0].Parameter[1].Argument[0]" and output = "ReturnValue.Awaited[error]" + or + // throw from executor + input = "Argument[0].ReturnValue[exception]" and output = "ReturnValue.Awaited[error]" + ) + } +} + +/** + * A workaround to the `PromiseConstructor`, to be used until FlowSummaryImpl.qll has sufficient support + * for callbacks. + */ +module PromiseConstructorWorkaround { + class ResolveSummary extends SummarizedCallable { + ResolveSummary() { this = "new Promise() resolve callback" } + + override DataFlow::InvokeNode getACallSimple() { + result = + promiseConstructorRef().getAnInstantiation().getCallback(0).getParameter(0).getACall() + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[0]" and + output = "Argument[function].Member[resolve-value]" + } + } + + class RejectCallback extends SummarizedCallable { + RejectCallback() { this = "new Promise() reject callback" } + + override DataFlow::InvokeNode getACallSimple() { + result = + promiseConstructorRef().getAnInstantiation().getCallback(0).getParameter(1).getACall() + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[0]" and + output = "Argument[function].Member[reject-value]" + } + } + + class ConstructorSummary extends SummarizedCallable { + ConstructorSummary() { this = "new Promise() workaround" } + + override DataFlow::InvokeNode getACallSimple() { + result = promiseConstructorRef().getAnInstantiation() + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[0].Parameter[0].Member[resolve-value]" and + output = "ReturnValue.Awaited" + or + input = "Argument[0].Parameter[1].Member[reject-value]" and + output = "ReturnValue.Awaited[error]" + or + input = "Argument[0].ReturnValue[exception]" and + output = "ReturnValue.Awaited[error]" + ) + } + } +} + +private class PromiseThen2Arguments extends SummarizedCallable { + PromiseThen2Arguments() { this = "Promise#then() with 2 arguments" } + + override InstanceCall getACallSimple() { + result.getMethodName() = "then" and + result.getNumArgument() = 2 + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[0,1].ReturnValue" and output = "ReturnValue.Awaited" + or + input = "Argument[0,1].ReturnValue[exception]" and output = "ReturnValue.Awaited[error]" + or + input = "Argument[this].Awaited[value]" and output = "Argument[0].Parameter[0]" + or + input = "Argument[this].Awaited[error]" and output = "Argument[1].Parameter[0]" + ) + } +} + +private class PromiseThen1Argument extends SummarizedCallable { + PromiseThen1Argument() { this = "Promise#then() with 1 argument" } + + override InstanceCall getACallSimple() { + result.getMethodName() = "then" and + result.getNumArgument() = 1 + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[0].ReturnValue" and output = "ReturnValue.Awaited" + or + input = "Argument[0].ReturnValue[exception]" and output = "ReturnValue.Awaited[error]" + or + input = "Argument[this].Awaited[value]" and output = "Argument[0].Parameter[0]" + or + input = "Argument[this].WithAwaited[error]" and output = "ReturnValue" + ) + } +} + +private class PromiseCatch extends SummarizedCallable { + PromiseCatch() { this = "Promise#catch()" } + + override InstanceCall getACallSimple() { result.getMethodName() = "catch" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[0].ReturnValue" and output = "ReturnValue.Awaited" + or + input = "Argument[0].ReturnValue[exception]" and output = "ReturnValue.Awaited[error]" + or + input = "Argument[this].Awaited[value]" and output = "ReturnValue.Awaited[value]" + or + input = "Argument[this].Awaited[error]" and output = "Argument[0].Parameter[0]" + ) + } +} + +private class PromiseFinally extends SummarizedCallable { + PromiseFinally() { this = "Promise#finally()" } + + override InstanceCall getACallSimple() { result.getMethodName() = "finally" } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[0].ReturnValue.Awaited[error]" and output = "ReturnValue.Awaited[error]" + or + input = "Argument[0].ReturnValue[exception]" and output = "ReturnValue.Awaited[error]" + or + input = "Argument[this].WithAwaited[value,error]" and output = "ReturnValue" + ) + } +} + +private class PromiseResolve extends SummarizedCallable { + PromiseResolve() { this = "Promise.resolve()" } + + override InstanceCall getACallSimple() { + result = promiseConstructorRef().getAMemberCall("resolve") + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[0]" and + output = "ReturnValue.Awaited" + } +} + +private class PromiseReject extends SummarizedCallable { + PromiseReject() { this = "Promise.reject()" } + + override InstanceCall getACallSimple() { + result = promiseConstructorRef().getAMemberCall("reject") + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[0]" and + output = "ReturnValue.Awaited[error]" + } +} + +private class PromiseAll extends SummarizedCallable { + PromiseAll() { this = "Promise.all()" } + + override DataFlow::InvokeNode getACallSimple() { + result = promiseConstructorRef().getAMemberCall("all") + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + exists(string content | content = getAnArrayContent() | + input = "Argument[0]." + content + ".Awaited" and + output = "ReturnValue.Awaited[value]." + content + ) + or + preservesValue = true and + input = "Argument[0].ArrayElement.WithAwaited[error]" and + output = "ReturnValue" + or + preservesValue = false and + input = "Argument[0]" and + output = "ReturnValue" + } +} + +private class PromiseAnyLike extends SummarizedCallable { + PromiseAnyLike() { this = "Promise.any() or Promise.race()" } + + override DataFlow::InvokeNode getACallSimple() { + result = promiseConstructorRef().getAMemberCall(["any", "race", "firstFulfilled"]) + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[0].ArrayElement" and + output = "ReturnValue.Awaited" + } +} + +private class PromiseAllSettled extends SummarizedCallable { + PromiseAllSettled() { this = "Promise.allSettled()" } + + override DataFlow::InvokeNode getACallSimple() { + result = promiseConstructorRef().getAMemberCall("allSettled") + or + result = DataFlow::moduleImport("promise.allsettled").getACall() + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + exists(string content | content = getAnArrayContent() | + input = "Argument[0]." + content + ".Awaited" and + output = "ReturnValue.Awaited[value]." + content + ".Member[value]" + or + input = "Argument[0]." + content + ".Awaited[error]" and + output = "ReturnValue.Awaited[value]." + content + ".Member[reason]" + ) + } +} + +private class BluebirdMapSeries extends SummarizedCallable { + BluebirdMapSeries() { this = "bluebird.mapSeries" } + + override DataFlow::InvokeNode getACallSimple() { + result = promiseConstructorRef().getAMemberCall("mapSeries") + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[0].Awaited.ArrayElement.Awaited" and + output = "Argument[1].Parameter[0]" + or + input = "Argument[0].Awaited.ArrayElement.WithAwaited[error]" and + output = "ReturnValue" + or + input = "Argument[0].WithAwaited[error]" and + output = "ReturnValue" + or + input = "Argument[1].ReturnValue.Awaited" and + output = "ReturnValue.Awaited.ArrayElement" + or + input = "Argument[1].ReturnValue.WithAwaited[error]" and + output = "ReturnValue" + ) + } +} + +/** + * - `Promise.withResolvers`, a method pending standardization, + * - `goog.Closure.withResolver()` (non-plural spelling) + * - `bluebird.Promise.defer()` + */ +private class PromiseWithResolversLike extends SummarizedCallable { + PromiseWithResolversLike() { this = "Promise.withResolvers()" } + + override DataFlow::InvokeNode getACallSimple() { + result = promiseConstructorRef().getAMemberCall(["withResolver", "withResolvers", "defer"]) + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + // TODO: not currently supported by FlowSummaryImpl.qll + input = "ReturnValue.Member[resolve].Argument[0]" and + output = "ReturnValue.Member[promise].Awaited" + or + input = "ReturnValue.Member[reject].Argument[0]" and + output = "ReturnValue.Member[promise].Awaited[error]" + ) + } +} diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Sets.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Sets.qll new file mode 100644 index 000000000000..1880eb569bf5 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Sets.qll @@ -0,0 +1,46 @@ +/** + * Contains flow summaries and steps modelling flow through `Set` objects. + */ + +private import javascript +private import semmle.javascript.dataflow.FlowSummary +private import FlowSummaryUtil + +private DataFlow::SourceNode setConstructorRef() { result = DataFlow::globalVarRef("Set") } + +class SetConstructor extends SummarizedCallable { + SetConstructor() { this = "Set constructor" } + + override DataFlow::InvokeNode getACallSimple() { + result = setConstructorRef().getAnInstantiation() + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[0]." + ["ArrayElement", "SetElement", "IteratorElement"] and + output = "ReturnValue.SetElement" + or + input = "Argument[0].MapKey" and + output = "ReturnValue.SetElement.Member[0]" + or + input = "Argument[0].MapValue" and + output = "ReturnValue.SetElement.Member[1]" + ) + } +} + +class SetAdd extends SummarizedCallable { + SetAdd() { this = "Set#add" } + + override DataFlow::MethodCallNode getACallSimple() { + result.getMethodName() = "add" and + result.getNumArgument() = 1 + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[0]" and + output = "Argument[this].SetElement" + } +} diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Strings.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Strings.qll new file mode 100644 index 000000000000..941b9a825c37 --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Strings.qll @@ -0,0 +1,66 @@ +/** + * Contains flow summaries and steps modelling flow through string methods. + */ + +private import javascript +private import semmle.javascript.dataflow.FlowSummary + +/** + * Summary for calls to `.replace` or `.replaceAll` (without a regexp pattern containing a wildcard). + */ +private class StringReplaceNoWildcard extends SummarizedCallable { + StringReplaceNoWildcard() { + this = "String#replace / String#replaceAll (without wildcard pattern)" + } + + override StringReplaceCall getACall() { not result.hasRegExpContainingWildcard() } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = false and + ( + input = "Argument[this]" and + output = "ReturnValue" + or + input = "Argument[1].ReturnValue" and + output = "ReturnValue" + ) + } +} + +/** + * Summary for calls to `.replace` or `.replaceAll` (with a regexp pattern containing a wildcard). + * + * In this case, the receiver is considered to flow into the callback. + */ +private class StringReplaceWithWildcard extends SummarizedCallable { + StringReplaceWithWildcard() { + this = "String#replace / String#replaceAll (with wildcard pattern)" + } + + override StringReplaceCall getACall() { result.hasRegExpContainingWildcard() } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = false and + ( + input = "Argument[this]" and + output = ["ReturnValue", "Argument[1].Parameter[0]"] + or + input = "Argument[1].ReturnValue" and + output = "ReturnValue" + ) + } +} + +class StringSplit extends SummarizedCallable { + StringSplit() { this = "String#split" } + + override DataFlow::MethodCallNode getACallSimple() { + result.getMethodName() = "split" and result.getNumArgument() = 1 + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = false and + input = "Argument[this]" and + output = "ReturnValue.ArrayElement" + } +} diff --git a/javascript/ql/lib/semmle/javascript/security/TaintedObject.qll b/javascript/ql/lib/semmle/javascript/security/TaintedObject.qll index 3022bded373c..22f253e1423f 100644 --- a/javascript/ql/lib/semmle/javascript/security/TaintedObject.qll +++ b/javascript/ql/lib/semmle/javascript/security/TaintedObject.qll @@ -81,7 +81,24 @@ module TaintedObject { /** * A sanitizer guard that blocks deep object taint. */ - abstract class SanitizerGuard extends TaintTracking::LabeledSanitizerGuardNode { } + abstract class SanitizerGuard extends TaintTracking::LabeledSanitizerGuardNode { + /** Holds if this node blocks flow through `e`, provided it evaluates to `outcome`. */ + predicate blocksExpr(boolean outcome, Expr e) { none() } + + /** Holds if this node blocks flow of `label` through `e`, provided it evaluates to `outcome`. */ + predicate blocksExpr(boolean outcome, Expr e, FlowLabel label) { none() } + + override predicate sanitizes(boolean outcome, Expr e, FlowLabel label) { + this.blocksExpr(outcome, e, label) + } + + override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + } + + /** + * A sanitizer guard that blocks deep object taint. + */ + module SanitizerGuard = DataFlow::MakeLabeledBarrierGuard; /** * A test of form `typeof x === "something"`, preventing `x` from being an object in some cases. @@ -103,7 +120,7 @@ module TaintedObject { ) } - override predicate sanitizes(boolean outcome, Expr e, FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, FlowLabel label) { polarity = outcome and e = operand and label = label() @@ -117,7 +134,7 @@ module TaintedObject { NumberGuard() { TaintTracking::isNumberGuard(this, x, polarity) } - override predicate sanitizes(boolean outcome, Expr e) { e = x and outcome = polarity } + override predicate blocksExpr(boolean outcome, Expr e) { e = x and outcome = polarity } } /** A guard that checks whether an input a valid string identifier using `mongoose.Types.ObjectId.isValid` */ @@ -145,7 +162,7 @@ module TaintedObject { JsonSchemaValidationGuard() { this = call.getAValidationResultAccess(polarity) } - override predicate sanitizes(boolean outcome, Expr e, FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, FlowLabel label) { outcome = polarity and e = call.getInput().asExpr() and label = label() diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/BrokenCryptoAlgorithmQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/BrokenCryptoAlgorithmQuery.qll index d0e4d56f630c..90fb4b4ffa56 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/BrokenCryptoAlgorithmQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/BrokenCryptoAlgorithmQuery.qll @@ -19,7 +19,23 @@ import BrokenCryptoAlgorithmCustomizations::BrokenCryptoAlgorithm * added either by extending the relevant class, or by subclassing this configuration itself, * and amending the sources and sinks. */ -class Configuration extends TaintTracking::Configuration { +module BrokenCryptoAlgorithmConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * Taint tracking flow for sensitive information in broken or weak cryptographic algorithms. + */ +module BrokenCryptoAlgorithmFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `BrokenCryptoAlgorithmFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "BrokenCryptoAlgorithm" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/BuildArtifactLeakQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/BuildArtifactLeakQuery.qll index db48ae25952b..0e010e35eebc 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/BuildArtifactLeakQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/BuildArtifactLeakQuery.qll @@ -14,7 +14,33 @@ import CleartextLoggingCustomizations::CleartextLogging as CleartextLogging /** * A taint tracking configuration for storage of sensitive information in build artifact. */ -class Configuration extends TaintTracking::Configuration { +module BuildArtifactLeakConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof CleartextLogging::Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof CleartextLogging::Barrier } + + predicate isAdditionalFlowStep(DataFlow::Node src, DataFlow::Node trg) { + CleartextLogging::isAdditionalTaintStep(src, trg) + } + + predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet contents) { + // All properties of a leaked object are themselves leaked. + contents = DataFlow::ContentSet::anyProperty() and + isSink(node) + } +} + +/** + * Taint tracking flow for storage of sensitive information in build artifact. + */ +module BuildArtifactLeakFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `BuildArtifactLeakFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "BuildArtifactLeak" } override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel lbl) { diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextLoggingCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextLoggingCustomizations.qll index c783a9c3cfc2..77e8b5f92bc8 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextLoggingCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextLoggingCustomizations.qll @@ -16,14 +16,20 @@ module CleartextLogging { /** Gets a string that describes the type of this data flow source. */ abstract string describe(); - abstract DataFlow::FlowLabel getLabel(); + /** + * DEPRECATED. Overriding this predicate no longer has any effect. + */ + deprecated DataFlow::FlowLabel getLabel() { result.isTaint() } } /** * A data flow sink for clear-text logging of sensitive information. */ abstract class Sink extends DataFlow::Node { - DataFlow::FlowLabel getLabel() { result.isTaint() } + /** + * DEPRECATED. Overriding this predicate no longer has any effect. + */ + deprecated DataFlow::FlowLabel getLabel() { result.isTaint() } } /** @@ -103,29 +109,28 @@ module CleartextLogging { abstract private class NonCleartextPassword extends DataFlow::Node { } /** - * An object with a property that may contain password information - * - * This is a source since `console.log(obj)` will show the properties of `obj`. + * A value stored in a property that may contain password information */ private class ObjectPasswordPropertySource extends DataFlow::ValueNode, Source { string name; ObjectPasswordPropertySource() { exists(DataFlow::PropWrite write | + write.getPropertyName() = name and name.regexpMatch(maybePassword()) and not name.regexpMatch(notSensitiveRegexp()) and - write = this.(DataFlow::SourceNode).getAPropertyWrite(name) and + this = write.getRhs() and // avoid safe values assigned to presumably unsafe names - not write.getRhs() instanceof NonCleartextPassword + not this instanceof NonCleartextPassword ) } override string describe() { result = "an access to " + name } - - override DataFlow::FlowLabel getLabel() { result.isTaint() } } - /** An access to a variable or property that might contain a password. */ + /** + * An access to a variable or property that might contain a password. + */ private class ReadPasswordSource extends DataFlow::ValueNode, Source { string name; @@ -147,8 +152,6 @@ module CleartextLogging { } override string describe() { result = "an access to " + name } - - override DataFlow::FlowLabel getLabel() { result.isTaint() } } /** A call that might return a password. */ @@ -161,8 +164,6 @@ module CleartextLogging { } override string describe() { result = "a call to " + name } - - override DataFlow::FlowLabel getLabel() { result.isTaint() } } /** An access to the sensitive object `process.env`. */ @@ -170,8 +171,28 @@ module CleartextLogging { ProcessEnvSource() { this = NodeJSLib::process().getAPropertyRead("env") } override string describe() { result = "process environment" } + } - override DataFlow::FlowLabel getLabel() { result.isTaint() } + /** Gets a data flow node referring to `process.env`. */ + private DataFlow::SourceNode processEnv(DataFlow::TypeTracker t) { + t.start() and + result instanceof ProcessEnvSource + or + exists(DataFlow::TypeTracker t2 | result = processEnv(t2).track(t2, t)) + } + + /** Gets a data flow node referring to `process.env`. */ + DataFlow::SourceNode processEnv() { result = processEnv(DataFlow::TypeTracker::end()) } + + /** + * A property access on `process.env`, seen as a barrier. + */ + private class SafeEnvironmentVariableBarrier extends Barrier instanceof DataFlow::PropRead { + SafeEnvironmentVariableBarrier() { + this = processEnv().getAPropertyRead() and + // If the name is known, it should not be sensitive + not nameIndicatesSensitiveData(this.getPropertyName(), _) + } } /** @@ -183,26 +204,10 @@ module CleartextLogging { succ.(DataFlow::PropRead).getBase() = pred } - private class PropReadAsBarrier extends Barrier { - PropReadAsBarrier() { - this = any(DataFlow::PropRead read).getBase() and - // the 'foo' in 'foo.bar()' may have flow, we only want to suppress plain property reads - not this = any(DataFlow::MethodCallNode call).getReceiver() and - // do not block custom taint steps from this node - not isAdditionalTaintStep(this, _) - } - } - /** * Holds if the edge `src` -> `trg` is an additional taint-step for clear-text logging of sensitive information. */ predicate isAdditionalTaintStep(DataFlow::Node src, DataFlow::Node trg) { - // A taint propagating data flow edge through objects: a tainted write taints the entire object. - exists(DataFlow::PropWrite write | - write.getRhs() = src and - trg.(DataFlow::SourceNode).flowsTo(write.getBase()) - ) - or // A property-copy step, // dst[x] = src[x] // dst[x] = JSON.stringify(src[x]) @@ -218,7 +223,7 @@ module CleartextLogging { not exists(read.getPropertyName()) and not isFilteredPropertyName(read.getPropertyNameExpr().flow().getALocalSource()) and src = read.getBase() and - trg = write.getBase().getALocalSource() + trg = write.getBase().getPostUpdateNode() ) or // Taint through the arguments object. diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextLoggingQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextLoggingQuery.qll index fe0a1073e081..2d222be12141 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextLoggingQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextLoggingQuery.qll @@ -20,7 +20,38 @@ private import CleartextLoggingCustomizations::CleartextLogging as CleartextLogg * added either by extending the relevant class, or by subclassing this configuration itself, * and amending the sources and sinks. */ -class Configuration extends TaintTracking::Configuration { +module CleartextLoggingConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Barrier } + + predicate isBarrierIn(DataFlow::Node node) { + // We rely on heuristic sources, which tends to cause sources to overlap + isSource(node) + } + + predicate isAdditionalFlowStep(DataFlow::Node src, DataFlow::Node trg) { + CleartextLogging::isAdditionalTaintStep(src, trg) + } + + predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet contents) { + // Assume all properties of a logged object are themselves logged. + contents = DataFlow::ContentSet::anyProperty() and + isSink(node) + } +} + +/** + * Taint tracking flow for clear-text logging of sensitive information. + */ +module CleartextLoggingFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `CleartextLoggingFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "CleartextLogging" } override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel lbl) { diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextStorageQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextStorageQuery.qll index cb97badf0ecb..d4ee8a8297dd 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextStorageQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/CleartextStorageQuery.qll @@ -19,7 +19,20 @@ import CleartextStorageCustomizations::CleartextStorage * added either by extending the relevant class, or by subclassing this configuration itself, * and amending the sources and sinks. */ -class Configuration extends TaintTracking::Configuration { +module ClearTextStorageConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +module ClearTextStorageFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `ClearTextStorageFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "ClearTextStorage" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideRequestForgeryQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideRequestForgeryQuery.qll index 8e5a46576f23..c3856e5bcd2e 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideRequestForgeryQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideRequestForgeryQuery.qll @@ -14,7 +14,34 @@ import RequestForgeryCustomizations::RequestForgery /** * A taint tracking configuration for client-side request forgery. */ -class Configuration extends TaintTracking::Configuration { +module ClientSideRequestForgeryConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { + exists(Source src | + source = src and + not src.isServerSide() + ) + } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } + + predicate isBarrierOut(DataFlow::Node node) { sanitizingPrefixEdge(node, _) } + + predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) { + isAdditionalRequestForgeryStep(pred, succ) + } +} + +/** + * Taint tracking for client-side request forgery. + */ +module ClientSideRequestForgeryFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `ClientSideRequestForgeryFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "ClientSideRequestForgery" } override predicate isSource(DataFlow::Node source) { diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectCustomizations.qll index 7b3b098b730b..edf3bb06ca8a 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectCustomizations.qll @@ -49,6 +49,16 @@ module ClientSideUrlRedirect { } } + /** + * Holds if `node` extracts a part of a URL that does not contain the suffix. + */ + pragma[inline] + predicate isPrefixExtraction(DataFlow::MethodCallNode node) { + // Block flow through prefix-extraction `substring(0, ...)` and `split("#")[0]` + node.getMethodName() = [StringOps::substringMethodName(), "split"] and + not untrustedUrlSubstring(_, node) + } + /** * Holds if `substring` refers to a substring of `base` which is considered untrusted * when `base` is the current URL. diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectQuery.qll index 0e1ceb955dde..339626964841 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectQuery.qll @@ -19,7 +19,55 @@ private class ConcreteDocumentUrl extends DocumentUrl { /** * A taint-tracking configuration for reasoning about unvalidated URL redirections. */ -class Configuration extends TaintTracking::Configuration { +module ClientSideUrlRedirectConfig implements DataFlow::StateConfigSig { + class FlowState = DataFlow::FlowLabel; + + predicate isSource(DataFlow::Node source, DataFlow::FlowLabel state) { + source.(Source).getAFlowLabel() = state + } + + predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel state) { + sink instanceof Sink and state.isTaint() + } + + predicate isBarrier(DataFlow::Node node) { + node instanceof Sanitizer or node = HostnameSanitizerGuard::getABarrierNode() + } + + predicate isBarrier(DataFlow::Node node, DataFlow::FlowLabel state) { + isPrefixExtraction(node) and + state instanceof DocumentUrl + } + + predicate isBarrierOut(DataFlow::Node node) { hostnameSanitizingPrefixEdge(node, _) } + + predicate isBarrierOut(DataFlow::Node node, DataFlow::FlowLabel label) { isSink(node, label) } + + predicate isAdditionalFlowStep( + DataFlow::Node node1, DataFlow::FlowLabel state1, DataFlow::Node node2, + DataFlow::FlowLabel state2 + ) { + untrustedUrlSubstring(node1, node2) and + state1 instanceof DocumentUrl and + state2.isTaint() + or + exists(HtmlSanitizerCall call | + node1 = call.getInput() and + node2 = call and + state1 = state2 + ) + } +} + +/** + * Taint-tracking flow for reasoning about unvalidated URL redirections. + */ +module ClientSideUrlRedirectFlow = TaintTracking::GlobalWithState; + +/** + * A taint-tracking configuration for reasoning about unvalidated URL redirections. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "ClientSideUrlRedirect" } override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel lbl) { @@ -36,21 +84,22 @@ class Configuration extends TaintTracking::Configuration { override predicate isSanitizerOut(DataFlow::Node node) { hostnameSanitizingPrefixEdge(node, _) } override predicate isAdditionalFlowStep( - DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel f, DataFlow::FlowLabel g + DataFlow::Node node1, DataFlow::Node node2, DataFlow::FlowLabel state1, + DataFlow::FlowLabel state2 ) { - untrustedUrlSubstring(pred, succ) and - f instanceof DocumentUrl and - g.isTaint() - or - // preserve document.url label in step from `location` to `location.href` - f instanceof DocumentUrl and - g instanceof DocumentUrl and - succ.(DataFlow::PropRead).accesses(pred, "href") + ClientSideUrlRedirectConfig::isAdditionalFlowStep(node1, state1, node2, state2) or - exists(HtmlSanitizerCall call | - pred = call.getInput() and - succ = call and - f = g + // Preserve document.url label in step from `location` to `location.href` or `location.toString()` + state1 instanceof DocumentUrl and + state2 instanceof DocumentUrl and + ( + node2.(DataFlow::PropRead).accesses(node1, "href") + or + exists(DataFlow::CallNode call | + call.getCalleeName() = "toString" and + node1 = call.getReceiver() and + node2 = call + ) ) } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/CodeInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/CodeInjectionQuery.qll index ea57dd735881..811a9575504f 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/CodeInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/CodeInjectionQuery.qll @@ -13,7 +13,28 @@ import CodeInjectionCustomizations::CodeInjection /** * A taint-tracking configuration for reasoning about code injection vulnerabilities. */ -class Configuration extends TaintTracking::Configuration { +module CodeInjectionConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } + + predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) { + // HTML sanitizers are insufficient protection against code injection + node1 = node2.(HtmlSanitizerCall).getInput() + } +} + +/** + * Taint-tracking for reasoning about code injection vulnerabilities. + */ +module CodeInjectionFlow = TaintTracking::Global; + +/** + * DEPRRECATED. Use the `CodeInjectionFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "CodeInjection" } override predicate isSource(DataFlow::Node source) { source instanceof Source } @@ -25,8 +46,7 @@ class Configuration extends TaintTracking::Configuration { node instanceof Sanitizer } - override predicate isAdditionalTaintStep(DataFlow::Node src, DataFlow::Node trg) { - // HTML sanitizers are insufficient protection against code injection - src = trg.(HtmlSanitizerCall).getInput() + override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) { + CodeInjectionConfig::isAdditionalFlowStep(node1, node2) } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/CommandInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/CommandInjectionQuery.qll index c8e11e04477c..bb93c6320f1a 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/CommandInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/CommandInjectionQuery.qll @@ -11,25 +11,41 @@ import javascript import CommandInjectionCustomizations::CommandInjection import IndirectCommandArgument +/** + * Holds if `sink` is a data flow sink for command-injection vulnerabilities, and + * the alert should be placed at the node `highlight`. + */ +predicate isSinkWithHighlight(DataFlow::Node sink, DataFlow::Node highlight) { + sink instanceof Sink and highlight = sink + or + isIndirectCommandArgument(sink, highlight) +} + /** * A taint-tracking configuration for reasoning about command-injection vulnerabilities. */ -class Configuration extends TaintTracking::Configuration { - Configuration() { this = "CommandInjection" } +module CommandInjectionConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { isSinkWithHighlight(sink, _) } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * Taint-tracking for reasoning about command-injection vulnerabilities. + */ +module CommandInjectionFlow = TaintTracking::Global; - override predicate isSource(DataFlow::Node source) { source instanceof Source } +/** + * DEPRECATED. Use the `CommandInjectionFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { + Configuration() { this = "CommandInjection" } - /** - * Holds if `sink` is a data flow sink for command-injection vulnerabilities, and - * the alert should be placed at the node `highlight`. - */ - predicate isSinkWithHighlight(DataFlow::Node sink, DataFlow::Node highlight) { - sink instanceof Sink and highlight = sink - or - isIndirectCommandArgument(sink, highlight) - } + override predicate isSource(DataFlow::Node source) { CommandInjectionConfig::isSource(source) } - override predicate isSink(DataFlow::Node sink) { this.isSinkWithHighlight(sink, _) } + override predicate isSink(DataFlow::Node sink) { CommandInjectionConfig::isSink(sink) } - override predicate isSanitizer(DataFlow::Node node) { node instanceof Sanitizer } + override predicate isSanitizer(DataFlow::Node node) { CommandInjectionConfig::isBarrier(node) } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ConditionalBypassQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ConditionalBypassQuery.qll index 0d1319800a85..6482b09a754e 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ConditionalBypassQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ConditionalBypassQuery.qll @@ -13,7 +13,28 @@ import ConditionalBypassCustomizations::ConditionalBypass /** * A taint tracking configuration for bypass of sensitive action guards. */ -class Configuration extends TaintTracking::Configuration { +module ConditionalBypassConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } + + predicate isAdditionalFlowStep(DataFlow::Node src, DataFlow::Node dst) { + // comparing a tainted expression against a constant gives a tainted result + dst.asExpr().(Comparison).hasOperands(src.asExpr(), any(ConstantExpr c)) + } +} + +/** + * Taint tracking flow for bypass of sensitive action guards. + */ +module ConditionalBypassFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `ConditionalBypassFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "ConditionalBypass" } override predicate isSource(DataFlow::Node source) { source instanceof Source } @@ -26,8 +47,7 @@ class Configuration extends TaintTracking::Configuration { } override predicate isAdditionalTaintStep(DataFlow::Node src, DataFlow::Node dst) { - // comparing a tainted expression against a constant gives a tainted result - dst.asExpr().(Comparison).hasOperands(src.asExpr(), any(ConstantExpr c)) + ConditionalBypassConfig::isAdditionalFlowStep(src, dst) } } @@ -72,7 +92,67 @@ class SensitiveActionGuardComparisonOperand extends Sink { * If flow from `source` taints `sink`, then an attacker can * control if `action` should be executed or not. */ -predicate isTaintedGuardForSensitiveAction( +predicate isTaintedGuardNodeForSensitiveAction( + ConditionalBypassFlow::PathNode sink, ConditionalBypassFlow::PathNode source, + SensitiveAction action +) { + action = sink.getNode().(Sink).getAction() and + // exclude the intermediary sink + not sink.getNode() instanceof SensitiveActionGuardComparisonOperand and + ( + // ordinary taint tracking to a guard + ConditionalBypassFlow::flowPath(source, sink) + or + // taint tracking to both operands of a guard comparison + exists( + SensitiveActionGuardComparison cmp, ConditionalBypassFlow::PathNode lSource, + ConditionalBypassFlow::PathNode rSource, ConditionalBypassFlow::PathNode lSink, + ConditionalBypassFlow::PathNode rSink + | + sink.getNode() = cmp.getGuard() and + ConditionalBypassFlow::flowPath(lSource, lSink) and + lSink.getNode() = DataFlow::valueNode(cmp.getLeftOperand()) and + ConditionalBypassFlow::flowPath(rSource, rSink) and + rSink.getNode() = DataFlow::valueNode(cmp.getRightOperand()) + | + source = lSource or + source = rSource + ) + ) +} + +/** + * Holds if `e` effectively guards access to `action` by returning or throwing early. + * + * Example: `if (e) return; action(x)`. + */ +predicate isEarlyAbortGuardNode(ConditionalBypassFlow::PathNode e, SensitiveAction action) { + exists(IfStmt guard | + // `e` is in the condition of an if-statement ... + e.getNode().(Sink).asExpr().getParentExpr*() = guard.getCondition() and + // ... where the then-branch always throws or returns + exists(Stmt abort | + abort instanceof ThrowStmt or + abort instanceof ReturnStmt + | + abort.nestedIn(guard) and + abort.getBasicBlock().(ReachableBasicBlock).postDominates(guard.getThen().getBasicBlock()) + ) and + // ... and the else-branch does not exist + not exists(guard.getElse()) + | + // ... and `action` is outside the if-statement + not action.asExpr().getEnclosingStmt().nestedIn(guard) + ) +} + +/** + * Holds if `sink` guards `action`, and `source` taints `sink`. + * + * If flow from `source` taints `sink`, then an attacker can + * control if `action` should be executed or not. + */ +deprecated predicate isTaintedGuardForSensitiveAction( DataFlow::PathNode sink, DataFlow::PathNode source, SensitiveAction action ) { action = sink.getNode().(Sink).getAction() and @@ -104,7 +184,7 @@ predicate isTaintedGuardForSensitiveAction( * * Example: `if (e) return; action(x)`. */ -predicate isEarlyAbortGuard(DataFlow::PathNode e, SensitiveAction action) { +deprecated predicate isEarlyAbortGuard(DataFlow::PathNode e, SensitiveAction action) { exists(IfStmt guard | // `e` is in the condition of an if-statement ... e.getNode().(Sink).asExpr().getParentExpr*() = guard.getCondition() and diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/CorsMisconfigurationForCredentialsQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/CorsMisconfigurationForCredentialsQuery.qll index 57cabe0ea79b..0be461f51184 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/CorsMisconfigurationForCredentialsQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/CorsMisconfigurationForCredentialsQuery.qll @@ -14,7 +14,26 @@ import CorsMisconfigurationForCredentialsCustomizations::CorsMisconfigurationFor /** * A data flow configuration for CORS misconfiguration for credentials transfer. */ -class Configuration extends TaintTracking::Configuration { +module CorsMisconfigurationConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { + node instanceof Sanitizer or + node = TaintTracking::AdHocWhitelistCheckSanitizer::getABarrierNode() + } +} + +/** + * Data flow for CORS misconfiguration for credentials transfer. + */ +module CorsMisconfigurationFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `CorsMisconfigurationFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "CorsMisconfigurationForCredentials" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/DeepObjectResourceExhaustionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/DeepObjectResourceExhaustionQuery.qll index 918ef0663c85..84053319d021 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/DeepObjectResourceExhaustionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/DeepObjectResourceExhaustionQuery.qll @@ -11,7 +11,41 @@ import DeepObjectResourceExhaustionCustomizations::DeepObjectResourceExhaustion * A taint tracking configuration for reasoning about DoS attacks due to inefficient handling * of user-controlled objects. */ -class Configuration extends TaintTracking::Configuration { +module DeepObjectResourceExhaustionConfig implements DataFlow::StateConfigSig { + class FlowState = DataFlow::FlowLabel; + + predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { + source.(Source).getAFlowLabel() = label + } + + predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { + sink instanceof Sink and label = TaintedObject::label() + } + + predicate isBarrier(DataFlow::Node node, DataFlow::FlowLabel label) { + node = TaintedObject::SanitizerGuard::getABarrierNode(label) + } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } + + predicate isAdditionalFlowStep( + DataFlow::Node src, DataFlow::FlowLabel inlbl, DataFlow::Node trg, DataFlow::FlowLabel outlbl + ) { + TaintedObject::step(src, trg, inlbl, outlbl) + } +} + +/** + * Taint tracking for reasoning about DoS attacks due to inefficient handling + * of user-controlled objects. + */ +module DeepObjectResourceExhaustionFlow = + TaintTracking::GlobalWithState; + +/** + * DEPRECATED. Use the `DeepObjectResourceExhaustionFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "DeepObjectResourceExhaustion" } override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/DifferentKindsComparisonBypassQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/DifferentKindsComparisonBypassQuery.qll index 045a33e3211c..266d0b9413f8 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/DifferentKindsComparisonBypassQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/DifferentKindsComparisonBypassQuery.qll @@ -14,19 +14,20 @@ import DifferentKindsComparisonBypassCustomizations::DifferentKindsComparisonByp /** * A taint tracking configuration for comparisons that relies on different kinds of HTTP request data. */ -private class Configuration extends TaintTracking::Configuration { - Configuration() { this = "DifferentKindsComparisonBypass" } +private module DifferentKindsComparisonBypassConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } - override predicate isSource(DataFlow::Node source) { source instanceof Source } + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } } +/** + * Taint tracking for comparisons that relies on different kinds of HTTP request data. + */ +private module DifferentKindsComparisonBypassFlow = + TaintTracking::Global; + /** * A comparison that relies on different kinds of HTTP request data. */ @@ -35,11 +36,9 @@ class DifferentKindsComparison extends Comparison { Source rSource; DifferentKindsComparison() { - exists(Configuration cfg | - cfg.hasFlow(lSource, DataFlow::valueNode(this.getLeftOperand())) and - cfg.hasFlow(rSource, DataFlow::valueNode(this.getRightOperand())) and - lSource.isSuspiciousToCompareWith(rSource) - ) + DifferentKindsComparisonBypassFlow::flow(lSource, DataFlow::valueNode(this.getLeftOperand())) and + DifferentKindsComparisonBypassFlow::flow(rSource, DataFlow::valueNode(this.getRightOperand())) and + lSource.isSuspiciousToCompareWith(rSource) } /** Gets the left operand source of this comparison. */ diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssCustomizations.qll index b3ab20583ef8..190181fdebde 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssCustomizations.qll @@ -18,6 +18,30 @@ module DomBasedXss { /** A sanitizer for DOM-based XSS vulnerabilities. */ abstract class Sanitizer extends Shared::Sanitizer { } + /** + * A barrier guard for any tainted value. + */ + abstract class BarrierGuard extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e) { none() } + + /** + * Holds if this node acts as a barrier for `label`, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { none() } + } + + /** A subclass of `BarrierGuard` that is used for backward compatibility with the old data flow library. */ + abstract class BarrierGuardLegacy extends BarrierGuard, TaintTracking::SanitizerGuardNode { + override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + + override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + this.blocksExpr(outcome, e, label) + } + } + /** * An expression whose value is interpreted as HTML * and may be inserted into the DOM through a library. @@ -347,9 +371,8 @@ module DomBasedXss { /** * A sanitizer that blocks the `PrefixString` label when the start of the string is being tested as being of a particular prefix. */ - abstract class PrefixStringSanitizer extends TaintTracking::LabeledSanitizerGuardNode instanceof StringOps::StartsWith - { - override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + abstract class PrefixStringSanitizer extends BarrierGuardLegacy instanceof StringOps::StartsWith { + override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { e = super.getBaseString().asExpr() and label = prefixLabel() and outcome = super.getPolarity() diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssQuery.qll index 42ea977e26c8..4da51cccb8c4 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/DomBasedXssQuery.qll @@ -20,7 +20,8 @@ class HtmlSink extends DataFlow::Node instanceof Sink { } /** - * A taint-tracking configuration for reasoning about XSS. + * A taint-tracking configuration for reasoning about XSS by DOM manipulation. + * * Both ordinary HTML sinks, URL sinks, and JQuery selector based sinks. * - HTML sinks are sinks for any tainted value * - URL sinks are only sinks when the scheme is user controlled @@ -31,10 +32,10 @@ class HtmlSink extends DataFlow::Node instanceof Sink { * - Taint: a tainted value where the attacker controls part of the value. * - PrefixLabel: a tainted value where the attacker controls the prefix */ -class Configuration extends TaintTracking::Configuration { - Configuration() { this = "HtmlInjection" } +module DomBasedXssConfig implements DataFlow::StateConfigSig { + class FlowState = DataFlow::FlowLabel; - override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { + predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { source instanceof Source and (label.isTaint() or label = prefixLabel()) and not source = TaintedUrlSuffix::source() @@ -43,7 +44,7 @@ class Configuration extends TaintTracking::Configuration { label = TaintedUrlSuffix::label() } - override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { + predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { sink instanceof HtmlSink and label = [TaintedUrlSuffix::label(), prefixLabel(), DataFlow::FlowLabel::taint()] or @@ -54,23 +55,11 @@ class Configuration extends TaintTracking::Configuration { label = prefixLabel() } - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) - or - node instanceof Sanitizer - } - - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) { - guard instanceof PrefixStringSanitizerActivated or - guard instanceof QuoteGuard or - guard instanceof ContainsHtmlGuard - } + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } - override predicate isLabeledBarrier(DataFlow::Node node, DataFlow::FlowLabel lbl) { - super.isLabeledBarrier(node, lbl) - or - // copy all taint barriers to the TaintedUrlSuffix/PrefixLabel label. This copies both the ordinary sanitizers and the sanitizer-guards. - super.isLabeledBarrier(node, DataFlow::FlowLabel::taint()) and + predicate isBarrier(DataFlow::Node node, DataFlow::FlowLabel lbl) { + // copy all taint barrier guards to the TaintedUrlSuffix/PrefixLabel label + TaintTracking::defaultSanitizer(node) and lbl = [TaintedUrlSuffix::label(), prefixLabel()] or // any non-first string-concatenation leaf is a barrier for the prefix label. @@ -86,43 +75,78 @@ class Configuration extends TaintTracking::Configuration { or isOptionallySanitizedNode(node) and lbl = [DataFlow::FlowLabel::taint(), prefixLabel(), TaintedUrlSuffix::label()] + or + node = DataFlow::MakeLabeledBarrierGuard::getABarrierNode(lbl) } - override predicate isAdditionalFlowStep( - DataFlow::Node src, DataFlow::Node trg, DataFlow::FlowLabel inlbl, DataFlow::FlowLabel outlbl + predicate isAdditionalFlowStep( + DataFlow::Node node1, DataFlow::FlowLabel state1, DataFlow::Node node2, + DataFlow::FlowLabel state2 ) { - TaintedUrlSuffix::step(src, trg, inlbl, outlbl) + TaintedUrlSuffix::step(node1, node2, state1, state2) or exists(DataFlow::Node operator | - StringConcatenation::taintStep(src, trg, operator, _) and + StringConcatenation::taintStep(node1, node2, operator, _) and StringConcatenation::getOperand(operator, 0).getStringValue() = "<" + any(string s) and - inlbl = TaintedUrlSuffix::label() and - outlbl.isTaint() + state1 = TaintedUrlSuffix::label() and + state2.isTaint() ) or - // inherit all ordinary taint steps for prefixLabel - inlbl = prefixLabel() and - outlbl = prefixLabel() and - TaintTracking::sharedTaintStep(src, trg) - or - // steps out of taintedSuffixlabel to taint-label are also a steps to prefixLabel. - TaintedUrlSuffix::step(src, trg, TaintedUrlSuffix::label(), DataFlow::FlowLabel::taint()) and - inlbl = TaintedUrlSuffix::label() and - outlbl = prefixLabel() + // steps out of taintedSuffixlabel to taint-label are also steps to prefixLabel. + TaintedUrlSuffix::step(node1, node2, TaintedUrlSuffix::label(), DataFlow::FlowLabel::taint()) and + state1 = TaintedUrlSuffix::label() and + state2 = prefixLabel() or + // FIXME: this fails to work in the test case at jquery.js:37 exists(DataFlow::FunctionNode callback, DataFlow::Node arg | any(JQuery::MethodCall c).interpretsArgumentAsHtml(arg) and callback = arg.getABoundFunctionValue(_) and - src = callback.getReturnNode() and - trg = callback and - inlbl = outlbl + node1 = callback.getReturnNode() and + node2 = callback and + state1 = state2 ) } } -private class PrefixStringSanitizerActivated extends TaintTracking::SanitizerGuardNode, - PrefixStringSanitizer -{ +/** + * Taint-tracking for reasoning about XSS by DOM manipulation. + */ +module DomBasedXssFlow = TaintTracking::GlobalWithState; + +/** + * DEPRECATED. Use the `DomBasedXssFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { + Configuration() { this = "HtmlInjection" } + + override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { + DomBasedXssConfig::isSource(source, label) + } + + override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { + DomBasedXssConfig::isSink(sink, label) + } + + override predicate isSanitizer(DataFlow::Node node) { DomBasedXssConfig::isBarrier(node) } + + override predicate isLabeledBarrier(DataFlow::Node node, DataFlow::FlowLabel lbl) { + DomBasedXssConfig::isBarrier(node, lbl) + } + + override predicate isAdditionalFlowStep( + DataFlow::Node node1, DataFlow::Node node2, DataFlow::FlowLabel state1, + DataFlow::FlowLabel state2 + ) { + DomBasedXssConfig::isAdditionalFlowStep(node1, state1, node2, state2) + or + // inherit all ordinary taint steps for the prefix label + state1 = prefixLabel() and + state2 = prefixLabel() and + TaintTracking::sharedTaintStep(node1, node2) + } +} + +private class PrefixStringSanitizerActivated extends PrefixStringSanitizer { PrefixStringSanitizerActivated() { this = this } } @@ -130,11 +154,10 @@ private class PrefixStringActivated extends DataFlow::FlowLabel, PrefixString { PrefixStringActivated() { this = this } } -private class QuoteGuard extends TaintTracking::SanitizerGuardNode, Shared::QuoteGuard { +private class QuoteGuard extends Shared::QuoteGuard { QuoteGuard() { this = this } } -private class ContainsHtmlGuard extends TaintTracking::SanitizerGuardNode, Shared::ContainsHtmlGuard -{ +private class ContainsHtmlGuard extends Shared::ContainsHtmlGuard { ContainsHtmlGuard() { this = this } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ExceptionXssQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ExceptionXssQuery.qll index a8418898e1be..9a748c0c301a 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ExceptionXssQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ExceptionXssQuery.qll @@ -126,10 +126,41 @@ private DataFlow::Node getExceptionTarget(DataFlow::Node pred) { /** * A taint-tracking configuration for reasoning about XSS with possible exceptional flow. - * Flow labels are used to ensure that we only report taint-flow that has been thrown in + * Flow states are used to ensure that we only report taint-flow that has been thrown in * an exception. */ -class Configuration extends TaintTracking::Configuration { +module ExceptionXssConfig implements DataFlow::StateConfigSig { + class FlowState = DataFlow::FlowLabel; + + predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { + source.(Source).getAFlowLabel() = label + } + + predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { + sink instanceof XssShared::Sink and not label instanceof NotYetThrown + } + + predicate isBarrier(DataFlow::Node node) { node instanceof XssShared::Sanitizer } + + predicate isAdditionalFlowStep( + DataFlow::Node pred, DataFlow::FlowLabel inlbl, DataFlow::Node succ, DataFlow::FlowLabel outlbl + ) { + inlbl instanceof NotYetThrown and + (outlbl.isTaint() or outlbl instanceof NotYetThrown) and + canThrowSensitiveInformation(pred) and + succ = getExceptionTarget(pred) + } +} + +/** + * Taint-tracking for reasoning about XSS with possible exceptional flow. + */ +module ExceptionXssFlow = TaintTracking::GlobalWithState; + +/** + * DEPRECATED. Use the `ExceptionXssFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "ExceptionXss" } override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { @@ -145,12 +176,10 @@ class Configuration extends TaintTracking::Configuration { override predicate isAdditionalFlowStep( DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel inlbl, DataFlow::FlowLabel outlbl ) { - inlbl instanceof NotYetThrown and - (outlbl.isTaint() or outlbl instanceof NotYetThrown) and - canThrowSensitiveInformation(pred) and - succ = getExceptionTarget(pred) + ExceptionXssConfig::isAdditionalFlowStep(pred, inlbl, succ, outlbl) or // All the usual taint-flow steps apply on data-flow before it has been thrown in an exception. + // Note: this step is not needed in StateConfigSig module since flow states inherit taint steps. this.isAdditionalFlowStep(pred, succ) and inlbl instanceof NotYetThrown and outlbl instanceof NotYetThrown diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataQuery.qll index b6d8c7fa0889..2af00bdac2a3 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ExternalAPIUsedWithUntrustedDataQuery.qll @@ -10,15 +10,49 @@ import javascript import ExternalAPIUsedWithUntrustedDataCustomizations::ExternalApiUsedWithUntrustedData -/** Flow label for objects from which a tainted value is reachable. */ -private class ObjectWrapperFlowLabel extends DataFlow::FlowLabel { +/** + * A taint tracking configuration for untrusted data flowing to an external API. + */ +module ExternalAPIUsedWithUntrustedDataConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } + + predicate isBarrierIn(DataFlow::Node node) { + // Block flow from the location to its properties, as the relevant properties (hash and search) are taint sources of their own. + // The location source is only used for propagating through API calls like `new URL(location)` and into external APIs where + // the whole location object escapes. + node = DOM::locationRef().getAPropertyRead() + } + + predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet contents) { + // Also report values that escape while inside a property + isSink(node) and contents = DataFlow::ContentSet::anyProperty() + } +} + +/** + * Taint tracking for untrusted data flowing to an external API. + */ +module ExternalAPIUsedWithUntrustedDataFlow = + TaintTracking::Global; + +/** + * Flow label for objects from which a tainted value is reachable. + * + * Only used by the legacy data-flow configuration, as the new data flow configuration + * uses `allowImplicitRead` to achieve this instead. + */ +deprecated private class ObjectWrapperFlowLabel extends DataFlow::FlowLabel { ObjectWrapperFlowLabel() { this = "object-wrapper" } } /** - * A taint tracking configuration for untrusted data flowing to an external API. + * DEPRECATED. Use the `ExternalAPIUsedWithUntrustedDataFlow` module instead. */ -class Configuration extends TaintTracking::Configuration { +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "ExternalAPIUsedWithUntrustedData" } override predicate isSource(DataFlow::Node source) { source instanceof Source } @@ -59,10 +93,10 @@ class ExternalApiDataNode extends DataFlow::Node instanceof Sink { } /** A node representing untrusted data being passed to an external API. */ class UntrustedExternalApiDataNode extends ExternalApiDataNode { - UntrustedExternalApiDataNode() { any(Configuration c).hasFlow(_, this) } + UntrustedExternalApiDataNode() { ExternalAPIUsedWithUntrustedDataFlow::flow(_, this) } /** Gets a source of untrusted data which is passed to this external API data node. */ - DataFlow::Node getAnUntrustedSource() { any(Configuration c).hasFlow(result, this) } + DataFlow::Node getAnUntrustedSource() { ExternalAPIUsedWithUntrustedDataFlow::flow(result, this) } } /** @@ -72,7 +106,7 @@ private newtype TExternalApi = /** An external API sink with `name`. */ MkExternalApiNode(string name) { exists(Sink sink | - any(Configuration c).hasFlow(_, sink) and + ExternalAPIUsedWithUntrustedDataFlow::flow(_, sink) and name = sink.getApiName() ) } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/FileAccessToHttpQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/FileAccessToHttpQuery.qll index 9ce034767556..6b713af340a0 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/FileAccessToHttpQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/FileAccessToHttpQuery.qll @@ -13,7 +13,28 @@ import FileAccessToHttpCustomizations::FileAccessToHttp /** * A taint tracking configuration for file data in outbound network requests. */ -class Configuration extends TaintTracking::Configuration { +module FileAccessToHttpConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } + + predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet contents) { + isSink(node) and + contents = DataFlow::ContentSet::anyProperty() + } +} + +/** + * Taint tracking for file data in outbound network requests. + */ +module FileAccessToHttpFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `FileAccessToHttpFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "FileAccessToHttp" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedCredentialsQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedCredentialsQuery.qll index b38d1908faf4..121f6d247c4d 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedCredentialsQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedCredentialsQuery.qll @@ -12,19 +12,14 @@ import HardcodedCredentialsCustomizations::HardcodedCredentials /** * A data flow tracking configuration for hardcoded credentials. */ -class Configuration extends DataFlow::Configuration { - Configuration() { this = "HardcodedCredentials" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } +module HardcodedCredentialsConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node instanceof Source } - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + predicate isSink(DataFlow::Node node) { node instanceof Sink } - override predicate isBarrier(DataFlow::Node node) { - super.isBarrier(node) or - node instanceof Sanitizer - } + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } - override predicate isAdditionalFlowStep(DataFlow::Node src, DataFlow::Node trg) { + predicate isAdditionalFlowStep(DataFlow::Node src, DataFlow::Node trg) { exists(Base64::Encode encode | src = encode.getInput() and trg = encode.getOutput()) or trg.(StringOps::ConcatenationRoot).getALeaf() = src and @@ -37,3 +32,30 @@ class Configuration extends DataFlow::Configuration { ) } } + +/** + * Data flow for reasoning about hardcoded credentials. + */ +module HardcodedCredentials = DataFlow::Global; + +/** + * DEPRECATED. Use the `HardcodedCredentials` module instead. + */ +deprecated class Configuration extends DataFlow::Configuration { + Configuration() { this = "HardcodedCredentials" } + + override predicate isSource(DataFlow::Node source) { + HardcodedCredentialsConfig::isSource(source) + } + + override predicate isSink(DataFlow::Node sink) { HardcodedCredentialsConfig::isSink(sink) } + + override predicate isBarrier(DataFlow::Node node) { + super.isBarrier(node) or + HardcodedCredentialsConfig::isBarrier(node) + } + + override predicate isAdditionalFlowStep(DataFlow::Node src, DataFlow::Node trg) { + HardcodedCredentialsConfig::isAdditionalFlowStep(src, trg) + } +} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedDataInterpretedAsCodeQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedDataInterpretedAsCodeQuery.qll index 7318681a8827..55ecdbffe804 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedDataInterpretedAsCodeQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/HardcodedDataInterpretedAsCodeQuery.qll @@ -15,7 +15,37 @@ import HardcodedDataInterpretedAsCodeCustomizations::HardcodedDataInterpretedAsC * A taint-tracking configuration for reasoning about hard-coded data * being interpreted as code */ -class Configuration extends TaintTracking::Configuration { +module HardcodedDataInterpretedAsCodeConfig implements DataFlow::StateConfigSig { + class FlowState = DataFlow::FlowLabel; + + predicate isSource(DataFlow::Node source, DataFlow::FlowLabel lbl) { + source.(Source).getLabel() = lbl + } + + predicate isSink(DataFlow::Node nd, DataFlow::FlowLabel lbl) { nd.(Sink).getLabel() = lbl } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } + + predicate isAdditionalFlowStep( + DataFlow::Node node1, DataFlow::FlowLabel state1, DataFlow::Node node2, + DataFlow::FlowLabel state2 + ) { + TaintTracking::defaultTaintStep(node1, node2) and + state1.isDataOrTaint() and + state2.isTaint() + } +} + +/** + * Taint-tracking for reasoning about hard-coded data being interpreted as code + */ +module HardcodedDataInterpretedAsCodeFlow = + DataFlow::GlobalWithState; + +/** + * DEPRECATED. Use the `HardcodedDataInterpretedAsCodeFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "HardcodedDataInterpretedAsCode" } override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel lbl) { diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/HostHeaderPoisoningInEmailGenerationQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/HostHeaderPoisoningInEmailGenerationQuery.qll index f87938dfb71e..acc2eacec07b 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/HostHeaderPoisoningInEmailGenerationQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/HostHeaderPoisoningInEmailGenerationQuery.qll @@ -6,19 +6,31 @@ import javascript /** - * A taint tracking configuration for host header poisoning in email generation. + * A taint tracking configuration for host header poisoning. */ -class Configuration extends TaintTracking::Configuration { - Configuration() { this = "TaintedHostHeader" } - - override predicate isSource(DataFlow::Node node) { +module HostHeaderPoisoningConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { exists(Http::RequestHeaderAccess input | node = input | input.getKind() = "header" and input.getAHeaderName() = "host" ) } - override predicate isSink(DataFlow::Node node) { - exists(EmailSender email | node = email.getABody()) - } + predicate isSink(DataFlow::Node node) { exists(EmailSender email | node = email.getABody()) } +} + +/** + * Taint tracking configuration host header poisoning. + */ +module HostHeaderPoisoningFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `HostHeaderPoisoningFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { + Configuration() { this = "TaintedHostHeader" } + + override predicate isSource(DataFlow::Node node) { HostHeaderPoisoningConfig::isSource(node) } + + override predicate isSink(DataFlow::Node node) { HostHeaderPoisoningConfig::isSink(node) } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/HttpToFileAccessQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/HttpToFileAccessQuery.qll index 992b0cd1e8dd..9b3d7635c870 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/HttpToFileAccessQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/HttpToFileAccessQuery.qll @@ -11,7 +11,23 @@ private import HttpToFileAccessCustomizations::HttpToFileAccess /** * A taint tracking configuration for writing user-controlled data to files. */ -class Configuration extends TaintTracking::Configuration { +module HttpToFileAccessConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * Taint tracking for writing user-controlled data to files. + */ +module HttpToFileAccessFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `HttpToFileAccessFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "HttpToFileAccess" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ImproperCodeSanitizationQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ImproperCodeSanitizationQuery.qll index fd68b3a7077c..aad78a027d85 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ImproperCodeSanitizationQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ImproperCodeSanitizationQuery.qll @@ -13,7 +13,23 @@ import ImproperCodeSanitizationCustomizations::ImproperCodeSanitization /** * A taint-tracking configuration for reasoning about improper code sanitization vulnerabilities. */ -class Configuration extends TaintTracking::Configuration { +module ImproperCodeSanitizationConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * Taint-tracking for reasoning about improper code sanitization vulnerabilities. + */ +module ImproperCodeSanitizationFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `ImproperCodeSanitizationFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "ImproperCodeSanitization" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/IncompleteHtmlAttributeSanitizationQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/IncompleteHtmlAttributeSanitizationQuery.qll index 730fa6a0e806..824d689445ea 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/IncompleteHtmlAttributeSanitizationQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/IncompleteHtmlAttributeSanitizationQuery.qll @@ -25,7 +25,34 @@ private module Label { /** * A taint-tracking configuration for reasoning about incomplete HTML sanitization vulnerabilities. */ -class Configuration extends TaintTracking::Configuration { +module IncompleteHtmlAttributeSanitizationConfig implements DataFlow::StateConfigSig { + class FlowState = DataFlow::FlowLabel; + + predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { + label = Label::characterToLabel(source.(Source).getAnUnsanitizedCharacter()) + } + + predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { + label = Label::characterToLabel(sink.(Sink).getADangerousCharacter()) + } + + predicate isBarrier(DataFlow::Node node, DataFlow::FlowLabel lbl) { + lbl = Label::characterToLabel(node.(StringReplaceCall).getAReplacedString()) + } + + predicate isBarrier(DataFlow::Node n) { n instanceof Sanitizer } +} + +/** + * Taint-tracking for reasoning about incomplete HTML sanitization vulnerabilities. + */ +module IncompleteHtmlAttributeSanitizationFlow = + TaintTracking::GlobalWithState; + +/** + * DEPRECATED. Use the `IncompleteHtmlAttributeSanitizationFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "IncompleteHtmlAttributeSanitization" } override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionQuery.qll index d2de26d5cd03..942946276627 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/IndirectCommandInjectionQuery.qll @@ -10,7 +10,37 @@ private import IndirectCommandArgument /** * A taint-tracking configuration for reasoning about command-injection vulnerabilities. */ -class Configuration extends TaintTracking::Configuration { +module IndirectCommandInjectionConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + /** + * Holds if `sink` is a data-flow sink for command-injection vulnerabilities, and + * the alert should be placed at the node `highlight`. + */ + additional predicate isSinkWithHighlight(DataFlow::Node sink, DataFlow::Node highlight) { + sink instanceof Sink and highlight = sink + or + isIndirectCommandArgument(sink, highlight) + } + + predicate isSink(DataFlow::Node sink) { isSinkWithHighlight(sink, _) } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } + + predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) { + argsParseStep(pred, succ) + } +} + +/** + * Taint-tracking for reasoning about command-injection vulnerabilities. + */ +module IndirectCommandInjectionFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `IndirectCommandInjectionFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "IndirectCommandInjection" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureDownloadQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureDownloadQuery.qll index 8b7eb42dd255..7f7d3341d5ae 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureDownloadQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureDownloadQuery.qll @@ -12,19 +12,41 @@ import InsecureDownloadCustomizations::InsecureDownload /** * A taint tracking configuration for download of sensitive file through insecure connection. */ -class Configuration extends DataFlow::Configuration { +module InsecureDownloadConfig implements DataFlow::StateConfigSig { + class FlowState = DataFlow::FlowLabel; + + predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { + source.(Source).getALabel() = label + } + + predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { + sink.(Sink).getALabel() = label + } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * Taint tracking for download of sensitive file through insecure connection. + */ +module InsecureDownload = DataFlow::GlobalWithState; + +/** + * DEPRECATED. Use the `InsecureDownload` module instead. + */ +deprecated class Configuration extends DataFlow::Configuration { Configuration() { this = "InsecureDownload" } override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { - source.(Source).getALabel() = label + InsecureDownloadConfig::isSource(source, label) } override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { - sink.(Sink).getALabel() = label + InsecureDownloadConfig::isSink(sink, label) } override predicate isBarrier(DataFlow::Node node) { super.isBarrier(node) or - node instanceof Sanitizer + InsecureDownloadConfig::isBarrier(node) } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureRandomnessQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureRandomnessQuery.qll index 78dfdbfe8336..b4804e8f4644 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureRandomnessQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureRandomnessQuery.qll @@ -15,7 +15,37 @@ private import InsecureRandomnessCustomizations::InsecureRandomness as InsecureR /** * A taint tracking configuration for random values that are not cryptographically secure. */ -class Configuration extends TaintTracking::Configuration { +module InsecureRandomnessConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } + + predicate isBarrierOut(DataFlow::Node node) { + // stop propagation at the sinks to avoid double reporting + isSink(node) + } + + predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) { + InsecureRandomness::isAdditionalTaintStep(pred, succ) + or + // We want to make use of default taint steps but not the default taint sanitizers, as they + // generally assume numbers aren't taintable. So we use a data-flow configuration that includes all + // taint steps as additional flow steps. + TaintTracking::defaultTaintStep(pred, succ) + } +} + +/** + * Taint tracking for random values that are not cryptographically secure. + */ +module InsecureRandomnessFlow = DataFlow::Global; + +/** + * DEPRECATED. Use the `InsecureRandomnessFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "InsecureRandomness" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureTemporaryFileQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureTemporaryFileQuery.qll index 56c22972c163..66e63b0a7a49 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureTemporaryFileQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/InsecureTemporaryFileQuery.qll @@ -13,7 +13,23 @@ import InsecureTemporaryFileCustomizations::InsecureTemporaryFile /** * A taint-tracking configuration for reasoning about insecure temporary file creation. */ -class Configuration extends TaintTracking::Configuration { +module InsecureTemporaryFileConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * Taint-tracking for reasoning about insecure temporary file creation. + */ +module InsecureTemporaryFileFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `InsecureTemporaryFileFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "InsecureTemporaryFile" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/InsufficientPasswordHashQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/InsufficientPasswordHashQuery.qll index 40bfcc1072bd..d01e46360fd0 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/InsufficientPasswordHashQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/InsufficientPasswordHashQuery.qll @@ -19,7 +19,23 @@ import InsufficientPasswordHashCustomizations::InsufficientPasswordHash * added either by extending the relevant class, or by subclassing this configuration itself, * and amending the sources and sinks. */ -class Configuration extends TaintTracking::Configuration { +module InsufficientPasswordHashConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * Taint tracking for password hashing with insufficient computational effort. + */ +module InsufficientPasswordHashFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `InsufficientPasswordHashFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "InsufficientPasswordHash" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/LogInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/LogInjectionQuery.qll index 6a98db71c724..e8e4847bfce8 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/LogInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/LogInjectionQuery.qll @@ -22,7 +22,23 @@ abstract class Sanitizer extends DataFlow::Node { } /** * A taint-tracking configuration for untrusted user input used in log entries. */ -class LogInjectionConfiguration extends TaintTracking::Configuration { +module LogInjectionConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * Taint-tracking for untrusted user input used in log entries. + */ +module LogInjectionFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `LogInjectionFlow` module instead. + */ +deprecated class LogInjectionConfiguration extends TaintTracking::Configuration { LogInjectionConfiguration() { this = "LogInjection" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/LoopBoundInjectionCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/LoopBoundInjectionCustomizations.qll index 75f48032f3f0..c140eed07856 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/LoopBoundInjectionCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/LoopBoundInjectionCustomizations.qll @@ -166,6 +166,30 @@ module LoopBoundInjection { */ abstract class Source extends DataFlow::Node { } + /** + * A barrier guard for looping on tainted objects with unbounded length. + */ + abstract class BarrierGuard extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e) { none() } + + /** + * Holds if this node acts as a barrier for `label`, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { none() } + } + + /** A subclass of `BarrierGuard` that is used for backward compatibility with the old data flow library. */ + abstract class BarrierGuardLegacy extends BarrierGuard, TaintTracking::SanitizerGuardNode { + override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + + override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + this.blocksExpr(outcome, e, label) + } + } + /** * A source of remote user input objects. */ @@ -174,12 +198,12 @@ module LoopBoundInjection { /** * A sanitizer that blocks taint flow if the array is checked to be an array using an `isArray` function. */ - class IsArraySanitizerGuard extends TaintTracking::LabeledSanitizerGuardNode, DataFlow::ValueNode { + class IsArraySanitizerGuard extends BarrierGuardLegacy, DataFlow::ValueNode { override CallExpr astNode; IsArraySanitizerGuard() { astNode.getCalleeName() = "isArray" } - override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { true = outcome and e = astNode.getAnArgument() and label = TaintedObject::label() @@ -189,9 +213,7 @@ module LoopBoundInjection { /** * A sanitizer that blocks taint flow if the array is checked to be an array using an `X instanceof Array` check. */ - class InstanceofArraySanitizerGuard extends TaintTracking::LabeledSanitizerGuardNode, - DataFlow::ValueNode - { + class InstanceofArraySanitizerGuard extends BarrierGuardLegacy, DataFlow::ValueNode { override BinaryExpr astNode; InstanceofArraySanitizerGuard() { @@ -199,7 +221,7 @@ module LoopBoundInjection { DataFlow::globalVarRef("Array").flowsToExpr(astNode.getRightOperand()) } - override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { true = outcome and e = astNode.getLeftOperand() and label = TaintedObject::label() @@ -211,9 +233,7 @@ module LoopBoundInjection { * * Also implicitly makes sure that only the first DoS-prone loop is selected by the query (as the .length test has outcome=false when exiting the loop). */ - class LengthCheckSanitizerGuard extends TaintTracking::LabeledSanitizerGuardNode, - DataFlow::ValueNode - { + class LengthCheckSanitizerGuard extends BarrierGuardLegacy, DataFlow::ValueNode { override RelationalComparison astNode; DataFlow::PropRead propRead; @@ -222,7 +242,7 @@ module LoopBoundInjection { propRead.getPropertyName() = "length" } - override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { false = outcome and e = propRead.getBase().asExpr() and label = TaintedObject::label() diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/LoopBoundInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/LoopBoundInjectionQuery.qll index c277018ba171..0c4d0e52004f 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/LoopBoundInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/LoopBoundInjectionQuery.qll @@ -13,7 +13,42 @@ import LoopBoundInjectionCustomizations::LoopBoundInjection /** * A taint tracking configuration for reasoning about looping on tainted objects with unbounded length. */ -class Configuration extends TaintTracking::Configuration { +module LoopBoundInjectionConfig implements DataFlow::StateConfigSig { + class FlowState = DataFlow::FlowLabel; + + predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { + source instanceof Source and label = TaintedObject::label() + } + + predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { + sink instanceof Sink and label = TaintedObject::label() + } + + predicate isBarrier(DataFlow::Node node) { + node = DataFlow::MakeBarrierGuard::getABarrierNode() + } + + predicate isBarrier(DataFlow::Node node, DataFlow::FlowLabel label) { + node = DataFlow::MakeLabeledBarrierGuard::getABarrierNode(label) or + node = TaintedObject::SanitizerGuard::getABarrierNode(label) + } + + predicate isAdditionalFlowStep( + DataFlow::Node src, DataFlow::FlowLabel inlbl, DataFlow::Node trg, DataFlow::FlowLabel outlbl + ) { + TaintedObject::step(src, trg, inlbl, outlbl) + } +} + +/** + * Taint tracking configuration for reasoning about looping on tainted objects with unbounded length. + */ +module LoopBoundInjectionFlow = TaintTracking::GlobalWithState; + +/** + * DEPRECATED. Use the `LoopBoundInjectionFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "LoopBoundInjection" } override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/NosqlInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/NosqlInjectionQuery.qll index be9b3bdee0a0..a213fa5aa4a1 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/NosqlInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/NosqlInjectionQuery.qll @@ -14,7 +14,57 @@ import NosqlInjectionCustomizations::NosqlInjection /** * A taint-tracking configuration for reasoning about SQL-injection vulnerabilities. */ -class Configuration extends TaintTracking::Configuration { +module NosqlInjectionConfig implements DataFlow::StateConfigSig { + class FlowState = DataFlow::FlowLabel; + + predicate isSource(DataFlow::Node source, DataFlow::FlowLabel state) { + source instanceof Source and state.isTaint() + or + TaintedObject::isSource(source, state) + } + + predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel state) { + sink.(Sink).getAFlowLabel() = state + } + + predicate isBarrier(DataFlow::Node node, DataFlow::FlowLabel state) { + node instanceof Sanitizer and state.isTaint() + or + TaintTracking::defaultSanitizer(node) and state.isTaint() + or + node = TaintedObject::SanitizerGuard::getABarrierNode(state) + } + + predicate isAdditionalFlowStep( + DataFlow::Node node1, DataFlow::FlowLabel state1, DataFlow::Node node2, + DataFlow::FlowLabel state2 + ) { + TaintedObject::step(node1, node2, state1, state2) + or + // additional flow step to track taint through NoSQL query objects + state1 = TaintedObject::label() and + state2 = TaintedObject::label() and + exists(NoSql::Query query, DataFlow::SourceNode queryObj | + queryObj.flowsTo(query) and + queryObj.flowsTo(node2) and + node1 = queryObj.getAPropertyWrite().getRhs() + ) + or + TaintTracking::defaultTaintStep(node1, node2) and + state1.isTaint() and + state2 = state1 + } +} + +/** + * Taint-tracking for reasoning about SQL-injection vulnerabilities. + */ +module NosqlInjectionFlow = DataFlow::GlobalWithState; + +/** + * DEPRECATED. Use the `NosqlInjectionFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "NosqlInjection" } override predicate isSource(DataFlow::Node source) { source instanceof Source } @@ -37,17 +87,9 @@ class Configuration extends TaintTracking::Configuration { } override predicate isAdditionalFlowStep( - DataFlow::Node src, DataFlow::Node trg, DataFlow::FlowLabel inlbl, DataFlow::FlowLabel outlbl + DataFlow::Node node1, DataFlow::Node node2, DataFlow::FlowLabel state1, + DataFlow::FlowLabel state2 ) { - TaintedObject::step(src, trg, inlbl, outlbl) - or - // additional flow step to track taint through NoSQL query objects - inlbl = TaintedObject::label() and - outlbl = TaintedObject::label() and - exists(NoSql::Query query, DataFlow::SourceNode queryObj | - queryObj.flowsTo(query) and - queryObj.flowsTo(trg) and - src = queryObj.getAPropertyWrite().getRhs() - ) + NosqlInjectionConfig::isAdditionalFlowStep(node1, state1, node2, state2) } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/PostMessageStarQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/PostMessageStarQuery.qll index ae7366146da1..5fde270041e4 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/PostMessageStarQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/PostMessageStarQuery.qll @@ -11,7 +11,7 @@ import javascript import PostMessageStarCustomizations::PostMessageStar // Materialize flow labels -private class ConcretePartiallyTaintedObject extends PartiallyTaintedObject { +deprecated private class ConcretePartiallyTaintedObject extends PartiallyTaintedObject { ConcretePartiallyTaintedObject() { this = this } } @@ -26,7 +26,28 @@ private class ConcretePartiallyTaintedObject extends PartiallyTaintedObject { * Additional sources or sinks can be added either by extending the relevant class, or by subclassing * this configuration itself, and amending the sources and sinks. */ -class Configuration extends TaintTracking::Configuration { +module PostMessageStarConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } + + predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet contents) { + // If an object leaks, all of its properties have leaked + isSink(node) and contents = DataFlow::ContentSet::anyProperty() + } +} + +/** + * A taint tracking configuration for cross-window communication with unrestricted origin. + */ +module PostMessageStarFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `PostMessageStarFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "PostMessageStar" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutingAssignmentCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutingAssignmentCustomizations.qll index 656c7bb3849c..4b0b954066a8 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutingAssignmentCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutingAssignmentCustomizations.qll @@ -38,6 +38,30 @@ module PrototypePollutingAssignment { */ abstract class Sanitizer extends DataFlow::Node { } + /** + * A barrier guard for prototype-polluting assignments. + */ + abstract class BarrierGuard extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e) { none() } + + /** + * Holds if this node acts as a barrier for `label`, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { none() } + } + + /** A subclass of `BarrierGuard` that is used for backward compatibility with the old data flow library. */ + abstract class BarrierGuardLegacy extends BarrierGuard, TaintTracking::SanitizerGuardNode { + override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + + override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + this.blocksExpr(outcome, e, label) + } + } + /** A flow label representing the `Object.prototype` value. */ abstract class ObjectPrototype extends DataFlow::FlowLabel { ObjectPrototype() { this = "Object.prototype" } @@ -46,7 +70,9 @@ module PrototypePollutingAssignment { /** The base of an assignment or extend call, as a sink for `Object.prototype` references. */ private class DefaultSink extends Sink { DefaultSink() { - this = any(DataFlow::PropWrite write).getBase() + // Avoid using PropWrite here as we only want assignments that can mutate a pre-existing object, + // so not object literals or array literals. + this = any(AssignExpr assign).getTarget().(PropAccess).getBase().flow() or this = any(ExtendCall c).getDestinationOperand() or @@ -67,7 +93,9 @@ module PrototypePollutingAssignment { * A parameter of an exported function, seen as a source prototype-polluting assignment. */ class ExternalInputSource extends Source { - ExternalInputSource() { this = Exports::getALibraryInputParameter() } + ExternalInputSource() { + this = Exports::getALibraryInputParameter() and not this instanceof RemoteFlowSource + } override string describe() { result = "library input" } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutingAssignmentQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutingAssignmentQuery.qll index 0ba2f26b24c7..ca61ebf284d0 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutingAssignmentQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutingAssignmentQuery.qll @@ -19,16 +19,18 @@ private class ConcreteObjectPrototype extends ObjectPrototype { } /** A taint-tracking configuration for reasoning about prototype-polluting assignments. */ -class Configuration extends TaintTracking::Configuration { - Configuration() { this = "PrototypePollutingAssignment" } +module PrototypePollutingAssignmentConfig implements DataFlow::StateConfigSig { + class FlowState = DataFlow::FlowLabel; - override predicate isSource(DataFlow::Node node) { node instanceof Source } + predicate isSource(DataFlow::Node node, DataFlow::FlowLabel label) { + node instanceof Source and label.isTaint() + } - override predicate isSink(DataFlow::Node node, DataFlow::FlowLabel lbl) { + predicate isSink(DataFlow::Node node, DataFlow::FlowLabel lbl) { node.(Sink).getAFlowLabel() = lbl } - override predicate isSanitizer(DataFlow::Node node) { + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer or // Concatenating with a string will in practice prevent the string `__proto__` from arising. @@ -53,17 +55,24 @@ class Configuration extends TaintTracking::Configuration { not replace.getRawReplacement().getStringValue() = "" ) ) + or + node = DataFlow::MakeBarrierGuard::getABarrierNode() } - override predicate isSanitizerOut(DataFlow::Node node, DataFlow::FlowLabel lbl) { + predicate isBarrierOut(DataFlow::Node node, DataFlow::FlowLabel lbl) { // Suppress the value-preserving step src -> dst in `extend(dst, src)`. This is modeled as a value-preserving // step because it preserves all properties, but the destination is not actually Object.prototype. node = any(ExtendCall call).getASourceOperand() and lbl instanceof ObjectPrototype } - override predicate isAdditionalFlowStep( - DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel inlbl, DataFlow::FlowLabel outlbl + predicate isBarrierIn(DataFlow::Node node, DataFlow::FlowLabel lbl) { + // FIXME: This should only be an in-barrier for the corresponding flow state, but flow-state specific in-barriers are not supported right now. + isSource(node, lbl) + } + + predicate isAdditionalFlowStep( + DataFlow::Node pred, DataFlow::FlowLabel inlbl, DataFlow::Node succ, DataFlow::FlowLabel outlbl ) { // Step from x -> obj[x] while switching to the ObjectPrototype label // (If `x` can have the value `__proto__` then the result can be Object.prototype) @@ -91,7 +100,80 @@ class Configuration extends TaintTracking::Configuration { outlbl instanceof ObjectPrototype ) or - DataFlow::localFieldStep(pred, succ) and inlbl = outlbl + // TODO: local field step becomes a jump step, resulting in FPs (closure-lib) + // TODO: localFieldStep is too expensive with dataflow2 + // DataFlow::localFieldStep(pred, succ) + none() + or + inlbl.isTaint() and + TaintTracking::defaultTaintStep(pred, succ) and + inlbl = outlbl + } + + DataFlow::FlowFeature getAFeature() { result instanceof DataFlow::FeatureHasSourceCallContext } + + predicate isBarrier(DataFlow::Node node, DataFlow::FlowLabel lbl) { + lbl.isTaint() and + TaintTracking::defaultSanitizer(node) + or + // Don't propagate into the receiver, as the method lookups will generally fail on Object.prototype. + node instanceof DataFlow::ThisNode and + lbl instanceof ObjectPrototype + or + node = DataFlow::MakeLabeledBarrierGuard::getABarrierNode(lbl) + } +} + +/** Taint-tracking for reasoning about prototype-polluting assignments. */ +module PrototypePollutingAssignmentFlow = + DataFlow::GlobalWithState; + +/** + * Holds if the given `source, sink` pair should not be reported, as we don't have enough + * confidence in the alert given that source is a library input. + */ +bindingset[source, sink] +predicate isIgnoredLibraryFlow(ExternalInputSource source, Sink sink) { + exists(source) and + // filter away paths that start with library inputs and end with a write to a fixed property. + exists(DataFlow::PropWrite write | sink = write.getBase() | + // fixed property name + exists(write.getPropertyName()) + or + // non-string property name (likely number) + exists(Expr prop | prop = write.getPropertyNameExpr() | + not prop.analyze().getAType() = TTString() + ) + ) +} + +/** + * DEPRECATED. Use the `PrototypePollutingAssignmentFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { + Configuration() { this = "PrototypePollutingAssignment" } + + override predicate isSource(DataFlow::Node node) { node instanceof Source } + + override predicate isSink(DataFlow::Node node, DataFlow::FlowLabel lbl) { + node.(Sink).getAFlowLabel() = lbl + } + + override predicate isSanitizer(DataFlow::Node node) { + PrototypePollutingAssignmentConfig::isBarrier(node) + } + + override predicate isSanitizerOut(DataFlow::Node node, DataFlow::FlowLabel lbl) { + // Suppress the value-preserving step src -> dst in `extend(dst, src)`. This is modeled as a value-preserving + // step because it preserves all properties, but the destination is not actually Object.prototype. + node = any(ExtendCall call).getASourceOperand() and + lbl instanceof ObjectPrototype + } + + override predicate isAdditionalFlowStep( + DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel inlbl, DataFlow::FlowLabel outlbl + ) { + PrototypePollutingAssignmentConfig::isAdditionalFlowStep(pred, inlbl, succ, outlbl) } override predicate hasFlowPath(DataFlow::SourcePathNode source, DataFlow::SinkPathNode sink) { @@ -174,9 +256,7 @@ private predicate isPropertyPresentOnObjectPrototype(string prop) { } /** A check of form `e.prop` where `prop` is not present on `Object.prototype`. */ -private class PropertyPresenceCheck extends TaintTracking::LabeledSanitizerGuardNode, - DataFlow::ValueNode -{ +private class PropertyPresenceCheck extends BarrierGuardLegacy, DataFlow::ValueNode { override PropAccess astNode; PropertyPresenceCheck() { @@ -184,7 +264,7 @@ private class PropertyPresenceCheck extends TaintTracking::LabeledSanitizerGuard not isPropertyPresentOnObjectPrototype(astNode.getPropertyName()) } - override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { e = astNode.getBase() and outcome = true and label instanceof ObjectPrototype @@ -192,14 +272,14 @@ private class PropertyPresenceCheck extends TaintTracking::LabeledSanitizerGuard } /** A check of form `"prop" in e` where `prop` is not present on `Object.prototype`. */ -private class InExprCheck extends TaintTracking::LabeledSanitizerGuardNode, DataFlow::ValueNode { +private class InExprCheck extends BarrierGuardLegacy, DataFlow::ValueNode { override InExpr astNode; InExprCheck() { not isPropertyPresentOnObjectPrototype(astNode.getLeftOperand().getStringValue()) } - override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { e = astNode.getRightOperand() and outcome = true and label instanceof ObjectPrototype @@ -207,10 +287,10 @@ private class InExprCheck extends TaintTracking::LabeledSanitizerGuardNode, Data } /** A check of form `e instanceof X`, which is always false for `Object.prototype`. */ -private class InstanceofCheck extends TaintTracking::LabeledSanitizerGuardNode, DataFlow::ValueNode { +private class InstanceofCheck extends BarrierGuardLegacy, DataFlow::ValueNode { override InstanceofExpr astNode; - override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { e = astNode.getLeftOperand() and outcome = true and label instanceof ObjectPrototype @@ -218,7 +298,7 @@ private class InstanceofCheck extends TaintTracking::LabeledSanitizerGuardNode, } /** A check of form `typeof e === "string"`. */ -private class TypeofCheck extends TaintTracking::LabeledSanitizerGuardNode, DataFlow::ValueNode { +private class TypeofCheck extends BarrierGuardLegacy, DataFlow::ValueNode { override EqualityTest astNode; Expr operand; boolean polarity; @@ -231,7 +311,7 @@ private class TypeofCheck extends TaintTracking::LabeledSanitizerGuardNode, Data ) } - override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { polarity = outcome and e = operand and label instanceof ObjectPrototype @@ -239,20 +319,20 @@ private class TypeofCheck extends TaintTracking::LabeledSanitizerGuardNode, Data } /** A guard that checks whether `x` is a number. */ -class NumberGuard extends TaintTracking::SanitizerGuardNode instanceof DataFlow::CallNode { +class NumberGuard extends BarrierGuardLegacy instanceof DataFlow::CallNode { Expr x; boolean polarity; NumberGuard() { TaintTracking::isNumberGuard(this, x, polarity) } - override predicate sanitizes(boolean outcome, Expr e) { e = x and outcome = polarity } + override predicate blocksExpr(boolean outcome, Expr e) { e = x and outcome = polarity } } /** A call to `Array.isArray`, which is false for `Object.prototype`. */ -private class IsArrayCheck extends TaintTracking::LabeledSanitizerGuardNode, DataFlow::CallNode { +private class IsArrayCheck extends BarrierGuardLegacy, DataFlow::CallNode { IsArrayCheck() { this = DataFlow::globalVarRef("Array").getAMemberCall("isArray") } - override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { e = this.getArgument(0).asExpr() and outcome = true and label instanceof ObjectPrototype @@ -262,12 +342,12 @@ private class IsArrayCheck extends TaintTracking::LabeledSanitizerGuardNode, Dat /** * Sanitizer guard of form `x !== "__proto__"`. */ -private class EqualityCheck extends TaintTracking::SanitizerGuardNode, DataFlow::ValueNode { +private class EqualityCheck extends BarrierGuardLegacy, DataFlow::ValueNode { override EqualityTest astNode; EqualityCheck() { astNode.getAnOperand().getStringValue() = "__proto__" } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { e = astNode.getAnOperand() and outcome = astNode.getPolarity().booleanNot() } @@ -276,10 +356,10 @@ private class EqualityCheck extends TaintTracking::SanitizerGuardNode, DataFlow: /** * Sanitizer guard of the form `x.includes("__proto__")`. */ -private class IncludesCheck extends TaintTracking::LabeledSanitizerGuardNode, InclusionTest { +private class IncludesCheck extends BarrierGuardLegacy, InclusionTest { IncludesCheck() { this.getContainedNode().mayHaveStringValue("__proto__") } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { e = this.getContainerNode().asExpr() and outcome = this.getPolarity().booleanNot() } @@ -288,7 +368,7 @@ private class IncludesCheck extends TaintTracking::LabeledSanitizerGuardNode, In /** * A sanitizer guard that checks tests whether `x` is included in a list like `["__proto__"].includes(x)`. */ -private class DenyListInclusionGuard extends TaintTracking::SanitizerGuardNode, InclusionTest { +private class DenyListInclusionGuard extends BarrierGuardLegacy, InclusionTest { DenyListInclusionGuard() { this.getContainerNode() .getALocalSource() @@ -297,7 +377,7 @@ private class DenyListInclusionGuard extends TaintTracking::SanitizerGuardNode, .mayHaveStringValue("__proto__") } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { e = this.getContainedNode().asExpr() and outcome = super.getPolarity().booleanNot() } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutionQuery.qll index 8ae5ce2404e5..95020e12ec38 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/PrototypePollutionQuery.qll @@ -13,7 +13,10 @@ import semmle.javascript.dependencies.SemVer import PrototypePollutionCustomizations::PrototypePollution // Materialize flow labels -private class ConcreteTaintedObjectWrapper extends TaintedObjectWrapper { +/** + * We no longer use this flow label, since it does not work in a world where flow states inherit taint steps. + */ +deprecated private class ConcreteTaintedObjectWrapper extends TaintedObjectWrapper { ConcreteTaintedObjectWrapper() { this = this } } @@ -21,7 +24,45 @@ private class ConcreteTaintedObjectWrapper extends TaintedObjectWrapper { * A taint tracking configuration for user-controlled objects flowing into deep `extend` calls, * leading to prototype pollution. */ -class Configuration extends TaintTracking::Configuration { +module PrototypePollutionConfig implements DataFlow::StateConfigSig { + class FlowState = DataFlow::FlowLabel; + + predicate isSource(DataFlow::Node node, DataFlow::FlowLabel label) { + node.(Source).getAFlowLabel() = label + } + + predicate isSink(DataFlow::Node node, DataFlow::FlowLabel label) { + node.(Sink).getAFlowLabel() = label + } + + predicate isAdditionalFlowStep( + DataFlow::Node src, DataFlow::FlowLabel inlbl, DataFlow::Node dst, DataFlow::FlowLabel outlbl + ) { + TaintedObject::step(src, dst, inlbl, outlbl) + } + + predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet contents) { + // For recursive merge sinks, the deeply tainted object only needs to be reachable from the input, the input itself + // does not need to be deeply tainted. + isSink(node, TaintedObject::label()) and + contents = DataFlow::ContentSet::anyProperty() + } + + predicate isBarrier(DataFlow::Node node, DataFlow::FlowLabel label) { + node = TaintedObject::SanitizerGuard::getABarrierNode(label) + } +} + +/** + * Taint tracking for user-controlled objects flowing into deep `extend` calls, + * leading to prototype pollution. + */ +module PrototypePollutionFlow = TaintTracking::GlobalWithState; + +/** + * DEPRECATED. Use the `PrototypePollutionFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "PrototypePollution" } override predicate isSource(DataFlow::Node node, DataFlow::FlowLabel label) { diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ReflectedXssQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ReflectedXssQuery.qll index 75ccaeeb9d89..9af157fe4233 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ReflectedXssQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ReflectedXssQuery.qll @@ -5,12 +5,30 @@ import javascript import ReflectedXssCustomizations::ReflectedXss -private import Xss::Shared as Shared +private import Xss::Shared as SharedXss /** - * A taint-tracking configuration for reasoning about XSS. + * A taint-tracking configuration for reasoning about reflected XSS. */ -class Configuration extends TaintTracking::Configuration { +module ReflectedXssConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { + node instanceof Sanitizer or node = SharedXss::BarrierGuard::getABarrierNode() + } +} + +/** + * Taint-tracking for reasoning about reflected XSS. + */ +module ReflectedXssFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `ReflectedXssFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "ReflectedXss" } override predicate isSource(DataFlow::Node source) { source instanceof Source } @@ -28,11 +46,10 @@ class Configuration extends TaintTracking::Configuration { } } -private class QuoteGuard extends TaintTracking::SanitizerGuardNode, Shared::QuoteGuard { +private class QuoteGuard extends SharedXss::QuoteGuard { QuoteGuard() { this = this } } -private class ContainsHtmlGuard extends TaintTracking::SanitizerGuardNode, Shared::ContainsHtmlGuard -{ +private class ContainsHtmlGuard extends SharedXss::ContainsHtmlGuard { ContainsHtmlGuard() { this = this } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/RegExpInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/RegExpInjectionQuery.qll index 00fe3779e12a..476fd9ccd850 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/RegExpInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/RegExpInjectionQuery.qll @@ -13,7 +13,23 @@ import RegExpInjectionCustomizations::RegExpInjection /** * A taint-tracking configuration for untrusted user input used to construct regular expressions. */ -class Configuration extends TaintTracking::Configuration { +module RegExpInjectionConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * Taint-tracking for untrusted user input used to construct regular expressions. + */ +module RegExpInjectionFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `RegExpInjectionFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "RegExpInjection" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/RemotePropertyInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/RemotePropertyInjectionQuery.qll index 83422e8f0dea..d3cbfeb8268d 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/RemotePropertyInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/RemotePropertyInjectionQuery.qll @@ -14,7 +14,26 @@ import RemotePropertyInjectionCustomizations::RemotePropertyInjection /** * A taint-tracking configuration for reasoning about remote property injection. */ -class Configuration extends TaintTracking::Configuration { +module RemotePropertyInjectionConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { + node instanceof Sanitizer or + node = StringConcatenation::getRoot(any(ConstantString str).flow()) + } +} + +/** + * Taint-tracking for reasoning about remote property injection. + */ +module RemotePropertyInjectionFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `RemotePropertyInjectionFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "RemotePropertyInjection" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/RequestForgeryQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/RequestForgeryQuery.qll index 9c67df35ed99..09c956d12ee9 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/RequestForgeryQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/RequestForgeryQuery.qll @@ -12,23 +12,48 @@ import UrlConcatenation import RequestForgeryCustomizations::RequestForgery /** - * A taint tracking configuration for request forgery. + * A taint tracking configuration for server-side request forgery. */ -class Configuration extends TaintTracking::Configuration { +module RequestForgeryConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.(Source).isServerSide() } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } + + predicate isBarrierOut(DataFlow::Node node) { sanitizingPrefixEdge(node, _) } + + predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) { + isAdditionalRequestForgeryStep(pred, succ) + } +} + +/** + * Taint tracking for server-side request forgery. + */ +module RequestForgeryFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `RequestForgeryFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "RequestForgery" } - override predicate isSource(DataFlow::Node source) { source.(Source).isServerSide() } + override predicate isSource(DataFlow::Node source) { RequestForgeryConfig::isSource(source) } - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + override predicate isSink(DataFlow::Node sink) { RequestForgeryConfig::isSink(sink) } override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or + super.isSanitizer(node) + or node instanceof Sanitizer } - override predicate isSanitizerOut(DataFlow::Node node) { sanitizingPrefixEdge(node, _) } + override predicate isSanitizerOut(DataFlow::Node node) { + RequestForgeryConfig::isBarrierOut(node) + } override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { - isAdditionalRequestForgeryStep(pred, succ) + RequestForgeryConfig::isAdditionalFlowStep(pred, succ) } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ResourceExhaustionCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ResourceExhaustionCustomizations.qll index 8307c1f6f939..a26d4a2e9a58 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ResourceExhaustionCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ResourceExhaustionCustomizations.qll @@ -31,6 +31,21 @@ module ResourceExhaustion { */ abstract class Sanitizer extends DataFlow::Node { } + /** + * A barrier guard for resource exhaustion vulnerabilities. + */ + abstract class BarrierGuard extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e) { none() } + } + + /** A subclass of `BarrierGuard` that is used for backward compatibility with the old data flow library. */ + abstract class BarrierGuardLegacy extends BarrierGuard, TaintTracking::SanitizerGuardNode { + override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + } + /** A source of remote user input, considered as a data flow source for resource exhaustion vulnerabilities. */ class RemoteFlowSourceAsSource extends Source instanceof RemoteFlowSource { RemoteFlowSourceAsSource() { diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ResourceExhaustionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ResourceExhaustionQuery.qll index 366d1db69732..01cab9497413 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ResourceExhaustionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ResourceExhaustionQuery.qll @@ -13,7 +13,31 @@ import ResourceExhaustionCustomizations::ResourceExhaustion /** * A data flow configuration for resource exhaustion vulnerabilities. */ -class Configuration extends TaintTracking::Configuration { +module ResourceExhaustionConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { + node instanceof Sanitizer or + node = any(DataFlow::PropRead read | read.getPropertyName() = "length") or + node = DataFlow::MakeBarrierGuard::getABarrierNode() + } + + predicate isAdditionalFlowStep(DataFlow::Node src, DataFlow::Node dst) { + isNumericFlowStep(src, dst) + } +} + +/** + * Data flow for resource exhaustion vulnerabilities. + */ +module ResourceExhaustionFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `ResourceExhaustionFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "ResourceExhaustion" } override predicate isSource(DataFlow::Node source) { source instanceof Source } @@ -49,10 +73,10 @@ predicate isNumericFlowStep(DataFlow::Node src, DataFlow::Node dst) { /** * A sanitizer that blocks taint flow if the size of a number is limited. */ -class UpperBoundsCheckSanitizerGuard extends TaintTracking::SanitizerGuardNode, DataFlow::ValueNode { +class UpperBoundsCheckSanitizerGuard extends BarrierGuardLegacy, DataFlow::ValueNode { override RelationalComparison astNode; - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { true = outcome and e = astNode.getLesserOperand() or diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/SecondOrderCommandInjectionCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/SecondOrderCommandInjectionCustomizations.qll index c405dec31f78..95a363bfa175 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/SecondOrderCommandInjectionCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/SecondOrderCommandInjectionCustomizations.qll @@ -83,6 +83,30 @@ module SecondOrderCommandInjection { abstract string getVulnerableArgumentExample(); } + /** + * A barrier guard for second order command-injection vulnerabilities. + */ + abstract class BarrierGuard extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e) { none() } + + /** + * Holds if this node acts as a barrier for `label`, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { none() } + } + + /** A subclass of `BarrierGuard` that is used for backward compatibility with the old data flow library. */ + abstract class BarrierGuardLegacy extends BarrierGuard, TaintTracking::SanitizerGuardNode { + override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + + override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + this.blocksExpr(outcome, e, label) + } + } + /** * A sink that invokes a command described by the `VulnerableCommand` class. */ @@ -190,9 +214,8 @@ module SecondOrderCommandInjection { /** * A sanitizer that blocks flow when a string is tested to start with a certain prefix. */ - class PrefixStringSanitizer extends TaintTracking::SanitizerGuardNode instanceof StringOps::StartsWith - { - override predicate sanitizes(boolean outcome, Expr e) { + class PrefixStringSanitizer extends BarrierGuardLegacy instanceof StringOps::StartsWith { + override predicate blocksExpr(boolean outcome, Expr e) { e = super.getBaseString().asExpr() and outcome = super.getPolarity() } @@ -201,11 +224,10 @@ module SecondOrderCommandInjection { /** * A sanitizer that blocks flow when a string does not start with "--" */ - class DoubleDashSanitizer extends TaintTracking::SanitizerGuardNode instanceof StringOps::StartsWith - { + class DoubleDashSanitizer extends BarrierGuardLegacy instanceof StringOps::StartsWith { DoubleDashSanitizer() { super.getSubstring().mayHaveStringValue("--") } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { e = super.getBaseString().asExpr() and outcome = super.getPolarity().booleanNot() } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/SecondOrderCommandInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/SecondOrderCommandInjectionQuery.qll index fc10cd30c716..1fab45843a94 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/SecondOrderCommandInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/SecondOrderCommandInjectionQuery.qll @@ -14,7 +14,53 @@ private import semmle.javascript.security.TaintedObject /** * A taint-tracking configuration for reasoning about second order command-injection vulnerabilities. */ -class Configuration extends TaintTracking::Configuration { +module SecondOrderCommandInjectionConfig implements DataFlow::StateConfigSig { + class FlowState = DataFlow::FlowLabel; + + predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { + source.(Source).getALabel() = label + } + + predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { + sink.(Sink).getALabel() = label + } + + predicate isBarrier(DataFlow::Node node) { + node instanceof Sanitizer or node = DataFlow::MakeBarrierGuard::getABarrierNode() + } + + predicate isBarrier(DataFlow::Node node, DataFlow::FlowLabel label) { + TaintTracking::defaultSanitizer(node) and + label.isTaint() + or + node = DataFlow::MakeLabeledBarrierGuard::getABarrierNode(label) + or + node = TaintedObject::SanitizerGuard::getABarrierNode(label) + } + + predicate isAdditionalFlowStep( + DataFlow::Node src, DataFlow::FlowLabel inlbl, DataFlow::Node trg, DataFlow::FlowLabel outlbl + ) { + TaintedObject::step(src, trg, inlbl, outlbl) + or + // We're not using a taint-tracking config because taint steps would then apply to all flow states. + // So we use a plain data flow config and manually add the default taint steps. + inlbl.isTaint() and + TaintTracking::defaultTaintStep(src, trg) and + inlbl = outlbl + } +} + +/** + * Taint-tracking for reasoning about second order command-injection vulnerabilities. + */ +module SecondOrderCommandInjectionFlow = + DataFlow::GlobalWithState; + +/** + * DEPRECATED. Use the `SecondOrderCommandInjectionFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "SecondOrderCommandInjection" } override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ServerSideUrlRedirectQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ServerSideUrlRedirectQuery.qll index 7f16f7f49dd9..94614094cb19 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ServerSideUrlRedirectQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ServerSideUrlRedirectQuery.qll @@ -15,7 +15,32 @@ import ServerSideUrlRedirectCustomizations::ServerSideUrlRedirect /** * A taint-tracking configuration for reasoning about unvalidated URL redirections. */ -class Configuration extends TaintTracking::Configuration { +module ServerSideUrlRedirectConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } + + predicate isBarrierOut(DataFlow::Node node) { hostnameSanitizingPrefixEdge(node, _) } + + predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) { + exists(HtmlSanitizerCall call | + pred = call.getInput() and + succ = call + ) + } +} + +/** + * Taint-tracking for reasoning about unvalidated URL redirections. + */ +module ServerSideUrlRedirectFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `ServerSideUrlRedirectFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "ServerSideUrlRedirect" } override predicate isSource(DataFlow::Node source) { source instanceof Source } @@ -27,7 +52,9 @@ class Configuration extends TaintTracking::Configuration { node instanceof Sanitizer } - override predicate isSanitizerOut(DataFlow::Node node) { hostnameSanitizingPrefixEdge(node, _) } + override predicate isSanitizerOut(DataFlow::Node node) { + ServerSideUrlRedirectConfig::isBarrierOut(node) + } override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) { guard instanceof LocalUrlSanitizingGuard or @@ -35,10 +62,7 @@ class Configuration extends TaintTracking::Configuration { } override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { - exists(HtmlSanitizerCall call | - pred = call.getInput() and - succ = call - ) + ServerSideUrlRedirectConfig::isAdditionalFlowStep(pred, succ) } } @@ -49,8 +73,10 @@ class Configuration extends TaintTracking::Configuration { class LocalUrlSanitizingGuard extends TaintTracking::SanitizerGuardNode, DataFlow::CallNode { LocalUrlSanitizingGuard() { this.getCalleeName().regexpMatch("(?i)(is_?)?local_?url") } - override predicate sanitizes(boolean outcome, Expr e) { - // `isLocalUrl(e)` sanitizes `e` if it evaluates to `true` + override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + + /** Holds if this node blocks flow through `e`, provided it evaluates to `outcome`. */ + predicate blocksExpr(boolean outcome, Expr e) { this.getAnArgument().asExpr() = e and outcome = true } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ShellCommandInjectionFromEnvironmentQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ShellCommandInjectionFromEnvironmentQuery.qll index 6e0cff12efff..8d04d283c002 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ShellCommandInjectionFromEnvironmentQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ShellCommandInjectionFromEnvironmentQuery.qll @@ -14,7 +14,31 @@ import IndirectCommandArgument /** * A taint-tracking configuration for reasoning about command-injection vulnerabilities. */ -class Configuration extends TaintTracking::Configuration { +module ShellCommandInjectionFromEnvironmentConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + /** Holds if `sink` is a command-injection sink with `highlight` as the corresponding alert location. */ + additional predicate isSinkWithHighlight(DataFlow::Node sink, DataFlow::Node highlight) { + sink instanceof Sink and highlight = sink + or + isIndirectCommandArgument(sink, highlight) + } + + predicate isSink(DataFlow::Node sink) { isSinkWithHighlight(sink, _) } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * Taint-tracking for reasoning about command-injection vulnerabilities. + */ +module ShellCommandInjectionFromEnvironmentFlow = + TaintTracking::Global; + +/** + * DEPRECATED. Use the `ShellCommandInjectionFromEnvironmentFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "ShellCommandInjectionFromEnvironment" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/SqlInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/SqlInjectionQuery.qll index 43f50e77c77d..3a5f0e41bfaf 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/SqlInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/SqlInjectionQuery.qll @@ -13,19 +13,14 @@ import SqlInjectionCustomizations::SqlInjection /** * A taint-tracking configuration for reasoning about string based query injection vulnerabilities. */ -class Configuration extends TaintTracking::Configuration { - Configuration() { this = "SqlInjection" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } +module SqlInjectionConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } - override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof Sanitizer - } + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } - override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { + predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) { exists(LdapJS::TaintPreservingLdapFilterStep filter | pred = filter.getInput() and succ = filter.getOutput() @@ -37,3 +32,28 @@ class Configuration extends TaintTracking::Configuration { ) } } + +/** + * Taint-tracking for reasoning about string based query injection vulnerabilities. + */ +module SqlInjectionFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `SqlInjectionFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { + Configuration() { this = "SqlInjection" } + + override predicate isSource(DataFlow::Node source) { source instanceof Source } + + override predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + override predicate isSanitizer(DataFlow::Node node) { + super.isSanitizer(node) or + node instanceof Sanitizer + } + + override predicate isAdditionalTaintStep(DataFlow::Node pred, DataFlow::Node succ) { + SqlInjectionConfig::isAdditionalFlowStep(pred, succ) + } +} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/StackTraceExposureQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/StackTraceExposureQuery.qll index 4350fbab0615..cb05f91c7278 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/StackTraceExposureQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/StackTraceExposureQuery.qll @@ -14,14 +14,10 @@ import StackTraceExposureCustomizations::StackTraceExposure * A taint-tracking configuration for reasoning about stack trace * exposure problems. */ -class Configuration extends TaintTracking::Configuration { - Configuration() { this = "StackTraceExposure" } - - override predicate isSource(DataFlow::Node src) { src instanceof Source } +module StackTraceExposureConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node src) { src instanceof Source } - override predicate isSanitizer(DataFlow::Node nd) { - super.isSanitizer(nd) - or + predicate isBarrier(DataFlow::Node nd) { // read of a property other than `stack` nd.(DataFlow::PropRead).getPropertyName() != "stack" or @@ -31,5 +27,27 @@ class Configuration extends TaintTracking::Configuration { nd = StringConcatenation::getAnOperand(_) } + predicate isSink(DataFlow::Node snk) { snk instanceof Sink } +} + +/** + * Taint-tracking for reasoning about stack trace exposure problems. + */ +module StackTraceExposureFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `StackTraceExposureFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { + Configuration() { this = "StackTraceExposure" } + + override predicate isSource(DataFlow::Node src) { src instanceof Source } + + override predicate isSanitizer(DataFlow::Node nd) { + super.isSanitizer(nd) + or + StackTraceExposureConfig::isBarrier(nd) + } + override predicate isSink(DataFlow::Node snk) { snk instanceof Sink } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/StoredXssCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/StoredXssCustomizations.qll index 16fe8e44a9ca..412332b54115 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/StoredXssCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/StoredXssCustomizations.qll @@ -21,6 +21,16 @@ module StoredXss { /** A sanitizer for stored XSS vulnerabilities. */ abstract class Sanitizer extends Shared::Sanitizer { } + /** + * A barrier guard for stored XSS. + */ + abstract class BarrierGuard extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e) { none() } + } + /** An arbitrary XSS sink, considered as a flow sink for stored XSS. */ private class AnySink extends Sink { AnySink() { this instanceof Shared::Sink } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/StoredXssQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/StoredXssQuery.qll index cc2f39471869..b40b610b71e9 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/StoredXssQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/StoredXssQuery.qll @@ -8,9 +8,25 @@ import StoredXssCustomizations::StoredXss private import Xss::Shared as Shared /** - * A taint-tracking configuration for reasoning about XSS. + * A taint-tracking configuration for reasoning about stored XSS. */ -class Configuration extends TaintTracking::Configuration { +module StoredXssConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * Taint-tracking for reasoning about stored XSS. + */ +module StoredXssFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `StoredXssFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "StoredXss" } override predicate isSource(DataFlow::Node source) { source instanceof Source } @@ -28,11 +44,10 @@ class Configuration extends TaintTracking::Configuration { } } -private class QuoteGuard extends TaintTracking::SanitizerGuardNode, Shared::QuoteGuard { +private class QuoteGuard extends Shared::QuoteGuard { QuoteGuard() { this = this } } -private class ContainsHtmlGuard extends TaintTracking::SanitizerGuardNode, Shared::ContainsHtmlGuard -{ +private class ContainsHtmlGuard extends Shared::ContainsHtmlGuard { ContainsHtmlGuard() { this = this } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedFormatStringQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedFormatStringQuery.qll index 0475999ed3c9..b10088af82ee 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedFormatStringQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedFormatStringQuery.qll @@ -13,7 +13,23 @@ private import TaintedFormatStringCustomizations::TaintedFormatString /** * A taint-tracking configuration for format injections. */ -class Configuration extends TaintTracking::Configuration { +module TaintedFormatStringConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * Taint-tracking for format injections. + */ +module TaintedFormatStringFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `TaintedFormatStringFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "TaintedFormatString" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll index cd1bb80fce4c..d4deb186b09e 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll @@ -31,7 +31,28 @@ module TaintedPath { /** * A barrier guard for tainted-path vulnerabilities. */ - abstract class BarrierGuardNode extends DataFlow::LabeledBarrierGuardNode { } + abstract class BarrierGuard extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e) { none() } + + /** + * Holds if this node acts as a barrier for `label`, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { none() } + } + + /** A subclass of `BarrierGuard` that is used for backward compatibility with the old data flow library. */ + abstract class BarrierGuardLegacy extends BarrierGuard, DataFlow::BarrierGuardNode { + override predicate blocks(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + + override predicate blocks(boolean outcome, Expr e, DataFlow::FlowLabel label) { + this.blocksExpr(outcome, e, label) + } + } + + deprecated class BarrierGuardNode = BarrierGuard; module Label { /** @@ -345,10 +366,10 @@ module TaintedPath { * * This is relevant for paths that are known to be normalized. */ - class StartsWithDotDotSanitizer extends BarrierGuardNode instanceof StringOps::StartsWith { + class StartsWithDotDotSanitizer extends BarrierGuardLegacy instanceof StringOps::StartsWith { StartsWithDotDotSanitizer() { isDotDotSlashPrefix(super.getSubstring()) } - override predicate blocks(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { // Sanitize in the false case for: // .startsWith(".") // .startsWith("..") @@ -365,12 +386,12 @@ module TaintedPath { /** * A check of the form `whitelist.includes(x)` or equivalent, which sanitizes `x` in its "then" branch. */ - class MembershipTestBarrierGuard extends BarrierGuardNode { + class MembershipTestBarrierGuard extends BarrierGuardLegacy { MembershipCandidate candidate; MembershipTestBarrierGuard() { this = candidate.getTest() } - override predicate blocks(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { candidate = e.flow() and candidate.getTestPolarity() = outcome } @@ -380,7 +401,7 @@ module TaintedPath { * A check of form `x.startsWith(dir)` that sanitizes normalized absolute paths, since it is then * known to be in a subdirectory of `dir`. */ - class StartsWithDirSanitizer extends BarrierGuardNode { + class StartsWithDirSanitizer extends BarrierGuardLegacy { StringOps::StartsWith startsWith; StartsWithDirSanitizer() { @@ -390,7 +411,7 @@ module TaintedPath { not startsWith.getSubstring().getStringValue() = "/" } - override predicate blocks(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { outcome = startsWith.getPolarity() and e = startsWith.getBaseString().asExpr() and exists(Label::PosixPath posixPath | posixPath = label | @@ -404,7 +425,7 @@ module TaintedPath { * A call to `path.isAbsolute` as a sanitizer for relative paths in true branch, * and a sanitizer for absolute paths in the false branch. */ - class IsAbsoluteSanitizer extends BarrierGuardNode { + class IsAbsoluteSanitizer extends BarrierGuardLegacy { DataFlow::Node operand; boolean polarity; boolean negatable; @@ -425,7 +446,7 @@ module TaintedPath { ) // !x.startsWith("/home") does not guarantee that x is not absolute } - override predicate blocks(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { e = operand.asExpr() and exists(Label::PosixPath posixPath | posixPath = label | outcome = polarity and posixPath.isRelative() @@ -440,10 +461,10 @@ module TaintedPath { /** * An expression of form `x.includes("..")` or similar. */ - class ContainsDotDotSanitizer extends BarrierGuardNode instanceof StringOps::Includes { + class ContainsDotDotSanitizer extends BarrierGuardLegacy instanceof StringOps::Includes { ContainsDotDotSanitizer() { isDotDotSlashPrefix(super.getSubstring()) } - override predicate blocks(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { e = super.getBaseString().asExpr() and outcome = super.getPolarity().booleanNot() and label.(Label::PosixPath).canContainDotDotSlash() // can still be bypassed by normalized absolute path @@ -453,10 +474,10 @@ module TaintedPath { /** * An expression of form `x.matches(/\.\./)` or similar. */ - class ContainsDotDotRegExpSanitizer extends BarrierGuardNode instanceof StringOps::RegExpTest { + class ContainsDotDotRegExpSanitizer extends BarrierGuardLegacy instanceof StringOps::RegExpTest { ContainsDotDotRegExpSanitizer() { super.getRegExp().getAMatchedString() = [".", "..", "../"] } - override predicate blocks(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { e = super.getStringOperand().asExpr() and outcome = super.getPolarity().booleanNot() and label.(Label::PosixPath).canContainDotDotSlash() // can still be bypassed by normalized absolute path @@ -484,7 +505,7 @@ module TaintedPath { * } * ``` */ - class RelativePathStartsWithSanitizer extends BarrierGuardNode { + class RelativePathStartsWithSanitizer extends BarrierGuardLegacy { StringOps::StartsWith startsWith; DataFlow::CallNode pathCall; string member; @@ -506,7 +527,7 @@ module TaintedPath { (not member = "relative" or isDotDotSlashPrefix(startsWith.getSubstring())) } - override predicate blocks(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { member = "relative" and e = this.maybeGetPathSuffix(pathCall.getArgument(1)).asExpr() and outcome = startsWith.getPolarity().booleanNot() @@ -542,7 +563,7 @@ module TaintedPath { * An expression of form `isInside(x, y)` or similar, where `isInside` is * a library check for the relation between `x` and `y`. */ - class IsInsideCheckSanitizer extends BarrierGuardNode { + class IsInsideCheckSanitizer extends BarrierGuardLegacy { DataFlow::Node checked; boolean onlyNormalizedAbsolutePaths; @@ -558,7 +579,7 @@ module TaintedPath { ) } - override predicate blocks(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { ( onlyNormalizedAbsolutePaths = true and label.(Label::PosixPath).isNormalized() and @@ -750,8 +771,6 @@ module TaintedPath { ) ) or - TaintTracking::promiseStep(src, dst) and srclabel = dstlabel - or TaintTracking::persistentStorageStep(src, dst) and srclabel = dstlabel or exists(DataFlow::PropRead read | read = dst | diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathQuery.qll index 914c63543f56..365a784bd9d8 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathQuery.qll @@ -8,7 +8,7 @@ */ import javascript -import TaintedPathCustomizations::TaintedPath +private import TaintedPathCustomizations::TaintedPath // Materialize flow labels private class ConcretePosixPath extends Label::PosixPath { @@ -22,7 +22,44 @@ private class ConcreteSplitPath extends Label::SplitPath { /** * A taint-tracking configuration for reasoning about tainted-path vulnerabilities. */ -class Configuration extends DataFlow::Configuration { +module TaintedPathConfig implements DataFlow::StateConfigSig { + class FlowState = DataFlow::FlowLabel; + + predicate isSource(DataFlow::Node source, DataFlow::FlowLabel state) { + state = source.(Source).getAFlowLabel() + } + + predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel state) { + state = sink.(Sink).getAFlowLabel() + } + + predicate isBarrier(DataFlow::Node node, DataFlow::FlowLabel label) { + node instanceof Sanitizer and exists(label) + or + node = DataFlow::MakeLabeledBarrierGuard::getABarrierNode(label) + } + + predicate isBarrier(DataFlow::Node node) { + node = DataFlow::MakeBarrierGuard::getABarrierNode() + } + + predicate isAdditionalFlowStep( + DataFlow::Node node1, DataFlow::FlowLabel state1, DataFlow::Node node2, + DataFlow::FlowLabel state2 + ) { + isAdditionalTaintedPathFlowStep(node1, node2, state1, state2) + } +} + +/** + * Taint-tracking for reasoning about tainted-path vulnerabilities. + */ +module TaintedPathFlow = DataFlow::GlobalWithState; + +/** + * DEPRECATED. Use the `TaintedPathFlow` module instead. + */ +deprecated class Configuration extends DataFlow::Configuration { Configuration() { this = "TaintedPath" } override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/TemplateObjectInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/TemplateObjectInjectionQuery.qll index 22bb06e4af3d..1a4f02be601f 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/TemplateObjectInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/TemplateObjectInjectionQuery.qll @@ -14,7 +14,48 @@ private import semmle.javascript.security.TaintedObject /** * A taint tracking configuration for reasoning about template object injection vulnerabilities. */ -class TemplateObjInjectionConfig extends TaintTracking::Configuration { +module TemplateObjectInjectionConfig implements DataFlow::StateConfigSig { + class FlowState = DataFlow::FlowLabel; + + predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { + source.(Source).getAFlowLabel() = label + } + + predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { + sink instanceof Sink and label = TaintedObject::label() + } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } + + predicate isBarrier(DataFlow::Node node, DataFlow::FlowLabel label) { + TaintTracking::defaultSanitizer(node) and + label.isTaint() + or + node = TaintedObject::SanitizerGuard::getABarrierNode(label) + } + + predicate isAdditionalFlowStep( + DataFlow::Node src, DataFlow::FlowLabel inlbl, DataFlow::Node trg, DataFlow::FlowLabel outlbl + ) { + TaintedObject::step(src, trg, inlbl, outlbl) + or + // We're not using a taint-tracking config because taint steps would then apply to all flow states. + // So we use a plain data flow config and manually add the default taint steps. + inlbl.isTaint() and + TaintTracking::defaultTaintStep(src, trg) and + inlbl = outlbl + } +} + +/** + * Taint tracking for reasoning about template object injection vulnerabilities. + */ +module TemplateObjectInjectionFlow = DataFlow::GlobalWithState; + +/** + * DEPRECATED. Use the `TemplateObjectInjectionFlow` module instead. + */ +deprecated class TemplateObjInjectionConfig extends TaintTracking::Configuration { TemplateObjInjectionConfig() { this = "TemplateObjInjectionConfig" } override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/TypeConfusionThroughParameterTamperingCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/TypeConfusionThroughParameterTamperingCustomizations.qll index ad608017115d..6857ab308a4c 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/TypeConfusionThroughParameterTamperingCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/TypeConfusionThroughParameterTamperingCustomizations.qll @@ -23,6 +23,21 @@ module TypeConfusionThroughParameterTampering { */ abstract class Barrier extends DataFlow::Node { } + /** + * A barrier guard for type confusion for HTTP request inputs. + */ + abstract class BarrierGuard extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e) { none() } + } + + /** A subclass of `BarrierGuard` that is used for backward compatibility with the old data flow library. */ + abstract class BarrierGuardLegacy extends BarrierGuard, TaintTracking::SanitizerGuardNode { + override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + } + /** * An HTTP request parameter that the user controls the type of. * diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/TypeConfusionThroughParameterTamperingQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/TypeConfusionThroughParameterTamperingQuery.qll index 9cc09987343d..a490d11a429a 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/TypeConfusionThroughParameterTamperingQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/TypeConfusionThroughParameterTamperingQuery.qll @@ -13,37 +13,33 @@ private import semmle.javascript.dataflow.InferredTypes import TypeConfusionThroughParameterTamperingCustomizations::TypeConfusionThroughParameterTampering /** - * A taint tracking configuration for type confusion for HTTP request inputs. + * Data flow configuration for type confusion for HTTP request inputs. */ -class Configuration extends DataFlow::Configuration { - Configuration() { this = "TypeConfusionThroughParameterTampering" } - - override predicate isSource(DataFlow::Node source) { source instanceof Source } +module TypeConfusionConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { sink instanceof Sink and sink.analyze().getAType() = TTString() and sink.analyze().getAType() = TTObject() } - override predicate isBarrier(DataFlow::Node node) { - super.isBarrier(node) - or - node instanceof Barrier - } - - override predicate isBarrierGuard(DataFlow::BarrierGuardNode guard) { - guard instanceof TypeOfTestBarrier or - guard instanceof IsArrayBarrier + predicate isBarrier(DataFlow::Node node) { + node instanceof Barrier or node = DataFlow::MakeBarrierGuard::getABarrierNode() } } -private class TypeOfTestBarrier extends DataFlow::BarrierGuardNode, DataFlow::ValueNode { +/** + * Data flow for type confusion for HTTP request inputs. + */ +module TypeConfusionFlow = DataFlow::Global; + +private class TypeOfTestBarrier extends BarrierGuardLegacy, DataFlow::ValueNode { override EqualityTest astNode; TypeOfTestBarrier() { TaintTracking::isTypeofGuard(astNode, _, _) } - override predicate blocks(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { exists(string tag | TaintTracking::isTypeofGuard(astNode, e, tag) and if tag = ["string", "object"] @@ -53,11 +49,33 @@ private class TypeOfTestBarrier extends DataFlow::BarrierGuardNode, DataFlow::Va } } -private class IsArrayBarrier extends DataFlow::BarrierGuardNode, DataFlow::CallNode { +private class IsArrayBarrier extends BarrierGuardLegacy, DataFlow::CallNode { IsArrayBarrier() { this = DataFlow::globalVarRef("Array").getAMemberCall("isArray") } - override predicate blocks(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { e = this.getArgument(0).asExpr() and outcome = [true, false] // separation between string/array removes type confusion in both branches } } + +/** + * DEPRECATED. Use the `TypeConfusionFlow` module instead. + */ +deprecated class Configuration extends DataFlow::Configuration { + Configuration() { this = "TypeConfusionThroughParameterTampering" } + + override predicate isSource(DataFlow::Node source) { TypeConfusionConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TypeConfusionConfig::isSink(sink) } + + override predicate isBarrier(DataFlow::Node node) { + super.isBarrier(node) + or + node instanceof Barrier + } + + override predicate isBarrierGuard(DataFlow::BarrierGuardNode guard) { + guard instanceof TypeOfTestBarrier or + guard instanceof IsArrayBarrier + } +} diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeCodeConstruction.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeCodeConstruction.qll index 2c45483f0dbd..5e2c3d8f195b 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeCodeConstruction.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeCodeConstruction.qll @@ -19,7 +19,34 @@ module UnsafeCodeConstruction { /** * A taint-tracking configuration for reasoning about unsafe code constructed from library input. */ - class Configuration extends TaintTracking::Configuration { + module UnsafeCodeConstructionConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof CodeInjection::Sanitizer } + + predicate isAdditionalFlowStep(DataFlow::Node src, DataFlow::Node trg) { + // HTML sanitizers are insufficient protection against code injection + src = trg.(HtmlSanitizerCall).getInput() + or + none() + // TODO: localFieldStep is too expensive with dataflow2 + // DataFlow::localFieldStep(pred, succ) + } + + DataFlow::FlowFeature getAFeature() { result instanceof DataFlow::FeatureHasSourceCallContext } + } + + /** + * Taint-tracking for reasoning about unsafe code constructed from library input. + */ + module UnsafeCodeConstructionFlow = TaintTracking::Global; + + /** + * DEPRECATED. Use the `UnsafeCodeConstructionFlow` module instead. + */ + deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "UnsafeCodeConstruction" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDeserializationQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDeserializationQuery.qll index f8afff17b3a6..edb3f93fa1b2 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDeserializationQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDeserializationQuery.qll @@ -12,7 +12,23 @@ import UnsafeDeserializationCustomizations::UnsafeDeserialization /** * A taint-tracking configuration for reasoning about unsafe deserialization. */ -class Configuration extends TaintTracking::Configuration { +module UnsafeDeserializationConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * Taint-tracking for reasoning about unsafe deserialization. + */ +module UnsafeDeserializationFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `UnsafeDeserializationFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "UnsafeDeserialization" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDynamicMethodAccessQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDynamicMethodAccessQuery.qll index 9ebe36a7cb8a..f73363d1767d 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDynamicMethodAccessQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeDynamicMethodAccessQuery.qll @@ -20,40 +20,37 @@ private class ConcreteUnsafeFunction extends UnsafeFunction { /** * A taint-tracking configuration for reasoning about unsafe dynamic method access. */ -class Configuration extends TaintTracking::Configuration { - Configuration() { this = "UnsafeDynamicMethodAccess" } +module UnsafeDynamicMethodAccessConfig implements DataFlow::StateConfigSig { + class FlowState = DataFlow::FlowLabel; - override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { + predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { source.(Source).getFlowLabel() = label } - override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { + predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { sink.(Sink).getFlowLabel() = label } - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) - or + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer or exists(StringConcatenation::getOperand(node, _)) and not StringConcatenation::isCoercion(node) } - /** - * Holds if a property of the given object is an unsafe function. - */ - predicate hasUnsafeMethods(DataFlow::SourceNode node) { - PropertyInjection::hasUnsafeMethods(node) // Redefined here so custom queries can override it + predicate isBarrier(DataFlow::Node node, DataFlow::FlowLabel label) { + TaintTracking::defaultSanitizer(node) and + label.isTaint() } - override predicate isAdditionalFlowStep( - DataFlow::Node src, DataFlow::Node dst, DataFlow::FlowLabel srclabel, + /** An additional flow step for use in both this configuration and the legacy configuration. */ + additional predicate additionalFlowStep( + DataFlow::Node src, DataFlow::FlowLabel srclabel, DataFlow::Node dst, DataFlow::FlowLabel dstlabel ) { // Reading a property of the global object or of a function exists(DataFlow::PropRead read | - this.hasUnsafeMethods(read.getBase().getALocalSource()) and + PropertyInjection::hasUnsafeMethods(read.getBase().getALocalSource()) and src = read.getPropertyNameExpr().flow() and dst = read and srclabel.isTaint() and @@ -69,4 +66,57 @@ class Configuration extends TaintTracking::Configuration { dstlabel = unsafeFunction() ) } + + predicate isAdditionalFlowStep( + DataFlow::Node src, DataFlow::FlowLabel srclabel, DataFlow::Node dst, + DataFlow::FlowLabel dstlabel + ) { + additionalFlowStep(src, srclabel, dst, dstlabel) + or + // We're not using a taint-tracking config because taint steps would then apply to all flow states. + // So we use a plain data flow config and manually add the default taint steps. + srclabel.isTaint() and + TaintTracking::defaultTaintStep(src, dst) and + srclabel = dstlabel + } +} + +/** + * Taint-tracking for reasoning about unsafe dynamic method access. + */ +module UnsafeDynamicMethodAccessFlow = DataFlow::GlobalWithState; + +/** + * DEPRECATED. Use the `UnsafeDynamicMethodAccessFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { + Configuration() { this = "UnsafeDynamicMethodAccess" } + + override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { + UnsafeDynamicMethodAccessConfig::isSource(source, label) + } + + override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { + UnsafeDynamicMethodAccessConfig::isSink(sink, label) + } + + override predicate isSanitizer(DataFlow::Node node) { + super.isSanitizer(node) + or + UnsafeDynamicMethodAccessConfig::isBarrier(node) + } + + /** + * Holds if a property of the given object is an unsafe function. + */ + predicate hasUnsafeMethods(DataFlow::SourceNode node) { + PropertyInjection::hasUnsafeMethods(node) // Redefined here so custom queries can override it + } + + override predicate isAdditionalFlowStep( + DataFlow::Node src, DataFlow::Node dst, DataFlow::FlowLabel srclabel, + DataFlow::FlowLabel dstlabel + ) { + UnsafeDynamicMethodAccessConfig::additionalFlowStep(src, srclabel, dst, dstlabel) + } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeHtmlConstructionCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeHtmlConstructionCustomizations.qll index 90579211a3f5..47535107bd89 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeHtmlConstructionCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeHtmlConstructionCustomizations.qll @@ -61,6 +61,30 @@ module UnsafeHtmlConstruction { abstract string describe(); } + /** + * A barrier guard for unsafe HTML constructed from library input vulnerabilities. + */ + abstract class BarrierGuard extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e) { none() } + + /** + * Holds if this node acts as a barrier for `label`, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { none() } + } + + /** A subclass of `BarrierGuard` that is used for backward compatibility with the old data flow library. */ + abstract class BarrierGuardLegacy extends BarrierGuard, TaintTracking::SanitizerGuardNode { + override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + + override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + this.blocksExpr(outcome, e, label) + } + } + /** * A sink for `js/html-constructed-from-input` that constructs some HTML where * that HTML is later used in `xssSink`. @@ -176,14 +200,14 @@ module UnsafeHtmlConstruction { } /** A test for the value of `typeof x`, restricting the potential types of `x`. */ - class TypeTestGuard extends TaintTracking::LabeledSanitizerGuardNode, DataFlow::ValueNode { + class TypeTestGuard extends BarrierGuardLegacy, DataFlow::ValueNode { override EqualityTest astNode; Expr operand; boolean polarity; TypeTestGuard() { TaintTracking::isStringTypeGuard(astNode, operand, polarity) } - override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel lbl) { + override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel lbl) { polarity = outcome and e = operand and lbl.isTaint() diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeHtmlConstructionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeHtmlConstructionQuery.qll index e6e65e2089d3..3101836334f1 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeHtmlConstructionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeHtmlConstructionQuery.qll @@ -15,7 +15,66 @@ deprecated class Configration = Configuration; /** * A taint-tracking configuration for reasoning about unsafe HTML constructed from library input vulnerabilities. */ -class Configuration extends TaintTracking::Configuration { +module UnsafeHtmlConstructionConfig implements DataFlow::StateConfigSig { + class FlowState = DataFlow::FlowLabel; + + predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { + source instanceof Source and + label = [TaintedObject::label(), DataFlow::FlowLabel::taint(), DataFlow::FlowLabel::data()] + } + + predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { + sink instanceof Sink and + label = DataFlow::FlowLabel::taint() + } + + predicate isBarrier(DataFlow::Node node) { + node instanceof DomBasedXss::Sanitizer + or + node instanceof UnsafeJQueryPlugin::Sanitizer + or + DomBasedXss::isOptionallySanitizedNode(node) + } + + predicate isBarrier(DataFlow::Node node, DataFlow::FlowLabel label) { + TaintTracking::defaultSanitizer(node) and label.isTaint() + or + node = DataFlow::MakeLabeledBarrierGuard::getABarrierNode(label) + } + + predicate isAdditionalFlowStep( + DataFlow::Node pred, DataFlow::FlowLabel inlbl, DataFlow::Node succ, DataFlow::FlowLabel outlbl + ) { + // TODO: localFieldStep is too expensive with dataflow2 + // DataFlow::localFieldStep(pred, succ) and + // inlbl.isTaint() and + // outlbl.isTaint() + none() + or + TaintedObject::step(pred, succ, inlbl, outlbl) + or + // property read from a tainted object is considered tainted + succ.(DataFlow::PropRead).getBase() = pred and + inlbl = TaintedObject::label() and + outlbl = DataFlow::FlowLabel::taint() + or + TaintTracking::defaultTaintStep(pred, succ) and + inlbl.isTaint() and + outlbl = inlbl + } + + DataFlow::FlowFeature getAFeature() { result instanceof DataFlow::FeatureHasSourceCallContext } +} + +/** + * Taint-tracking for reasoning about unsafe HTML constructed from library input vulnerabilities. + */ +module UnsafeHtmlConstructionFlow = DataFlow::GlobalWithState; + +/** + * DEPRECATED. Use the `UnsafeHtmlConstructionFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "UnsafeHtmlConstruction" } override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { @@ -68,11 +127,10 @@ class Configuration extends TaintTracking::Configuration { private import semmle.javascript.security.dataflow.Xss::Shared as Shared -private class QuoteGuard extends TaintTracking::SanitizerGuardNode, Shared::QuoteGuard { +private class QuoteGuard extends Shared::QuoteGuard { QuoteGuard() { this = this } } -private class ContainsHtmlGuard extends TaintTracking::SanitizerGuardNode, Shared::ContainsHtmlGuard -{ +private class ContainsHtmlGuard extends Shared::ContainsHtmlGuard { ContainsHtmlGuard() { this = this } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeJQueryPluginCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeJQueryPluginCustomizations.qll index d1e35a91c26e..9209a7b1f8a5 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeJQueryPluginCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeJQueryPluginCustomizations.qll @@ -31,6 +31,21 @@ module UnsafeJQueryPlugin { */ abstract class Sanitizer extends DataFlow::Node { } + /** + * A barrier guard for XSS in unsafe jQuery plugins. + */ + abstract class BarrierGuard extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e) { none() } + } + + /** A subclass of `BarrierGuard` that is used for backward compatibility with the old data flow library. */ + abstract class BarrierGuardLegacy extends BarrierGuard, TaintTracking::SanitizerGuardNode { + override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + } + /** * The receiver of a function, seen as a sanitizer. * @@ -110,7 +125,7 @@ module UnsafeJQueryPlugin { /** * An expression of form `isElement(x)`, which sanitizes `x`. */ - class IsElementSanitizer extends TaintTracking::SanitizerGuardNode, DataFlow::CallNode { + class IsElementSanitizer extends BarrierGuardLegacy, DataFlow::CallNode { IsElementSanitizer() { // common ad hoc sanitizing calls exists(string name | this.getCalleeName() = name | @@ -118,7 +133,7 @@ module UnsafeJQueryPlugin { ) } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { outcome = true and e = this.getArgument(0).asExpr() } } @@ -126,7 +141,7 @@ module UnsafeJQueryPlugin { /** * An expression like `typeof x. !== "undefined"` or `x.`, which sanitizes `x`, as it is unlikely to be a string afterwards. */ - class PropertyPresenceSanitizer extends TaintTracking::SanitizerGuardNode, DataFlow::ValueNode { + class PropertyPresenceSanitizer extends BarrierGuardLegacy, DataFlow::ValueNode { DataFlow::Node input; boolean polarity; @@ -155,20 +170,20 @@ module UnsafeJQueryPlugin { */ DataFlow::PropRead getPropRead() { result = this } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { outcome = polarity and e = input.asExpr() } } /** A guard that checks whether `x` is a number. */ - class NumberGuard extends TaintTracking::SanitizerGuardNode instanceof DataFlow::CallNode { + class NumberGuard extends BarrierGuardLegacy instanceof DataFlow::CallNode { Expr x; boolean polarity; NumberGuard() { TaintTracking::isNumberGuard(this, x, polarity) } - override predicate sanitizes(boolean outcome, Expr e) { e = x and outcome = polarity } + override predicate blocksExpr(boolean outcome, Expr e) { e = x and outcome = polarity } } /** diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeJQueryPluginQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeJQueryPluginQuery.qll index e4b70c176ccf..1860ffa3be6f 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeJQueryPluginQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeJQueryPluginQuery.qll @@ -10,7 +10,46 @@ import UnsafeJQueryPluginCustomizations::UnsafeJQueryPlugin /** * A taint-tracking configuration for reasoning about XSS in unsafe jQuery plugins. */ -class Configuration extends TaintTracking::Configuration { +module UnsafeJQueryPluginConfig implements DataFlow::ConfigSig { + // TODO: PropertyPresenceSanitizer should not block values in a content. + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { + node instanceof DomBasedXss::Sanitizer or + node instanceof Sanitizer or + node = DataFlow::MakeBarrierGuard::getABarrierNode() + } + + predicate isAdditionalFlowStep(DataFlow::Node src, DataFlow::Node sink) { + // jQuery plugins tend to be implemented as classes that store data in fields initialized by the constructor. + // TODO: localFieldStep is too expensive with dataflow2 + // DataFlow::localFieldStep(pred, succ) + none() + or + aliasPropertyPresenceStep(src, sink) + } + + predicate isBarrierOut(DataFlow::Node node) { + // prefixing prevents forced html/css confusion: + // prefixing through concatenation: + StringConcatenation::taintStep(node, _, _, any(int i | i >= 1)) + or + // prefixing through a poor-mans templating system: + node = any(StringReplaceCall call).getRawReplacement() + } +} + +/** + * Taint-tracking for reasoning about XSS in unsafe jQuery plugins. + */ +module UnsafeJQueryPluginFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `UnsafeJQueryPluginFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "UnsafeJQueryPlugin" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionCustomizations.qll index 77625874df9f..9a6710217e56 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionCustomizations.qll @@ -46,6 +46,21 @@ module UnsafeShellCommandConstruction { */ abstract class Sanitizer extends DataFlow::Node { } + /** + * A barrier guard for shell command constructed from library input vulnerabilities. + */ + abstract class BarrierGuard extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e) { none() } + } + + /** A subclass of `BarrierGuard` that is used for backward compatibility with the old data flow library. */ + abstract class BarrierGuardLegacy extends BarrierGuard, TaintTracking::SanitizerGuardNode { + override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + } + /** * A parameter of an exported function, seen as a source for shell command constructed from library input. */ @@ -270,13 +285,13 @@ module UnsafeShellCommandConstruction { * A sanitizer that sanitizers paths that exist in the file-system. * For example: `x` is sanitized in `fs.existsSync(x)` or `fs.existsSync(x + "/suffix/path")`. */ - class PathExistsSanitizerGuard extends TaintTracking::SanitizerGuardNode, DataFlow::CallNode { + class PathExistsSanitizerGuard extends BarrierGuardLegacy, DataFlow::CallNode { PathExistsSanitizerGuard() { this = DataFlow::moduleMember("path", "exist").getACall() or this = DataFlow::moduleMember("fs", "existsSync").getACall() } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { outcome = true and ( e = this.getArgument(0).asExpr() or @@ -289,26 +304,26 @@ module UnsafeShellCommandConstruction { * A guard of the form `typeof x === ""`, where `` is "number", or "boolean", * which sanitizes `x` in its "then" branch. */ - class TypeOfSanitizer extends TaintTracking::SanitizerGuardNode, DataFlow::ValueNode { + class TypeOfSanitizer extends BarrierGuardLegacy, DataFlow::ValueNode { Expr x; override EqualityTest astNode; TypeOfSanitizer() { TaintTracking::isTypeofGuard(astNode, x, ["number", "boolean"]) } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { outcome = astNode.getPolarity() and e = x } } /** A guard that checks whether `x` is a number. */ - class NumberGuard extends TaintTracking::SanitizerGuardNode instanceof DataFlow::CallNode { + class NumberGuard extends BarrierGuardLegacy instanceof DataFlow::CallNode { Expr x; boolean polarity; NumberGuard() { TaintTracking::isNumberGuard(this, x, polarity) } - override predicate sanitizes(boolean outcome, Expr e) { e = x and outcome = polarity } + override predicate blocksExpr(boolean outcome, Expr e) { e = x and outcome = polarity } } private import semmle.javascript.dataflow.internal.AccessPaths diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionQuery.qll index 7d5dae902094..1704bf3e3e6f 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionQuery.qll @@ -13,7 +13,38 @@ import UnsafeShellCommandConstructionCustomizations::UnsafeShellCommandConstruct /** * A taint-tracking configuration for reasoning about shell command constructed from library input vulnerabilities. */ -class Configuration extends TaintTracking::Configuration { +module UnsafeShellCommandConstructionConfig implements DataFlow::ConfigSig { + // TODO: we get a FP in the test case due to SanitizingRegExpTest not being able to generate a barrier edge + // for an edge into a phi node. + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { + node instanceof Sanitizer or + node = DataFlow::MakeBarrierGuard::getABarrierNode() or + node = TaintTracking::AdHocWhitelistCheckSanitizer::getABarrierNode() + } + + predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) { + none() + // TODO: localFieldStep is too expensive with dataflow2 + // DataFlow::localFieldStep(pred, succ) + } + + DataFlow::FlowFeature getAFeature() { result instanceof DataFlow::FeatureHasSourceCallContext } +} + +/** + * Taint-tracking for reasoning about shell command constructed from library input vulnerabilities. + */ +module UnsafeShellCommandConstructionFlow = + TaintTracking::Global; + +/** + * DEPRECATED. Use the `UnsafeShellCommandConstructionFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "UnsafeShellCommandConstruction" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallCustomizations.qll index d81227bcd68b..139ddf880b46 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallCustomizations.qll @@ -54,6 +54,30 @@ module UnvalidatedDynamicMethodCall { } } + /** + * A barrier guard for unvalidated dynamic method calls. + */ + abstract class BarrierGuard extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e) { none() } + + /** + * Holds if this node acts as a barrier for `label`, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { none() } + } + + /** A subclass of `BarrierGuard` that is used for backward compatibility with the old data flow library. */ + abstract class BarrierGuardLegacy extends BarrierGuard, TaintTracking::SanitizerGuardNode { + override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + + override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + this.blocksExpr(outcome, e, label) + } + } + /** * A flow label describing values read from a user-controlled property that * may not be functions. @@ -109,13 +133,13 @@ module UnvalidatedDynamicMethodCall { * A check of the form `typeof x === 'function'`, which sanitizes away the `MaybeNonFunction` * taint kind. */ - class FunctionCheck extends TaintTracking::LabeledSanitizerGuardNode, DataFlow::ValueNode { + class FunctionCheck extends BarrierGuardLegacy, DataFlow::ValueNode { override EqualityTest astNode; Expr operand; FunctionCheck() { TaintTracking::isTypeofGuard(astNode, operand, "function") } - override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { outcome = astNode.getPolarity() and e = operand and label instanceof MaybeNonFunction @@ -123,12 +147,12 @@ module UnvalidatedDynamicMethodCall { } /** A guard that checks whether `x` is a number. */ - class NumberGuard extends TaintTracking::SanitizerGuardNode instanceof DataFlow::CallNode { + class NumberGuard extends BarrierGuardLegacy instanceof DataFlow::CallNode { Expr x; boolean polarity; NumberGuard() { TaintTracking::isNumberGuard(this, x, polarity) } - override predicate sanitizes(boolean outcome, Expr e) { e = x and outcome = polarity } + override predicate blocksExpr(boolean outcome, Expr e) { e = x and outcome = polarity } } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallQuery.qll index 921ab7f88e26..e964770437d0 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UnvalidatedDynamicMethodCallQuery.qll @@ -27,30 +27,32 @@ private class ConcreteMaybeFromProto extends MaybeFromProto { /** * A taint-tracking configuration for reasoning about unvalidated dynamic method calls. */ -class Configuration extends TaintTracking::Configuration { - Configuration() { this = "UnvalidatedDynamicMethodCall" } +module UnvalidatedDynamicMethodCallConfig implements DataFlow::StateConfigSig { + class FlowState = DataFlow::FlowLabel; - override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { + predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { source.(Source).getFlowLabel() = label } - override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { + predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { sink.(Sink).getFlowLabel() = label } - override predicate isLabeledBarrier(DataFlow::Node node, DataFlow::FlowLabel label) { - super.isLabeledBarrier(node, label) - or + predicate isBarrier(DataFlow::Node node, DataFlow::FlowLabel label) { node.(Sanitizer).getFlowLabel() = label + or + TaintTracking::defaultSanitizer(node) and + label.isTaint() + or + node = DataFlow::MakeLabeledBarrierGuard::getABarrierNode(label) } - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) { - guard instanceof NumberGuard or - guard instanceof FunctionCheck + predicate isBarrier(DataFlow::Node node) { + node = DataFlow::MakeBarrierGuard::getABarrierNode() } - override predicate isAdditionalFlowStep( - DataFlow::Node src, DataFlow::Node dst, DataFlow::FlowLabel srclabel, + predicate isAdditionalFlowStep( + DataFlow::Node src, DataFlow::FlowLabel srclabel, DataFlow::Node dst, DataFlow::FlowLabel dstlabel ) { exists(DataFlow::PropRead read | @@ -74,5 +76,48 @@ class Configuration extends TaintTracking::Configuration { ) and srclabel.isTaint() and dstlabel instanceof MaybeNonFunction + or + srclabel.isTaint() and + TaintTracking::defaultTaintStep(src, dst) and + srclabel = dstlabel + } +} + +/** + * Taint-tracking for reasoning about unvalidated dynamic method calls. + */ +module UnvalidatedDynamicMethodCallFlow = + DataFlow::GlobalWithState; + +/** + * DEPRECATED. Use the `UnvalidatedDynamicMethodCallFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { + Configuration() { this = "UnvalidatedDynamicMethodCall" } + + override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { + source.(Source).getFlowLabel() = label + } + + override predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { + sink.(Sink).getFlowLabel() = label + } + + override predicate isLabeledBarrier(DataFlow::Node node, DataFlow::FlowLabel label) { + super.isLabeledBarrier(node, label) + or + node.(Sanitizer).getFlowLabel() = label + } + + override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) { + guard instanceof NumberGuard or + guard instanceof FunctionCheck + } + + override predicate isAdditionalFlowStep( + DataFlow::Node src, DataFlow::Node dst, DataFlow::FlowLabel srclabel, + DataFlow::FlowLabel dstlabel + ) { + UnvalidatedDynamicMethodCallConfig::isAdditionalFlowStep(src, srclabel, dst, dstlabel) } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/UrlConcatenation.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/UrlConcatenation.qll index fe036872ee39..4fc434bf178a 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/UrlConcatenation.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/UrlConcatenation.qll @@ -103,8 +103,16 @@ predicate hostnameSanitizingPrefixEdge(DataFlow::Node source, DataFlow::Node sin class HostnameSanitizerGuard extends TaintTracking::SanitizerGuardNode, StringOps::StartsWith { HostnameSanitizerGuard() { hasHostnameSanitizingSubstring(this.getSubstring()) } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + + /** Holds if this node blocks flow through `e`, provided it evaluates to `outcome`. */ + predicate blocksExpr(boolean outcome, Expr e) { outcome = this.getPolarity() and e = this.getBaseString().asExpr() } } + +/** + * A check that sanitizes the hostname of a URL. + */ +module HostnameSanitizerGuard = DataFlow::MakeBarrierGuard; diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/XmlBombQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/XmlBombQuery.qll index 951b927f86ef..e6ff29f81c52 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/XmlBombQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/XmlBombQuery.qll @@ -13,7 +13,23 @@ import XmlBombCustomizations::XmlBomb /** * A taint-tracking configuration for reasoning about XML-bomb vulnerabilities. */ -class Configuration extends TaintTracking::Configuration { +module XmlBombConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * Taint-tracking for reasoning about XML-bomb vulnerabilities. + */ +module XmlBombFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `XmlBombFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "XmlBomb" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/XpathInjectionQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/XpathInjectionQuery.qll index 08e84e834d01..9016c19bd9ea 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/XpathInjectionQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/XpathInjectionQuery.qll @@ -14,7 +14,23 @@ import XpathInjectionCustomizations::XpathInjection /** * A taint-tracking configuration for untrusted user input used in XPath expression. */ -class Configuration extends TaintTracking::Configuration { +module XpathInjectionConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * Taint-tracking for untrusted user input used in XPath expression. + */ +module XpathInjectionFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `XpathInjectionFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "XpathInjection" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/Xss.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/Xss.qll index fc2db8e9f873..93a9fa7fc402 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/Xss.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/Xss.qll @@ -72,38 +72,62 @@ module Shared { private import semmle.javascript.security.dataflow.IncompleteHtmlAttributeSanitizationCustomizations::IncompleteHtmlAttributeSanitization as IncompleteHtml /** - * A guard that checks if a string can contain quotes, which is a guard for strings that are inside an HTML attribute. + * A barrier guard that applies to multiple XSS queries. + */ + abstract class BarrierGuard extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e) { none() } + } + + /** + * A barrier guard that applies to multiple XSS queries. */ - abstract class QuoteGuard extends TaintTracking::SanitizerGuardNode, StringOps::Includes { - QuoteGuard() { + module BarrierGuard = DataFlow::MakeBarrierGuard; + + private class QuoteGuard2 extends BarrierGuard, StringOps::Includes { + QuoteGuard2() { this.getSubstring().mayHaveStringValue("\"") and this.getBaseString() .getALocalSource() .flowsTo(any(IncompleteHtml::HtmlAttributeConcatenation attributeConcat)) } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { e = this.getBaseString().getEnclosingExpr() and outcome = this.getPolarity().booleanNot() } } /** - * A sanitizer guard that checks for the existence of HTML chars in a string. - * E.g. `/["'&<>]/.exec(str)`. + * A guard that checks if a string can contain quotes, which is a guard for strings that are inside an HTML attribute. */ - abstract class ContainsHtmlGuard extends TaintTracking::SanitizerGuardNode, StringOps::RegExpTest { - ContainsHtmlGuard() { + abstract class QuoteGuard extends TaintTracking::SanitizerGuardNode instanceof QuoteGuard2 { + override predicate sanitizes(boolean outcome, Expr e) { super.blocksExpr(outcome, e) } + } + + private class ContainsHtmlGuard2 extends BarrierGuard, StringOps::RegExpTest { + ContainsHtmlGuard2() { exists(RegExpCharacterClass regExp | regExp = this.getRegExp() and forall(string s | s = ["\"", "&", "<", ">"] | regExp.getAMatchedString() = s) ) } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { outcome = this.getPolarity().booleanNot() and e = this.getStringOperand().asExpr() } } + /** + * A sanitizer guard that checks for the existence of HTML chars in a string. + * E.g. `/["'&<>]/.exec(str)`. + */ + abstract class ContainsHtmlGuard extends TaintTracking::SanitizerGuardNode instanceof ContainsHtmlGuard2 + { + override predicate sanitizes(boolean outcome, Expr e) { super.blocksExpr(outcome, e) } + } + /** * Holds if `str` is used in a switch-case that has cases matching HTML escaping. */ diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomCustomizations.qll index bf38b2e2a5d1..57ec885b1a89 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomCustomizations.qll @@ -16,6 +16,21 @@ module XssThroughDom { /** A data flow source for XSS through DOM vulnerabilities. */ abstract class Source extends Shared::Source { } + /** + * A barrier guard for XSS through the DOM. + */ + abstract class BarrierGuard extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e) { none() } + } + + /** A subclass of `BarrierGuard` that is used for backward compatibility with the old data flow library. */ + abstract class BarrierGuardLegacy extends BarrierGuard, TaintTracking::SanitizerGuardNode { + override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + } + /** * Gets an attribute name that could store user-controlled data. * diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomQuery.qll index cc75078fd67e..c9d8112ba5dd 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomQuery.qll @@ -11,7 +11,44 @@ private import semmle.javascript.security.dataflow.UnsafeJQueryPluginCustomizati /** * A taint-tracking configuration for reasoning about XSS through the DOM. */ -class Configuration extends TaintTracking::Configuration { +module XssThroughDomConfig implements DataFlow::ConfigSig { + // NOTE: Gained FP in Lucifier due to spurious source but with more data flow (I think). + // TODO: Seen unexplained FP in meteor, likely due to spurious flow into a callback coming from another call site + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof DomBasedXss::Sink } + + predicate isBarrier(DataFlow::Node node) { + node instanceof DomBasedXss::Sanitizer or + DomBasedXss::isOptionallySanitizedNode(node) or + node = DataFlow::MakeBarrierGuard::getABarrierNode() or + node = DataFlow::MakeBarrierGuard::getABarrierNode() + } + + predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) { + succ = DataFlow::globalVarRef("URL").getAMemberCall("createObjectURL") and + pred = succ.(DataFlow::InvokeNode).getArgument(0) + } +} + +/** + * Taint-tracking configuration for reasoning about XSS through the DOM. + */ +module XssThroughDomFlow = TaintTracking::Global; + +/** + * Holds if the `source,sink` pair should not be reported. + */ +bindingset[source, sink] +predicate isIgnoredSourceSinkPair(Source source, DomBasedXss::Sink sink) { + source.(DomPropertySource).getPropertyName() = "src" and + sink instanceof DomBasedXss::WriteUrlSink +} + +/** + * DEPRECATED. Use the `XssThroughDomFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "XssThroughDOM" } override predicate isSource(DataFlow::Node source) { source instanceof Source } @@ -49,14 +86,14 @@ class Configuration extends TaintTracking::Configuration { } /** A test for the value of `typeof x`, restricting the potential types of `x`. */ -class TypeTestGuard extends TaintTracking::SanitizerGuardNode, DataFlow::ValueNode { +class TypeTestGuard extends BarrierGuardLegacy, DataFlow::ValueNode { override EqualityTest astNode; Expr operand; boolean polarity; TypeTestGuard() { TaintTracking::isStringTypeGuard(astNode, operand, polarity) } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { polarity = outcome and e = operand } @@ -64,9 +101,7 @@ class TypeTestGuard extends TaintTracking::SanitizerGuardNode, DataFlow::ValueNo private import semmle.javascript.security.dataflow.Xss::Shared as Shared -private class PrefixStringSanitizer extends TaintTracking::SanitizerGuardNode, - DomBasedXss::PrefixStringSanitizer -{ +private class PrefixStringSanitizer extends DomBasedXss::PrefixStringSanitizer { PrefixStringSanitizer() { this = this } } @@ -74,11 +109,10 @@ private class PrefixString extends DataFlow::FlowLabel, DomBasedXss::PrefixStrin PrefixString() { this = this } } -private class QuoteGuard extends TaintTracking::SanitizerGuardNode, Shared::QuoteGuard { +private class QuoteGuard extends Shared::QuoteGuard { QuoteGuard() { this = this } } -private class ContainsHtmlGuard extends TaintTracking::SanitizerGuardNode, Shared::ContainsHtmlGuard -{ +private class ContainsHtmlGuard extends Shared::ContainsHtmlGuard { ContainsHtmlGuard() { this = this } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/XxeQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/XxeQuery.qll index 82d3fb4f6cc1..c82289b28bc4 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/XxeQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/XxeQuery.qll @@ -13,7 +13,23 @@ import XxeCustomizations::Xxe /** * A taint-tracking configuration for reasoning about XXE vulnerabilities. */ -class Configuration extends TaintTracking::Configuration { +module XxeConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } +} + +/** + * Taint-tracking for reasoning about XXE vulnerabilities. + */ +module XxeFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `XxeFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "Xxe" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ZipSlipQuery.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ZipSlipQuery.qll index 9aad934759dc..87da9d2b3252 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ZipSlipQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ZipSlipQuery.qll @@ -20,7 +20,39 @@ private class ConcreteSplitPath extends TaintedPath::Label::SplitPath { } /** A taint tracking configuration for unsafe archive extraction. */ -class Configuration extends DataFlow::Configuration { +module ZipSlipConfig implements DataFlow::StateConfigSig { + class FlowState = DataFlow::FlowLabel; + + predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { + label = source.(Source).getAFlowLabel() + } + + predicate isSink(DataFlow::Node sink, DataFlow::FlowLabel label) { + label = sink.(Sink).getAFlowLabel() + } + + predicate isBarrier(DataFlow::Node node) { + node instanceof TaintedPath::Sanitizer or + node = DataFlow::MakeBarrierGuard::getABarrierNode() + } + + predicate isBarrier(DataFlow::Node node, DataFlow::FlowLabel label) { + node = DataFlow::MakeLabeledBarrierGuard::getABarrierNode(label) + } + + predicate isAdditionalFlowStep( + DataFlow::Node node1, DataFlow::FlowLabel state1, DataFlow::Node node2, + DataFlow::FlowLabel state2 + ) { + TaintedPath::isAdditionalTaintedPathFlowStep(node1, node2, state1, state2) + } +} + +/** A taint tracking configuration for unsafe archive extraction. */ +module ZipSlipFlow = DataFlow::GlobalWithState; + +/** A taint tracking configuration for unsafe archive extraction. */ +deprecated class Configuration extends DataFlow::Configuration { Configuration() { this = "ZipSlip" } override predicate isSource(DataFlow::Node source, DataFlow::FlowLabel label) { @@ -44,6 +76,6 @@ class Configuration extends DataFlow::Configuration { DataFlow::Node src, DataFlow::Node dst, DataFlow::FlowLabel srclabel, DataFlow::FlowLabel dstlabel ) { - TaintedPath::isAdditionalTaintedPathFlowStep(src, dst, srclabel, dstlabel) + ZipSlipConfig::isAdditionalFlowStep(src, srclabel, dst, dstlabel) } } diff --git a/javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSCustomizations.qll index 30bd36c124e7..196bead33f1a 100644 --- a/javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSCustomizations.qll @@ -46,6 +46,21 @@ module PolynomialReDoS { */ abstract class Sanitizer extends DataFlow::Node { } + /** + * A barrier guard for polynomial regular expression denial-of-service attacks. + */ + abstract class BarrierGuard extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e) { none() } + } + + /** A subclass of `BarrierGuard` that is used for backward compatibility with the old data flow library. */ + abstract class BarrierGuardLegacy extends BarrierGuard, TaintTracking::SanitizerGuardNode { + override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + } + /** * A remote input to a server, seen as a source for polynomial * regular expression denial-of-service vulnerabilities. @@ -118,7 +133,7 @@ module PolynomialReDoS { /** * An check on the length of a string, seen as a sanitizer guard. */ - class LengthGuard extends TaintTracking::SanitizerGuardNode, DataFlow::ValueNode { + class LengthGuard extends BarrierGuardLegacy, DataFlow::ValueNode { DataFlow::Node input; boolean polarity; @@ -133,7 +148,7 @@ module PolynomialReDoS { ) } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { outcome = polarity and e = input.asExpr() } diff --git a/javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSQuery.qll b/javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSQuery.qll index f8675bde3f28..3046febcc2ab 100644 --- a/javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSQuery.qll +++ b/javascript/ql/lib/semmle/javascript/security/regexp/PolynomialReDoSQuery.qll @@ -11,7 +11,33 @@ import javascript import PolynomialReDoSCustomizations::PolynomialReDoS /** A taint-tracking configuration for reasoning about polynomial regular expression denial-of-service attacks. */ -class Configuration extends TaintTracking::Configuration { +module PolynomialReDoSConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof Source } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node node) { + node instanceof Sanitizer or node = DataFlow::MakeBarrierGuard::getABarrierNode() + } + + DataFlow::FlowFeature getAFeature() { result instanceof DataFlow::FeatureHasSourceCallContext } + + predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) { + none() + // TODO: localFieldStep is too expensive with dataflow2 + // DataFlow::localFieldStep(pred, succ) + } + + int fieldFlowBranchLimit() { result = 1 } // library inputs are too expensive on some projects +} + +/** Taint-tracking for reasoning about polynomial regular expression denial-of-service attacks. */ +module PolynomialReDoSFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `PolynomialReDoSFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { Configuration() { this = "PolynomialReDoS" } override predicate isSource(DataFlow::Node source) { source instanceof Source } diff --git a/javascript/ql/src/Performance/PolynomialReDoS.ql b/javascript/ql/src/Performance/PolynomialReDoS.ql index befc556b0330..7a4e72136f4a 100644 --- a/javascript/ql/src/Performance/PolynomialReDoS.ql +++ b/javascript/ql/src/Performance/PolynomialReDoS.ql @@ -15,13 +15,13 @@ import javascript import semmle.javascript.security.regexp.PolynomialReDoSQuery -import DataFlow::PathGraph +import PolynomialReDoSFlow::PathGraph from - Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, Sink sinkNode, + PolynomialReDoSFlow::PathNode source, PolynomialReDoSFlow::PathNode sink, Sink sinkNode, PolynomialBackTrackingTerm regexp where - cfg.hasFlowPath(source, sink) and + PolynomialReDoSFlow::flowPath(source, sink) and sinkNode = sink.getNode() and regexp = sinkNode.getRegExp() and not ( diff --git a/javascript/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql b/javascript/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql index 67d6f14f660c..30931a6a5823 100644 --- a/javascript/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql +++ b/javascript/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql @@ -11,10 +11,12 @@ import javascript import semmle.javascript.security.dataflow.ExternalAPIUsedWithUntrustedDataQuery -import DataFlow::PathGraph +import ExternalAPIUsedWithUntrustedDataFlow::PathGraph -from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink -where config.hasFlowPath(source, sink) +from + ExternalAPIUsedWithUntrustedDataFlow::PathNode source, + ExternalAPIUsedWithUntrustedDataFlow::PathNode sink +where ExternalAPIUsedWithUntrustedDataFlow::flowPath(source, sink) select sink, source, sink, "Call to " + sink.getNode().(Sink).getApiName() + " with untrusted data from $@.", source, source.toString() diff --git a/javascript/ql/src/Security/CWE-022/TaintedPath.ql b/javascript/ql/src/Security/CWE-022/TaintedPath.ql index e3ea395c4801..b5864519932f 100644 --- a/javascript/ql/src/Security/CWE-022/TaintedPath.ql +++ b/javascript/ql/src/Security/CWE-022/TaintedPath.ql @@ -17,9 +17,9 @@ import javascript import semmle.javascript.security.dataflow.TaintedPathQuery -import DataFlow::PathGraph +import DataFlow::DeduplicatePathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from PathNode source, PathNode sink +where TaintedPathFlow::flowPath(source.getAnOriginalPathNode(), sink.getAnOriginalPathNode()) select sink.getNode(), source, sink, "This path depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/Security/CWE-022/ZipSlip.ql b/javascript/ql/src/Security/CWE-022/ZipSlip.ql index aef13830eb10..e2f13d0e1f6f 100644 --- a/javascript/ql/src/Security/CWE-022/ZipSlip.ql +++ b/javascript/ql/src/Security/CWE-022/ZipSlip.ql @@ -14,10 +14,10 @@ import javascript import semmle.javascript.security.dataflow.ZipSlipQuery -import DataFlow::PathGraph +import DataFlow::DeduplicatePathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from PathNode source, PathNode sink +where ZipSlipFlow::flowPath(source.getAnOriginalPathNode(), sink.getAnOriginalPathNode()) select source.getNode(), source, sink, "Unsanitized archive entry, which may contain '..', is used in a $@.", sink.getNode(), "file system operation" diff --git a/javascript/ql/src/Security/CWE-073/TemplateObjectInjection.ql b/javascript/ql/src/Security/CWE-073/TemplateObjectInjection.ql index 68ef1b12c79a..1db62b2e7f01 100644 --- a/javascript/ql/src/Security/CWE-073/TemplateObjectInjection.ql +++ b/javascript/ql/src/Security/CWE-073/TemplateObjectInjection.ql @@ -12,10 +12,11 @@ */ import javascript -import DataFlow::PathGraph import semmle.javascript.security.dataflow.TemplateObjectInjectionQuery +import DataFlow::DeduplicatePathGraph -from DataFlow::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from PathNode source, PathNode sink +where + TemplateObjectInjectionFlow::flowPath(source.getAnOriginalPathNode(), sink.getAnOriginalPathNode()) select sink.getNode(), source, sink, "Template object depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/Security/CWE-078/CommandInjection.ql b/javascript/ql/src/Security/CWE-078/CommandInjection.ql index f09a93c4d407..b1e14622304c 100644 --- a/javascript/ql/src/Security/CWE-078/CommandInjection.ql +++ b/javascript/ql/src/Security/CWE-078/CommandInjection.ql @@ -15,16 +15,16 @@ import javascript import semmle.javascript.security.dataflow.CommandInjectionQuery -import DataFlow::PathGraph +import CommandInjectionFlow::PathGraph from - Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, DataFlow::Node highlight, - Source sourceNode + CommandInjectionFlow::PathNode source, CommandInjectionFlow::PathNode sink, + DataFlow::Node highlight, Source sourceNode where - cfg.hasFlowPath(source, sink) and + CommandInjectionFlow::flowPath(source, sink) and ( - if cfg.isSinkWithHighlight(sink.getNode(), _) - then cfg.isSinkWithHighlight(sink.getNode(), highlight) + if isSinkWithHighlight(sink.getNode(), _) + then isSinkWithHighlight(sink.getNode(), highlight) else highlight = sink.getNode() ) and sourceNode = source.getNode() diff --git a/javascript/ql/src/Security/CWE-078/IndirectCommandInjection.ql b/javascript/ql/src/Security/CWE-078/IndirectCommandInjection.ql index 34f890234416..cd229cd1f39a 100644 --- a/javascript/ql/src/Security/CWE-078/IndirectCommandInjection.ql +++ b/javascript/ql/src/Security/CWE-078/IndirectCommandInjection.ql @@ -15,14 +15,16 @@ */ import javascript -import DataFlow::PathGraph import semmle.javascript.security.dataflow.IndirectCommandInjectionQuery +import IndirectCommandInjectionFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, DataFlow::Node highlight +from + IndirectCommandInjectionFlow::PathNode source, IndirectCommandInjectionFlow::PathNode sink, + DataFlow::Node highlight where - cfg.hasFlowPath(source, sink) and - if cfg.isSinkWithHighlight(sink.getNode(), _) - then cfg.isSinkWithHighlight(sink.getNode(), highlight) + IndirectCommandInjectionFlow::flowPath(source, sink) and + if IndirectCommandInjectionConfig::isSinkWithHighlight(sink.getNode(), _) + then IndirectCommandInjectionConfig::isSinkWithHighlight(sink.getNode(), highlight) else highlight = sink.getNode() select highlight, source, sink, "This command depends on an unsanitized $@.", source.getNode(), source.getNode().(Source).describe() diff --git a/javascript/ql/src/Security/CWE-078/SecondOrderCommandInjection.ql b/javascript/ql/src/Security/CWE-078/SecondOrderCommandInjection.ql index deb792a53ee3..47f9e02d3885 100644 --- a/javascript/ql/src/Security/CWE-078/SecondOrderCommandInjection.ql +++ b/javascript/ql/src/Security/CWE-078/SecondOrderCommandInjection.ql @@ -14,11 +14,14 @@ */ import javascript -import DataFlow::PathGraph import semmle.javascript.security.dataflow.SecondOrderCommandInjectionQuery +import DataFlow::DeduplicatePathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, Sink sinkNode -where cfg.hasFlowPath(source, sink) and sinkNode = sink.getNode() +from PathNode source, PathNode sink, Sink sinkNode +where + SecondOrderCommandInjectionFlow::flowPath(source.getAnOriginalPathNode(), + sink.getAnOriginalPathNode()) and + sinkNode = sink.getNode() select sink.getNode(), source, sink, "Command line argument that depends on $@ can execute an arbitrary command if " + sinkNode.getVulnerableArgumentExample() + " is used with " + sinkNode.getCommand() + ".", diff --git a/javascript/ql/src/Security/CWE-078/ShellCommandInjectionFromEnvironment.ql b/javascript/ql/src/Security/CWE-078/ShellCommandInjectionFromEnvironment.ql index cad1039814cb..2fbb8187057d 100644 --- a/javascript/ql/src/Security/CWE-078/ShellCommandInjectionFromEnvironment.ql +++ b/javascript/ql/src/Security/CWE-078/ShellCommandInjectionFromEnvironment.ql @@ -14,17 +14,18 @@ */ import javascript -import DataFlow::PathGraph import semmle.javascript.security.dataflow.ShellCommandInjectionFromEnvironmentQuery +import ShellCommandInjectionFromEnvironmentFlow::PathGraph from - Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, DataFlow::Node highlight, + ShellCommandInjectionFromEnvironmentFlow::PathNode source, + ShellCommandInjectionFromEnvironmentFlow::PathNode sink, DataFlow::Node highlight, Source sourceNode where sourceNode = source.getNode() and - cfg.hasFlowPath(source, sink) and - if cfg.isSinkWithHighlight(sink.getNode(), _) - then cfg.isSinkWithHighlight(sink.getNode(), highlight) + ShellCommandInjectionFromEnvironmentFlow::flowPath(source, sink) and + if ShellCommandInjectionFromEnvironmentConfig::isSinkWithHighlight(sink.getNode(), _) + then ShellCommandInjectionFromEnvironmentConfig::isSinkWithHighlight(sink.getNode(), highlight) else highlight = sink.getNode() select highlight, source, sink, "This shell command depends on an uncontrolled $@.", sourceNode, sourceNode.getSourceType() diff --git a/javascript/ql/src/Security/CWE-078/UnsafeShellCommandConstruction.ql b/javascript/ql/src/Security/CWE-078/UnsafeShellCommandConstruction.ql index 3b96b6beffb0..4b866c9cfff7 100644 --- a/javascript/ql/src/Security/CWE-078/UnsafeShellCommandConstruction.ql +++ b/javascript/ql/src/Security/CWE-078/UnsafeShellCommandConstruction.ql @@ -15,10 +15,12 @@ import javascript import semmle.javascript.security.dataflow.UnsafeShellCommandConstructionQuery -import DataFlow::PathGraph +import UnsafeShellCommandConstructionFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, Sink sinkNode -where cfg.hasFlowPath(source, sink) and sinkNode = sink.getNode() +from + UnsafeShellCommandConstructionFlow::PathNode source, + UnsafeShellCommandConstructionFlow::PathNode sink, Sink sinkNode +where UnsafeShellCommandConstructionFlow::flowPath(source, sink) and sinkNode = sink.getNode() select sinkNode.getAlertLocation(), source, sink, "This " + sinkNode.getSinkType() + " which depends on $@ is later used in a $@.", source.getNode(), "library input", sinkNode.getCommandExecution(), "shell command" diff --git a/javascript/ql/src/Security/CWE-079/ExceptionXss.ql b/javascript/ql/src/Security/CWE-079/ExceptionXss.ql index c43206abb66c..76e56f1494d4 100644 --- a/javascript/ql/src/Security/CWE-079/ExceptionXss.ql +++ b/javascript/ql/src/Security/CWE-079/ExceptionXss.ql @@ -14,10 +14,10 @@ import javascript import semmle.javascript.security.dataflow.ExceptionXssQuery -import DataFlow::PathGraph +import DataFlow::DeduplicatePathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from PathNode source, PathNode sink +where ExceptionXssFlow::flowPath(source.getAnOriginalPathNode(), sink.getAnOriginalPathNode()) select sink.getNode(), source, sink, "$@ is reinterpreted as HTML without escaping meta-characters.", source.getNode(), source.getNode().(Source).getDescription() diff --git a/javascript/ql/src/Security/CWE-079/ReflectedXss.ql b/javascript/ql/src/Security/CWE-079/ReflectedXss.ql index 9bed0516d189..7b42f95b691c 100644 --- a/javascript/ql/src/Security/CWE-079/ReflectedXss.ql +++ b/javascript/ql/src/Security/CWE-079/ReflectedXss.ql @@ -14,9 +14,9 @@ import javascript import semmle.javascript.security.dataflow.ReflectedXssQuery -import DataFlow::PathGraph +import ReflectedXssFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from ReflectedXssFlow::PathNode source, ReflectedXssFlow::PathNode sink +where ReflectedXssFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Cross-site scripting vulnerability due to a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/Security/CWE-079/StoredXss.ql b/javascript/ql/src/Security/CWE-079/StoredXss.ql index 0c7402b3b687..82847c537b94 100644 --- a/javascript/ql/src/Security/CWE-079/StoredXss.ql +++ b/javascript/ql/src/Security/CWE-079/StoredXss.ql @@ -14,9 +14,9 @@ import javascript import semmle.javascript.security.dataflow.StoredXssQuery -import DataFlow::PathGraph +import StoredXssFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from StoredXssFlow::PathNode source, StoredXssFlow::PathNode sink +where StoredXssFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Stored cross-site scripting vulnerability due to $@.", source.getNode(), "stored value" diff --git a/javascript/ql/src/Security/CWE-079/UnsafeHtmlConstruction.ql b/javascript/ql/src/Security/CWE-079/UnsafeHtmlConstruction.ql index 3e1818af026d..9746e21334c4 100644 --- a/javascript/ql/src/Security/CWE-079/UnsafeHtmlConstruction.ql +++ b/javascript/ql/src/Security/CWE-079/UnsafeHtmlConstruction.ql @@ -13,11 +13,13 @@ */ import javascript -import DataFlow::PathGraph import semmle.javascript.security.dataflow.UnsafeHtmlConstructionQuery +import DataFlow::DeduplicatePathGraph -from DataFlow::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, Sink sinkNode -where cfg.hasFlowPath(source, sink) and sink.getNode() = sinkNode +from PathNode source, PathNode sink, Sink sinkNode +where + UnsafeHtmlConstructionFlow::flowPath(source.getAnOriginalPathNode(), sink.getAnOriginalPathNode()) and + sink.getNode() = sinkNode select sinkNode, source, sink, "This " + sinkNode.describe() + " which depends on $@ might later allow $@.", source.getNode(), "library input", sinkNode.getSink(), sinkNode.getVulnerabilityKind().toLowerCase() diff --git a/javascript/ql/src/Security/CWE-079/UnsafeJQueryPlugin.ql b/javascript/ql/src/Security/CWE-079/UnsafeJQueryPlugin.ql index 0cd8312a8cd0..5bb2abb2564e 100644 --- a/javascript/ql/src/Security/CWE-079/UnsafeJQueryPlugin.ql +++ b/javascript/ql/src/Security/CWE-079/UnsafeJQueryPlugin.ql @@ -14,13 +14,13 @@ import javascript import semmle.javascript.security.dataflow.UnsafeJQueryPluginQuery -import DataFlow::PathGraph +import UnsafeJQueryPluginFlow::PathGraph from - Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, + UnsafeJQueryPluginFlow::PathNode source, UnsafeJQueryPluginFlow::PathNode sink, JQuery::JQueryPluginMethod plugin where - cfg.hasFlowPath(source, sink) and + UnsafeJQueryPluginFlow::flowPath(source, sink) and source.getNode().(Source).getPlugin() = plugin select sink.getNode(), source, sink, "Potential XSS vulnerability in the $@.", plugin, "'$.fn." + plugin.getPluginName() + "' plugin" diff --git a/javascript/ql/src/Security/CWE-079/Xss.ql b/javascript/ql/src/Security/CWE-079/Xss.ql index 8e67d249fa94..ee7a3d8d009c 100644 --- a/javascript/ql/src/Security/CWE-079/Xss.ql +++ b/javascript/ql/src/Security/CWE-079/Xss.ql @@ -14,10 +14,10 @@ import javascript import semmle.javascript.security.dataflow.DomBasedXssQuery -import DataFlow::PathGraph +import DataFlow::DeduplicatePathGraph -from DataFlow::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from PathNode source, PathNode sink +where DomBasedXssFlow::flowPath(source.getAnOriginalPathNode(), sink.getAnOriginalPathNode()) select sink.getNode(), source, sink, sink.getNode().(Sink).getVulnerabilityKind() + " vulnerability due to $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/Security/CWE-079/XssThroughDom.ql b/javascript/ql/src/Security/CWE-079/XssThroughDom.ql index 87a76d822277..e690e2bab28e 100644 --- a/javascript/ql/src/Security/CWE-079/XssThroughDom.ql +++ b/javascript/ql/src/Security/CWE-079/XssThroughDom.ql @@ -14,9 +14,11 @@ import javascript import semmle.javascript.security.dataflow.XssThroughDomQuery -import DataFlow::PathGraph +import XssThroughDomFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from XssThroughDomFlow::PathNode source, XssThroughDomFlow::PathNode sink +where + XssThroughDomFlow::flowPath(source, sink) and + not isIgnoredSourceSinkPair(source.getNode(), sink.getNode()) select sink.getNode(), source, sink, "$@ is reinterpreted as HTML without escaping meta-characters.", source.getNode(), "DOM text" diff --git a/javascript/ql/src/Security/CWE-089/SqlInjection.ql b/javascript/ql/src/Security/CWE-089/SqlInjection.ql index f7a40bb91f9a..7d64fb222ca5 100644 --- a/javascript/ql/src/Security/CWE-089/SqlInjection.ql +++ b/javascript/ql/src/Security/CWE-089/SqlInjection.ql @@ -14,17 +14,23 @@ */ import javascript -import semmle.javascript.security.dataflow.SqlInjectionQuery as SqlInjection -import semmle.javascript.security.dataflow.NosqlInjectionQuery as NosqlInjection -import DataFlow::PathGraph +import semmle.javascript.security.dataflow.SqlInjectionQuery as Sql +import semmle.javascript.security.dataflow.NosqlInjectionQuery as Nosql -from DataFlow::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, string type +module Merged = + DataFlow::MergePathGraph; + +import DataFlow::DeduplicatePathGraph + +from PathNode source, PathNode sink, string type where - ( - cfg instanceof SqlInjection::Configuration and type = "string" - or - cfg instanceof NosqlInjection::Configuration and type = "object" - ) and - cfg.hasFlowPath(source, sink) + Sql::SqlInjectionFlow::flowPath(source.getAnOriginalPathNode().asPathNode1(), + sink.getAnOriginalPathNode().asPathNode1()) and + type = "string" + or + Nosql::NosqlInjectionFlow::flowPath(source.getAnOriginalPathNode().asPathNode2(), + sink.getAnOriginalPathNode().asPathNode2()) and + type = "object" select sink.getNode(), source, sink, "This query " + type + " depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/Security/CWE-094/CodeInjection.ql b/javascript/ql/src/Security/CWE-094/CodeInjection.ql index a4ed71e2949b..c08f75bb673b 100644 --- a/javascript/ql/src/Security/CWE-094/CodeInjection.ql +++ b/javascript/ql/src/Security/CWE-094/CodeInjection.ql @@ -16,9 +16,9 @@ import javascript import semmle.javascript.security.dataflow.CodeInjectionQuery -import DataFlow::PathGraph +import CodeInjectionFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from CodeInjectionFlow::PathNode source, CodeInjectionFlow::PathNode sink +where CodeInjectionFlow::flowPath(source, sink) select sink.getNode(), source, sink, sink.getNode().(Sink).getMessagePrefix() + " depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/Security/CWE-094/ImproperCodeSanitization.ql b/javascript/ql/src/Security/CWE-094/ImproperCodeSanitization.ql index 181079b05bb2..2f13568e9288 100644 --- a/javascript/ql/src/Security/CWE-094/ImproperCodeSanitization.ql +++ b/javascript/ql/src/Security/CWE-094/ImproperCodeSanitization.ql @@ -14,9 +14,9 @@ import javascript import semmle.javascript.security.dataflow.ImproperCodeSanitizationQuery -import DataFlow::PathGraph private import semmle.javascript.heuristics.HeuristicSinks private import semmle.javascript.security.dataflow.CodeInjectionCustomizations +import ImproperCodeSanitizationFlow::PathGraph /** * Gets a type-tracked instance of `RemoteFlowSource` using type-tracker `t`. @@ -60,9 +60,9 @@ private DataFlow::Node endsInCodeInjectionSink() { result = endsInCodeInjectionSink(DataFlow::TypeBackTracker::end()) } -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink +from ImproperCodeSanitizationFlow::PathNode source, ImproperCodeSanitizationFlow::PathNode sink where - cfg.hasFlowPath(source, sink) and + ImproperCodeSanitizationFlow::flowPath(source, sink) and // Basic detection of duplicate results with `js/code-injection`. not ( sink.getNode().(StringOps::ConcatenationLeaf).getRoot() = endsInCodeInjectionSink() and diff --git a/javascript/ql/src/Security/CWE-094/UnsafeCodeConstruction.ql b/javascript/ql/src/Security/CWE-094/UnsafeCodeConstruction.ql index 2adf02114b94..e68a482f8d20 100644 --- a/javascript/ql/src/Security/CWE-094/UnsafeCodeConstruction.ql +++ b/javascript/ql/src/Security/CWE-094/UnsafeCodeConstruction.ql @@ -14,11 +14,13 @@ */ import javascript -import DataFlow::PathGraph import semmle.javascript.security.dataflow.UnsafeCodeConstruction::UnsafeCodeConstruction +import UnsafeCodeConstructionFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, Sink sinkNode -where cfg.hasFlowPath(source, sink) and sinkNode = sink.getNode() +from + UnsafeCodeConstructionFlow::PathNode source, UnsafeCodeConstructionFlow::PathNode sink, + Sink sinkNode +where UnsafeCodeConstructionFlow::flowPath(source, sink) and sinkNode = sink.getNode() select sink.getNode(), source, sink, "This " + sinkNode.getSinkType() + " which depends on $@ is later $@.", source.getNode(), "library input", sinkNode.getCodeSink(), "interpreted as code" diff --git a/javascript/ql/src/Security/CWE-094/UnsafeDynamicMethodAccess.ql b/javascript/ql/src/Security/CWE-094/UnsafeDynamicMethodAccess.ql index 4659ce891784..3a108a79132c 100644 --- a/javascript/ql/src/Security/CWE-094/UnsafeDynamicMethodAccess.ql +++ b/javascript/ql/src/Security/CWE-094/UnsafeDynamicMethodAccess.ql @@ -12,10 +12,10 @@ import javascript import semmle.javascript.security.dataflow.UnsafeDynamicMethodAccessQuery -import DataFlow::PathGraph +import UnsafeDynamicMethodAccessFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from UnsafeDynamicMethodAccessFlow::PathNode source, UnsafeDynamicMethodAccessFlow::PathNode sink +where UnsafeDynamicMethodAccessFlow::flowPath(source, sink) select sink, source, sink, "This method is invoked using a $@, which may allow remote code execution.", source.getNode(), "user-controlled value" diff --git a/javascript/ql/src/Security/CWE-116/IncompleteHtmlAttributeSanitization.ql b/javascript/ql/src/Security/CWE-116/IncompleteHtmlAttributeSanitization.ql index eec14ab7ba3a..46b60ea9c991 100644 --- a/javascript/ql/src/Security/CWE-116/IncompleteHtmlAttributeSanitization.ql +++ b/javascript/ql/src/Security/CWE-116/IncompleteHtmlAttributeSanitization.ql @@ -15,9 +15,9 @@ */ import javascript -import DataFlow::PathGraph import semmle.javascript.security.dataflow.IncompleteHtmlAttributeSanitizationQuery import semmle.javascript.security.IncompleteBlacklistSanitizer +import DataFlow::DeduplicatePathGraph /** * Gets a pretty string of the dangerous characters for `sink`. @@ -31,8 +31,10 @@ string prettyPrintDangerousCharaters(Sink sink) { ).regexpReplaceAll(",(?=[^,]+$)", " or") } -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from PathNode source, PathNode sink +where + IncompleteHtmlAttributeSanitizationFlow::flowPath(source.getAnOriginalPathNode(), + sink.getAnOriginalPathNode()) select sink.getNode(), source, sink, // this message is slightly sub-optimal as we do not have an easy way // to get the flow labels that reach the sink, so the message includes diff --git a/javascript/ql/src/Security/CWE-117/LogInjection.ql b/javascript/ql/src/Security/CWE-117/LogInjection.ql index 6a2176a9e9f8..5386f3d0d6ce 100644 --- a/javascript/ql/src/Security/CWE-117/LogInjection.ql +++ b/javascript/ql/src/Security/CWE-117/LogInjection.ql @@ -12,10 +12,10 @@ */ import javascript -import DataFlow::PathGraph import semmle.javascript.security.dataflow.LogInjectionQuery +import LogInjectionFlow::PathGraph -from LogInjectionConfiguration config, DataFlow::PathNode source, DataFlow::PathNode sink -where config.hasFlowPath(source, sink) +from LogInjectionFlow::PathNode source, LogInjectionFlow::PathNode sink +where LogInjectionFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Log entry depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/Security/CWE-134/TaintedFormatString.ql b/javascript/ql/src/Security/CWE-134/TaintedFormatString.ql index 0a595e7e05f9..1f315244cbee 100644 --- a/javascript/ql/src/Security/CWE-134/TaintedFormatString.ql +++ b/javascript/ql/src/Security/CWE-134/TaintedFormatString.ql @@ -12,9 +12,9 @@ import javascript import semmle.javascript.security.dataflow.TaintedFormatStringQuery -import DataFlow::PathGraph +import TaintedFormatStringFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from TaintedFormatStringFlow::PathNode source, TaintedFormatStringFlow::PathNode sink +where TaintedFormatStringFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Format string depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql b/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql index a0145f6034f6..75a09efb96b2 100644 --- a/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql +++ b/javascript/ql/src/Security/CWE-200/FileAccessToHttp.ql @@ -12,9 +12,9 @@ import javascript import semmle.javascript.security.dataflow.FileAccessToHttpQuery -import DataFlow::PathGraph +import FileAccessToHttpFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from FileAccessToHttpFlow::PathNode source, FileAccessToHttpFlow::PathNode sink +where FileAccessToHttpFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Outbound network request depends on $@.", source.getNode(), "file data" diff --git a/javascript/ql/src/Security/CWE-201/PostMessageStar.ql b/javascript/ql/src/Security/CWE-201/PostMessageStar.ql index 90a3d526db56..71da63e3f50a 100644 --- a/javascript/ql/src/Security/CWE-201/PostMessageStar.ql +++ b/javascript/ql/src/Security/CWE-201/PostMessageStar.ql @@ -15,9 +15,9 @@ import javascript import semmle.javascript.security.dataflow.PostMessageStarQuery -import DataFlow::PathGraph +import PostMessageStarFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from PostMessageStarFlow::PathNode source, PostMessageStarFlow::PathNode sink +where PostMessageStarFlow::flowPath(source, sink) select sink.getNode(), source, sink, "$@ is sent to another window without origin restriction.", source.getNode(), "Sensitive data" diff --git a/javascript/ql/src/Security/CWE-209/StackTraceExposure.ql b/javascript/ql/src/Security/CWE-209/StackTraceExposure.ql index 8342dea6e728..b6bf246387ce 100644 --- a/javascript/ql/src/Security/CWE-209/StackTraceExposure.ql +++ b/javascript/ql/src/Security/CWE-209/StackTraceExposure.ql @@ -15,9 +15,9 @@ import javascript import semmle.javascript.security.dataflow.StackTraceExposureQuery -import DataFlow::PathGraph +import StackTraceExposureFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from StackTraceExposureFlow::PathNode source, StackTraceExposureFlow::PathNode sink +where StackTraceExposureFlow::flowPath(source, sink) select sink.getNode(), source, sink, "This information exposed to the user depends on $@.", source.getNode(), "stack trace information" diff --git a/javascript/ql/src/Security/CWE-312/BuildArtifactLeak.ql b/javascript/ql/src/Security/CWE-312/BuildArtifactLeak.ql index 0e61cc1ebf2e..79d2d4d41ed5 100644 --- a/javascript/ql/src/Security/CWE-312/BuildArtifactLeak.ql +++ b/javascript/ql/src/Security/CWE-312/BuildArtifactLeak.ql @@ -15,10 +15,10 @@ import javascript import semmle.javascript.security.dataflow.BuildArtifactLeakQuery -import DataFlow::PathGraph +import BuildArtifactLeakFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from BuildArtifactLeakFlow::PathNode source, BuildArtifactLeakFlow::PathNode sink +where BuildArtifactLeakFlow::flowPath(source, sink) select sink.getNode(), source, sink, "This creates a build artifact that depends on $@.", source.getNode(), "sensitive data returned by" + source.getNode().(CleartextLogging::Source).describe() diff --git a/javascript/ql/src/Security/CWE-312/CleartextLogging.ql b/javascript/ql/src/Security/CWE-312/CleartextLogging.ql index 02779fa2e05f..dbc791cbaaa7 100644 --- a/javascript/ql/src/Security/CWE-312/CleartextLogging.ql +++ b/javascript/ql/src/Security/CWE-312/CleartextLogging.ql @@ -15,7 +15,7 @@ import javascript import semmle.javascript.security.dataflow.CleartextLoggingQuery -import DataFlow::PathGraph +import CleartextLoggingFlow::PathGraph /** * Holds if `tl` is used in a browser environment. @@ -33,9 +33,9 @@ predicate inBrowserEnvironment(TopLevel tl) { ) } -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink +from CleartextLoggingFlow::PathNode source, CleartextLoggingFlow::PathNode sink where - cfg.hasFlowPath(source, sink) and + CleartextLoggingFlow::flowPath(source, sink) and // ignore logging to the browser console (even though it is not a good practice) not inBrowserEnvironment(sink.getNode().asExpr().getTopLevel()) select sink.getNode(), source, sink, "This logs sensitive data returned by $@ as clear text.", diff --git a/javascript/ql/src/Security/CWE-312/CleartextStorage.ql b/javascript/ql/src/Security/CWE-312/CleartextStorage.ql index 4660c4add9fe..6f9bef802be4 100644 --- a/javascript/ql/src/Security/CWE-312/CleartextStorage.ql +++ b/javascript/ql/src/Security/CWE-312/CleartextStorage.ql @@ -15,9 +15,9 @@ import javascript import semmle.javascript.security.dataflow.CleartextStorageQuery -import DataFlow::PathGraph +import ClearTextStorageFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from ClearTextStorageFlow::PathNode source, ClearTextStorageFlow::PathNode sink +where ClearTextStorageFlow::flowPath(source, sink) select sink.getNode(), source, sink, "This stores sensitive data returned by $@ as clear text.", source.getNode(), source.getNode().(Source).describe() diff --git a/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql b/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql index a4dd7ed6372c..d888a5acdc42 100644 --- a/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql +++ b/javascript/ql/src/Security/CWE-327/BrokenCryptoAlgorithm.ql @@ -14,13 +14,13 @@ import javascript import semmle.javascript.security.dataflow.BrokenCryptoAlgorithmQuery import semmle.javascript.security.SensitiveActions -import DataFlow::PathGraph +import BrokenCryptoAlgorithmFlow::PathGraph from - Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, Source sourceNode, - Sink sinkNode + BrokenCryptoAlgorithmFlow::PathNode source, BrokenCryptoAlgorithmFlow::PathNode sink, + Source sourceNode, Sink sinkNode where - cfg.hasFlowPath(source, sink) and + BrokenCryptoAlgorithmFlow::flowPath(source, sink) and sourceNode = source.getNode() and sinkNode = sink.getNode() and not sourceNode instanceof CleartextPasswordExpr // flagged by js/insufficient-password-hash diff --git a/javascript/ql/src/Security/CWE-338/InsecureRandomness.ql b/javascript/ql/src/Security/CWE-338/InsecureRandomness.ql index 1d30221358d3..2bfcfc14d509 100644 --- a/javascript/ql/src/Security/CWE-338/InsecureRandomness.ql +++ b/javascript/ql/src/Security/CWE-338/InsecureRandomness.ql @@ -14,10 +14,10 @@ import javascript import semmle.javascript.security.dataflow.InsecureRandomnessQuery -import DataFlow::PathGraph +import InsecureRandomnessFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from InsecureRandomnessFlow::PathNode source, InsecureRandomnessFlow::PathNode sink +where InsecureRandomnessFlow::flowPath(source, sink) select sink.getNode(), source, sink, "This uses a cryptographically insecure random number generated at $@ in a security context.", source.getNode(), source.getNode().toString() diff --git a/javascript/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql b/javascript/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql index 279f09f71ba5..ac8acac4742d 100644 --- a/javascript/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql +++ b/javascript/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql @@ -14,10 +14,10 @@ import javascript import semmle.javascript.security.dataflow.CorsMisconfigurationForCredentialsQuery -import DataFlow::PathGraph +import CorsMisconfigurationFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from CorsMisconfigurationFlow::PathNode source, CorsMisconfigurationFlow::PathNode sink +where CorsMisconfigurationFlow::flowPath(source, sink) select sink.getNode(), source, sink, "$@ leak vulnerability due to a $@.", sink.getNode().(Sink).getCredentialsHeader(), "Credential", source.getNode(), "misconfigured CORS header value" diff --git a/javascript/ql/src/Security/CWE-377/InsecureTemporaryFile.ql b/javascript/ql/src/Security/CWE-377/InsecureTemporaryFile.ql index 9e9a9f126590..9a13bfbe4a51 100644 --- a/javascript/ql/src/Security/CWE-377/InsecureTemporaryFile.ql +++ b/javascript/ql/src/Security/CWE-377/InsecureTemporaryFile.ql @@ -13,10 +13,10 @@ */ import javascript -import DataFlow::PathGraph import semmle.javascript.security.dataflow.InsecureTemporaryFileQuery +import InsecureTemporaryFileFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from InsecureTemporaryFileFlow::PathNode source, InsecureTemporaryFileFlow::PathNode sink +where InsecureTemporaryFileFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Insecure creation of file in $@.", source.getNode(), "the os temp dir" diff --git a/javascript/ql/src/Security/CWE-400/DeepObjectResourceExhaustion.ql b/javascript/ql/src/Security/CWE-400/DeepObjectResourceExhaustion.ql index a9ea46c45104..066c3f148d54 100644 --- a/javascript/ql/src/Security/CWE-400/DeepObjectResourceExhaustion.ql +++ b/javascript/ql/src/Security/CWE-400/DeepObjectResourceExhaustion.ql @@ -11,14 +11,13 @@ */ import javascript -import DataFlow::PathGraph import semmle.javascript.security.dataflow.DeepObjectResourceExhaustionQuery +import DataFlow::DeduplicatePathGraph -from - Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, DataFlow::Node link, - string reason +from PathNode source, PathNode sink, DataFlow::Node link, string reason where - cfg.hasFlowPath(source, sink) and + DeepObjectResourceExhaustionFlow::flowPath(source.getAnOriginalPathNode(), + sink.getAnOriginalPathNode()) and sink.getNode().(Sink).hasReason(link, reason) select sink, source, sink, "Denial of service caused by processing $@ with $@.", source.getNode(), "user input", link, reason diff --git a/javascript/ql/src/Security/CWE-400/RemotePropertyInjection.ql b/javascript/ql/src/Security/CWE-400/RemotePropertyInjection.ql index 287b196feff8..92d18b3f1a27 100644 --- a/javascript/ql/src/Security/CWE-400/RemotePropertyInjection.ql +++ b/javascript/ql/src/Security/CWE-400/RemotePropertyInjection.ql @@ -14,9 +14,9 @@ import javascript import semmle.javascript.security.dataflow.RemotePropertyInjectionQuery -import DataFlow::PathGraph +import RemotePropertyInjectionFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from RemotePropertyInjectionFlow::PathNode source, RemotePropertyInjectionFlow::PathNode sink +where RemotePropertyInjectionFlow::flowPath(source, sink) select sink.getNode(), source, sink, sink.getNode().(Sink).getMessage() + " depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.ql b/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.ql index 35ae85130c98..e940ddff3382 100644 --- a/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.ql +++ b/javascript/ql/src/Security/CWE-502/UnsafeDeserialization.ql @@ -13,9 +13,9 @@ import javascript import semmle.javascript.security.dataflow.UnsafeDeserializationQuery -import DataFlow::PathGraph +import UnsafeDeserializationFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from UnsafeDeserializationFlow::PathNode source, UnsafeDeserializationFlow::PathNode sink +where UnsafeDeserializationFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Unsafe deserialization depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/Security/CWE-506/HardcodedDataInterpretedAsCode.ql b/javascript/ql/src/Security/CWE-506/HardcodedDataInterpretedAsCode.ql index 9fd53ce99169..bc6a5e5466fd 100644 --- a/javascript/ql/src/Security/CWE-506/HardcodedDataInterpretedAsCode.ql +++ b/javascript/ql/src/Security/CWE-506/HardcodedDataInterpretedAsCode.ql @@ -14,10 +14,12 @@ import javascript import semmle.javascript.security.dataflow.HardcodedDataInterpretedAsCodeQuery -import DataFlow::PathGraph +import DataFlow::DeduplicatePathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from PathNode source, PathNode sink +where + HardcodedDataInterpretedAsCodeFlow::flowPath(source.getAnOriginalPathNode(), + sink.getAnOriginalPathNode()) select sink.getNode(), source, sink, "$@ is interpreted as " + sink.getNode().(Sink).getKind() + ".", source.getNode(), "Hard-coded data" diff --git a/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.ql b/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.ql index 6f29d3882683..a4b08e385bae 100644 --- a/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.ql +++ b/javascript/ql/src/Security/CWE-601/ClientSideUrlRedirect.ql @@ -15,9 +15,10 @@ import javascript import semmle.javascript.security.dataflow.ClientSideUrlRedirectQuery -import DataFlow::PathGraph +import DataFlow::DeduplicatePathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from PathNode source, PathNode sink +where + ClientSideUrlRedirectFlow::flowPath(source.getAnOriginalPathNode(), sink.getAnOriginalPathNode()) select sink.getNode(), source, sink, "Untrusted URL redirection depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.ql b/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.ql index 764027065865..e3bc53ec4368 100644 --- a/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.ql +++ b/javascript/ql/src/Security/CWE-601/ServerSideUrlRedirect.ql @@ -13,9 +13,9 @@ import javascript import semmle.javascript.security.dataflow.ServerSideUrlRedirectQuery -import DataFlow::PathGraph +import ServerSideUrlRedirectFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from ServerSideUrlRedirectFlow::PathNode source, ServerSideUrlRedirectFlow::PathNode sink +where ServerSideUrlRedirectFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Untrusted URL redirection depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/Security/CWE-611/Xxe.ql b/javascript/ql/src/Security/CWE-611/Xxe.ql index 6f544f3a2e52..e1e84e360480 100644 --- a/javascript/ql/src/Security/CWE-611/Xxe.ql +++ b/javascript/ql/src/Security/CWE-611/Xxe.ql @@ -14,10 +14,10 @@ import javascript import semmle.javascript.security.dataflow.XxeQuery -import DataFlow::PathGraph +import XxeFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from XxeFlow::PathNode source, XxeFlow::PathNode sink +where XxeFlow::flowPath(source, sink) select sink.getNode(), source, sink, "XML parsing depends on a $@ without guarding against external entity expansion.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql b/javascript/ql/src/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql index 9cb88a29b9dc..377fcfcd1cb8 100644 --- a/javascript/ql/src/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql +++ b/javascript/ql/src/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.ql @@ -13,9 +13,9 @@ import javascript import semmle.javascript.security.dataflow.HostHeaderPoisoningInEmailGenerationQuery -import DataFlow::PathGraph +import HostHeaderPoisoningFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from HostHeaderPoisoningFlow::PathNode source, HostHeaderPoisoningFlow::PathNode sink +where HostHeaderPoisoningFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Links in this email can be hijacked by poisoning the $@.", source.getNode(), "HTTP host header" diff --git a/javascript/ql/src/Security/CWE-643/XpathInjection.ql b/javascript/ql/src/Security/CWE-643/XpathInjection.ql index 8a5bfbd791fc..c28441d8e24e 100644 --- a/javascript/ql/src/Security/CWE-643/XpathInjection.ql +++ b/javascript/ql/src/Security/CWE-643/XpathInjection.ql @@ -13,9 +13,9 @@ import javascript import semmle.javascript.security.dataflow.XpathInjectionQuery -import DataFlow::PathGraph +import XpathInjectionFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from XpathInjectionFlow::PathNode source, XpathInjectionFlow::PathNode sink +where XpathInjectionFlow::flowPath(source, sink) select sink.getNode(), source, sink, "XPath expression depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/Security/CWE-730/RegExpInjection.ql b/javascript/ql/src/Security/CWE-730/RegExpInjection.ql index 5b679cf1dcf5..4260c5e23eee 100644 --- a/javascript/ql/src/Security/CWE-730/RegExpInjection.ql +++ b/javascript/ql/src/Security/CWE-730/RegExpInjection.ql @@ -15,9 +15,9 @@ import javascript import semmle.javascript.security.dataflow.RegExpInjectionQuery -import DataFlow::PathGraph +import RegExpInjectionFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from RegExpInjectionFlow::PathNode source, RegExpInjectionFlow::PathNode sink +where RegExpInjectionFlow::flowPath(source, sink) select sink.getNode(), source, sink, "This regular expression is constructed from a $@.", source.getNode(), source.getNode().(Source).describe() diff --git a/javascript/ql/src/Security/CWE-754/UnvalidatedDynamicMethodCall.ql b/javascript/ql/src/Security/CWE-754/UnvalidatedDynamicMethodCall.ql index c2841c5e9021..df84c62edf77 100644 --- a/javascript/ql/src/Security/CWE-754/UnvalidatedDynamicMethodCall.ql +++ b/javascript/ql/src/Security/CWE-754/UnvalidatedDynamicMethodCall.ql @@ -13,10 +13,12 @@ import javascript import semmle.javascript.security.dataflow.UnvalidatedDynamicMethodCallQuery -import DataFlow::PathGraph +import DataFlow::DeduplicatePathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from PathNode source, PathNode sink +where + UnvalidatedDynamicMethodCallFlow::flowPath(source.getAnOriginalPathNode(), + sink.getAnOriginalPathNode()) select sink.getNode(), source, sink, "Invocation of method with $@ name may dispatch to unexpected target and cause an exception.", source.getNode(), "user-controlled" diff --git a/javascript/ql/src/Security/CWE-770/ResourceExhaustion.ql b/javascript/ql/src/Security/CWE-770/ResourceExhaustion.ql index 4a32424ac3ea..89452bea8ca2 100644 --- a/javascript/ql/src/Security/CWE-770/ResourceExhaustion.ql +++ b/javascript/ql/src/Security/CWE-770/ResourceExhaustion.ql @@ -13,10 +13,10 @@ */ import javascript -import DataFlow::PathGraph import semmle.javascript.security.dataflow.ResourceExhaustionQuery +import ResourceExhaustionFlow::PathGraph -from Configuration dataflow, DataFlow::PathNode source, DataFlow::PathNode sink -where dataflow.hasFlowPath(source, sink) +from ResourceExhaustionFlow::PathNode source, ResourceExhaustionFlow::PathNode sink +where ResourceExhaustionFlow::flowPath(source, sink) select sink, source, sink, sink.getNode().(Sink).getProblemDescription() + " from a $@.", source, "user-provided value" diff --git a/javascript/ql/src/Security/CWE-776/XmlBomb.ql b/javascript/ql/src/Security/CWE-776/XmlBomb.ql index e418f3298106..aa3f48c6037a 100644 --- a/javascript/ql/src/Security/CWE-776/XmlBomb.ql +++ b/javascript/ql/src/Security/CWE-776/XmlBomb.ql @@ -14,10 +14,10 @@ import javascript import semmle.javascript.security.dataflow.XmlBombQuery -import DataFlow::PathGraph +import XmlBombFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from XmlBombFlow::PathNode source, XmlBombFlow::PathNode sink +where XmlBombFlow::flowPath(source, sink) select sink.getNode(), source, sink, "XML parsing depends on a $@ without guarding against uncontrolled entity expansion.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql b/javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql index 1c13ad78bfa2..a94153e02263 100644 --- a/javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql +++ b/javascript/ql/src/Security/CWE-798/HardcodedCredentials.ql @@ -15,14 +15,14 @@ import javascript import semmle.javascript.security.dataflow.HardcodedCredentialsQuery -import DataFlow::PathGraph +import HardcodedCredentials::PathGraph bindingset[s] predicate looksLikeATemplate(string s) { s.regexpMatch(".*((\\{\\{.*\\}\\})|(<.*>)|(\\(.*\\))).*") } -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, string value +from HardcodedCredentials::PathNode source, HardcodedCredentials::PathNode sink, string value where - cfg.hasFlowPath(source, sink) and + HardcodedCredentials::flowPath(source, sink) and // use source value in message if it's available if source.getNode().asExpr() instanceof ConstantString then diff --git a/javascript/ql/src/Security/CWE-807/ConditionalBypass.ql b/javascript/ql/src/Security/CWE-807/ConditionalBypass.ql index 492dc5b8b6e7..a493662453e7 100644 --- a/javascript/ql/src/Security/CWE-807/ConditionalBypass.ql +++ b/javascript/ql/src/Security/CWE-807/ConditionalBypass.ql @@ -13,11 +13,13 @@ import javascript import semmle.javascript.security.dataflow.ConditionalBypassQuery -import DataFlow::PathGraph +import ConditionalBypassFlow::PathGraph -from DataFlow::PathNode source, DataFlow::PathNode sink, SensitiveAction action +from + ConditionalBypassFlow::PathNode source, ConditionalBypassFlow::PathNode sink, + SensitiveAction action where - isTaintedGuardForSensitiveAction(sink, source, action) and - not isEarlyAbortGuard(sink, action) + isTaintedGuardNodeForSensitiveAction(sink, source, action) and + not isEarlyAbortGuardNode(sink, action) select sink.getNode(), source, sink, "This condition guards a sensitive $@, but a $@ controls it.", action, "action", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/Security/CWE-829/InsecureDownload.ql b/javascript/ql/src/Security/CWE-829/InsecureDownload.ql index d1f272674772..4644f9813927 100644 --- a/javascript/ql/src/Security/CWE-829/InsecureDownload.ql +++ b/javascript/ql/src/Security/CWE-829/InsecureDownload.ql @@ -13,9 +13,9 @@ import javascript import semmle.javascript.security.dataflow.InsecureDownloadQuery -import DataFlow::PathGraph +import DataFlow::DeduplicatePathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from PathNode source, PathNode sink +where InsecureDownload::flowPath(source.getAnOriginalPathNode(), sink.getAnOriginalPathNode()) select sink.getNode(), source, sink, "$@ of sensitive file from $@.", sink.getNode().(Sink).getDownloadCall(), "Download", source.getNode(), "HTTP source" diff --git a/javascript/ql/src/Security/CWE-834/LoopBoundInjection.ql b/javascript/ql/src/Security/CWE-834/LoopBoundInjection.ql index 1970378ea9aa..8a8c74e9847d 100644 --- a/javascript/ql/src/Security/CWE-834/LoopBoundInjection.ql +++ b/javascript/ql/src/Security/CWE-834/LoopBoundInjection.ql @@ -14,10 +14,10 @@ import javascript import semmle.javascript.security.dataflow.LoopBoundInjectionQuery -import DataFlow::PathGraph +import LoopBoundInjectionFlow::PathGraph -from Configuration dataflow, DataFlow::PathNode source, DataFlow::PathNode sink -where dataflow.hasFlowPath(source, sink) +from LoopBoundInjectionFlow::PathNode source, LoopBoundInjectionFlow::PathNode sink +where LoopBoundInjectionFlow::flowPath(source, sink) select sink, source, sink, "Iteration over a user-controlled object with a potentially unbounded .length property from a $@.", source, "user-provided value" diff --git a/javascript/ql/src/Security/CWE-843/TypeConfusionThroughParameterTampering.ql b/javascript/ql/src/Security/CWE-843/TypeConfusionThroughParameterTampering.ql index 795ad48409c7..5887cb1db373 100644 --- a/javascript/ql/src/Security/CWE-843/TypeConfusionThroughParameterTampering.ql +++ b/javascript/ql/src/Security/CWE-843/TypeConfusionThroughParameterTampering.ql @@ -12,10 +12,10 @@ import javascript import semmle.javascript.security.dataflow.TypeConfusionThroughParameterTamperingQuery -import DataFlow::PathGraph +import TypeConfusionFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from TypeConfusionFlow::PathNode source, TypeConfusionFlow::PathNode sink +where TypeConfusionFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Potential type confusion as $@ may be either an array or a string.", source.getNode(), "this HTTP request parameter" diff --git a/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql b/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql index a2953365b64a..88362ce545d7 100644 --- a/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql +++ b/javascript/ql/src/Security/CWE-912/HttpToFileAccess.ql @@ -13,9 +13,9 @@ import javascript import semmle.javascript.security.dataflow.HttpToFileAccessQuery -import DataFlow::PathGraph +import HttpToFileAccessFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from HttpToFileAccessFlow::PathNode source, HttpToFileAccessFlow::PathNode sink +where HttpToFileAccessFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Write to file system depends on $@.", source.getNode(), "Untrusted data" diff --git a/javascript/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql b/javascript/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql index 2b916426169e..b5f86910e9de 100644 --- a/javascript/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql +++ b/javascript/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql @@ -19,10 +19,13 @@ import javascript import semmle.javascript.security.dataflow.PrototypePollutingAssignmentQuery -import DataFlow::PathGraph +import PrototypePollutingAssignmentFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from + PrototypePollutingAssignmentFlow::PathNode source, PrototypePollutingAssignmentFlow::PathNode sink +where + PrototypePollutingAssignmentFlow::flowPath(source, sink) and + not isIgnoredLibraryFlow(source.getNode(), sink.getNode()) select sink, source, sink, "This assignment may alter Object.prototype if a malicious '__proto__' string is injected from $@.", source.getNode(), source.getNode().(Source).describe() diff --git a/javascript/ql/src/Security/CWE-915/PrototypePollutingFunction.ql b/javascript/ql/src/Security/CWE-915/PrototypePollutingFunction.ql index fa2fd3da0216..161763d341ea 100644 --- a/javascript/ql/src/Security/CWE-915/PrototypePollutingFunction.ql +++ b/javascript/ql/src/Security/CWE-915/PrototypePollutingFunction.ql @@ -17,11 +17,10 @@ */ import javascript -import DataFlow -import PathGraph import semmle.javascript.DynamicPropertyAccess private import semmle.javascript.dataflow.InferredTypes +// WIN: gained TP in Lucifier/r.js:2757, though not sure why it wasn't flagged to start with. /** * A call of form `x.split(".")` where `x` is a parameter. * @@ -30,14 +29,14 @@ private import semmle.javascript.dataflow.InferredTypes class SplitCall extends StringSplitCall { SplitCall() { this.getSeparator() = "." and - this.getBaseString().getALocalSource() instanceof ParameterNode + this.getBaseString().getALocalSource() instanceof DataFlow::ParameterNode } } /** * Holds if `pred -> succ` should preserve polluted property names. */ -predicate copyArrayStep(SourceNode pred, SourceNode succ) { +predicate copyArrayStep(DataFlow::SourceNode pred, DataFlow::SourceNode succ) { // x -> [...x] exists(SpreadElement spread | pred.flowsTo(spread.getOperand().flow()) and @@ -45,7 +44,7 @@ predicate copyArrayStep(SourceNode pred, SourceNode succ) { ) or // `x -> y` in `y.push( x[i] )` - exists(MethodCallNode push | + exists(DataFlow::MethodCallNode push | push = succ.getAMethodCall("push") and ( getAnEnumeratedArrayElement(pred).flowsTo(push.getAnArgument()) @@ -55,7 +54,7 @@ predicate copyArrayStep(SourceNode pred, SourceNode succ) { ) or // x -> x.concat(...) - exists(MethodCallNode concat_ | + exists(DataFlow::MethodCallNode concat_ | concat_.getMethodName() = "concat" and (pred = concat_.getReceiver() or pred = concat_.getAnArgument()) and succ = concat_ @@ -66,21 +65,21 @@ predicate copyArrayStep(SourceNode pred, SourceNode succ) { * Holds if `node` may refer to a `SplitCall` or a copy thereof, possibly * returned through a function call. */ -predicate isSplitArray(SourceNode node) { +predicate isSplitArray(DataFlow::SourceNode node) { node instanceof SplitCall or - exists(SourceNode pred | isSplitArray(pred) | + exists(DataFlow::SourceNode pred | isSplitArray(pred) | copyArrayStep(pred, node) or - pred.flowsToExpr(node.(CallNode).getACallee().getAReturnedExpr()) + pred.flowsToExpr(node.(DataFlow::CallNode).getACallee().getAReturnedExpr()) ) } /** * A property name originating from a `x.split(".")` call. */ -class SplitPropName extends SourceNode { - SourceNode array; +class SplitPropName extends DataFlow::SourceNode { + DataFlow::SourceNode array; SplitPropName() { isSplitArray(array) and @@ -90,7 +89,7 @@ class SplitPropName extends SourceNode { /** * Gets the array from which this property name was obtained (the result from `split`). */ - SourceNode getArray() { result = array } + DataFlow::SourceNode getArray() { result = array } /** Gets an element accessed on the same underlying array. */ SplitPropName getAnAlias() { result.getArray() = this.getArray() } @@ -117,18 +116,18 @@ predicate isPollutedPropNameSource(DataFlow::Node node) { * Holds if `node` may flow from a source of polluted propery names, possibly * into function calls (but not returns). */ -predicate isPollutedPropName(Node node) { +predicate isPollutedPropName(DataFlow::Node node) { isPollutedPropNameSource(node) or - exists(Node pred | isPollutedPropName(pred) | + exists(DataFlow::Node pred | isPollutedPropName(pred) | node = pred.getASuccessor() or - argumentPassingStep(_, pred, _, node) + DataFlow::argumentPassingStep(_, pred, _, node) or // Handle one level of callbacks - exists(FunctionNode function, ParameterNode callback, int i | + exists(DataFlow::FunctionNode function, DataFlow::ParameterNode callback, int i | pred = callback.getAnInvocation().getArgument(i) and - argumentPassingStep(_, function, _, callback) and + DataFlow::argumentPassingStep(_, function, _, callback) and node = function.getParameter(i) ) ) @@ -138,8 +137,8 @@ predicate isPollutedPropName(Node node) { * Holds if `node` may refer to `Object.prototype` obtained through dynamic property * read of a property obtained through property enumeration. */ -predicate isPotentiallyObjectPrototype(SourceNode node) { - exists(Node base, Node key | +predicate isPotentiallyObjectPrototype(DataFlow::SourceNode node) { + exists(DataFlow::Node base, DataFlow::Node key | dynamicPropReadStep(base, key, node) and isPollutedPropName(key) and // Ignore cases where the properties of `base` are enumerated, to avoid FPs @@ -149,8 +148,8 @@ predicate isPotentiallyObjectPrototype(SourceNode node) { not arePropertiesEnumerated(base.getALocalSource()) ) or - exists(Node use | isPotentiallyObjectPrototype(use.getALocalSource()) | - argumentPassingStep(_, use, _, node) + exists(DataFlow::Node use | isPotentiallyObjectPrototype(use.getALocalSource()) | + DataFlow::argumentPassingStep(_, use, _, node) ) } @@ -197,7 +196,7 @@ string unsafePropName() { * A flow label representing an unsafe property name, or an object obtained * by using such a property in a dynamic read. */ -class UnsafePropLabel extends FlowLabel { +class UnsafePropLabel extends DataFlow::FlowLabel { UnsafePropLabel() { this = unsafePropName() } } @@ -233,10 +232,10 @@ class UnsafePropLabel extends FlowLabel { * for coinciding paths afterwards. This means this configuration can't be used as * a standalone configuration like in most path queries. */ -class PropNameTracking extends DataFlow::Configuration { - PropNameTracking() { this = "PropNameTracking" } +module PropNameTrackingConfig implements DataFlow::StateConfigSig { + class FlowState = DataFlow::FlowLabel; - override predicate isSource(DataFlow::Node node, FlowLabel label) { + predicate isSource(DataFlow::Node node, DataFlow::FlowLabel label) { label instanceof UnsafePropLabel and ( isPollutedPropNameSource(node) @@ -245,7 +244,7 @@ class PropNameTracking extends DataFlow::Configuration { ) } - override predicate isSink(DataFlow::Node node, FlowLabel label) { + predicate isSink(DataFlow::Node node, DataFlow::FlowLabel label) { label instanceof UnsafePropLabel and ( dynamicPropWrite(node, _, _) or @@ -254,14 +253,19 @@ class PropNameTracking extends DataFlow::Configuration { ) } - override predicate isAdditionalFlowStep( - DataFlow::Node pred, DataFlow::Node succ, FlowLabel predlbl, FlowLabel succlbl + predicate isBarrier(DataFlow::Node node, DataFlow::FlowLabel label) { + node = DataFlow::MakeLabeledBarrierGuard::getABarrierNode(label) + } + + predicate isAdditionalFlowStep( + DataFlow::Node pred, DataFlow::FlowLabel predlbl, DataFlow::Node succ, + DataFlow::FlowLabel succlbl ) { predlbl instanceof UnsafePropLabel and succlbl = predlbl and ( // Step through `p -> x[p]` - exists(PropRead read | + exists(DataFlow::PropRead read | pred = read.getPropertyNameExpr().flow() and not read.(DynamicPropRead).hasDominatingAssignment() and succ = read @@ -276,29 +280,33 @@ class PropNameTracking extends DataFlow::Configuration { ) } - override predicate isBarrier(DataFlow::Node node) { - super.isBarrier(node) - or - node instanceof DataFlow::VarAccessBarrier + predicate isBarrier(DataFlow::Node node) { + node instanceof DataFlow::VarAccessBarrier or + node = DataFlow::MakeBarrierGuard::getABarrierNode() } +} - override predicate isBarrierGuard(DataFlow::BarrierGuardNode node) { - node instanceof DenyListEqualityGuard or - node instanceof AllowListEqualityGuard or - node instanceof HasOwnPropertyGuard or - node instanceof InExprGuard or - node instanceof InstanceOfGuard or - node instanceof TypeofGuard or - node instanceof DenyListInclusionGuard or - node instanceof AllowListInclusionGuard or - node instanceof IsPlainObjectGuard - } +module PropNameTracking = DataFlow::GlobalWithState; + +/** + * A barrier guard for prototype pollution. + */ +abstract class BarrierGuard extends DataFlow::Node { + /** + * Holds if this node acts as a barrier for data flow, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e) { none() } + + /** + * Holds if this node acts as a barrier for `label`, blocking further flow from `e` if `this` evaluates to `outcome`. + */ + predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { none() } } /** * A sanitizer guard of form `x === "__proto__"` or `x === "constructor"`. */ -class DenyListEqualityGuard extends DataFlow::LabeledBarrierGuardNode, ValueNode { +class DenyListEqualityGuard extends BarrierGuard, DataFlow::ValueNode { override EqualityTest astNode; string propName; @@ -307,7 +315,7 @@ class DenyListEqualityGuard extends DataFlow::LabeledBarrierGuardNode, ValueNode propName = unsafePropName() } - override predicate blocks(boolean outcome, Expr e, FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { e = astNode.getAnOperand() and outcome = astNode.getPolarity().booleanNot() and label = propName @@ -317,7 +325,7 @@ class DenyListEqualityGuard extends DataFlow::LabeledBarrierGuardNode, ValueNode /** * An equality test with something other than `__proto__` or `constructor`. */ -class AllowListEqualityGuard extends DataFlow::LabeledBarrierGuardNode, ValueNode { +class AllowListEqualityGuard extends BarrierGuard, DataFlow::ValueNode { override EqualityTest astNode; AllowListEqualityGuard() { @@ -325,7 +333,7 @@ class AllowListEqualityGuard extends DataFlow::LabeledBarrierGuardNode, ValueNod astNode.getAnOperand() instanceof Literal } - override predicate blocks(boolean outcome, Expr e, FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { e = astNode.getAnOperand() and outcome = astNode.getPolarity() and label instanceof UnsafePropLabel @@ -339,7 +347,7 @@ class AllowListEqualityGuard extends DataFlow::LabeledBarrierGuardNode, ValueNod * but the destination object generally doesn't. It is therefore only a sanitizer when * used on the destination object. */ -class HasOwnPropertyGuard extends DataFlow::BarrierGuardNode instanceof HasOwnPropertyCall { +class HasOwnPropertyGuard extends BarrierGuard instanceof HasOwnPropertyCall { HasOwnPropertyGuard() { // Try to avoid `src.hasOwnProperty` by requiring that the receiver // does not locally have its properties enumerated. Typically there is no @@ -347,7 +355,7 @@ class HasOwnPropertyGuard extends DataFlow::BarrierGuardNode instanceof HasOwnPr not arePropertiesEnumerated(super.getObject().getALocalSource()) } - override predicate blocks(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { e = super.getProperty().asExpr() and outcome = true } } @@ -358,7 +366,7 @@ class HasOwnPropertyGuard extends DataFlow::BarrierGuardNode instanceof HasOwnPr * Since `"__proto__" in obj` and `"constructor" in obj` is true for most objects, * this is seen as a sanitizer for `key` in the false outcome. */ -class InExprGuard extends DataFlow::BarrierGuardNode, DataFlow::ValueNode { +class InExprGuard extends BarrierGuard, DataFlow::ValueNode { override InExpr astNode; InExprGuard() { @@ -366,7 +374,7 @@ class InExprGuard extends DataFlow::BarrierGuardNode, DataFlow::ValueNode { not arePropertiesEnumerated(astNode.getRightOperand().flow().getALocalSource()) } - override predicate blocks(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { e = astNode.getLeftOperand() and outcome = false } } @@ -379,10 +387,10 @@ class InExprGuard extends DataFlow::BarrierGuardNode, DataFlow::ValueNode { * It is still possible to get to `Function.prototype` through `constructor.constructor.prototype` * so we do not block the `constructor` label. */ -class InstanceOfGuard extends DataFlow::LabeledBarrierGuardNode, DataFlow::ValueNode { +class InstanceOfGuard extends BarrierGuard, DataFlow::ValueNode { override InstanceOfExpr astNode; - override predicate blocks(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { e = astNode.getLeftOperand() and outcome = true and label = "__proto__" } } @@ -393,14 +401,14 @@ class InstanceOfGuard extends DataFlow::LabeledBarrierGuardNode, DataFlow::Value * The former blocks the `constructor` label as that payload must pass through a function, * and the latter blocks the `__proto__` label as that only passes through objects. */ -class TypeofGuard extends DataFlow::LabeledBarrierGuardNode, DataFlow::ValueNode { +class TypeofGuard extends BarrierGuard, DataFlow::ValueNode { override EqualityTest astNode; Expr operand; TypeofTag tag; TypeofGuard() { TaintTracking::isTypeofGuard(astNode, operand, tag) } - override predicate blocks(boolean outcome, Expr e, DataFlow::FlowLabel label) { + override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel label) { e = operand and outcome = astNode.getPolarity() and ( @@ -428,7 +436,7 @@ class TypeofGuard extends DataFlow::LabeledBarrierGuardNode, DataFlow::ValueNode /** * A check of form `["__proto__"].includes(x)` or similar. */ -class DenyListInclusionGuard extends DataFlow::LabeledBarrierGuardNode, InclusionTest { +class DenyListInclusionGuard extends BarrierGuard, InclusionTest { UnsafePropLabel label; DenyListInclusionGuard() { @@ -438,7 +446,7 @@ class DenyListInclusionGuard extends DataFlow::LabeledBarrierGuardNode, Inclusio ) } - override predicate blocks(boolean outcome, Expr e, DataFlow::FlowLabel lbl) { + override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel lbl) { outcome = this.getPolarity().booleanNot() and e = this.getContainedNode().asExpr() and label = lbl @@ -448,7 +456,7 @@ class DenyListInclusionGuard extends DataFlow::LabeledBarrierGuardNode, Inclusio /** * A check of form `xs.includes(x)` or similar, which sanitizes `x` in the true case. */ -class AllowListInclusionGuard extends DataFlow::LabeledBarrierGuardNode { +class AllowListInclusionGuard extends BarrierGuard { AllowListInclusionGuard() { this instanceof TaintTracking::PositiveIndexOfSanitizer or @@ -456,7 +464,7 @@ class AllowListInclusionGuard extends DataFlow::LabeledBarrierGuardNode { not this = any(MembershipCandidate::ObjectPropertyNameMembershipCandidate c).getTest() // handled with more precision in `HasOwnPropertyGuard` } - override predicate blocks(boolean outcome, Expr e, DataFlow::FlowLabel lbl) { + override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel lbl) { this.(TaintTracking::AdditionalSanitizerGuardNode).sanitizes(outcome, e) and lbl instanceof UnsafePropLabel } @@ -467,14 +475,14 @@ class AllowListInclusionGuard extends DataFlow::LabeledBarrierGuardNode { * payload in the true case, since it rejects objects with a non-standard `constructor` * property. */ -class IsPlainObjectGuard extends DataFlow::LabeledBarrierGuardNode, DataFlow::CallNode { +class IsPlainObjectGuard extends BarrierGuard, DataFlow::CallNode { IsPlainObjectGuard() { exists(string name | name = "is-plain-object" or name = "is-extendable" | - this = moduleImport(name).getACall() + this = DataFlow::moduleImport(name).getACall() ) } - override predicate blocks(boolean outcome, Expr e, DataFlow::FlowLabel lbl) { + override predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel lbl) { e = this.getArgument(0).asExpr() and outcome = true and lbl = "constructor" @@ -507,26 +515,26 @@ string deriveExprName(DataFlow::Node node) { * In most cases this will result in an alert, the exception being the case where * `base` does not have a prototype at all. */ -predicate isPrototypePollutingAssignment(Node base, Node prop, Node rhs, Node propNameSource) { +predicate isPrototypePollutingAssignment( + DataFlow::Node base, DataFlow::Node prop, DataFlow::Node rhs, DataFlow::Node propNameSource +) { dynamicPropWrite(base, prop, rhs) and isPollutedPropNameSource(propNameSource) and - exists(PropNameTracking cfg | - cfg.hasFlow(propNameSource, base) and - if propNameSource instanceof EnumeratedPropName - then - cfg.hasFlow(propNameSource, prop) and - cfg.hasFlow([propNameSource, AccessPath::getAnAliasedSourceNode(propNameSource)] - .(EnumeratedPropName) - .getASourceProp(), rhs) - else ( - cfg.hasFlow(propNameSource.(SplitPropName).getAnAlias(), prop) and - rhs.getALocalSource() instanceof ParameterNode - ) + PropNameTracking::flow(propNameSource, base) and + if propNameSource instanceof EnumeratedPropName + then + PropNameTracking::flow(propNameSource, prop) and + PropNameTracking::flow([propNameSource, AccessPath::getAnAliasedSourceNode(propNameSource)] + .(EnumeratedPropName) + .getASourceProp(), rhs) + else ( + PropNameTracking::flow(propNameSource.(SplitPropName).getAnAlias(), prop) and + rhs.getALocalSource() instanceof DataFlow::ParameterNode ) } /** Gets a data flow node leading to the base of a prototype-polluting assignment. */ -private DataFlow::SourceNode getANodeLeadingToBase(DataFlow::TypeBackTracker t, Node base) { +private DataFlow::SourceNode getANodeLeadingToBase(DataFlow::TypeBackTracker t, DataFlow::Node base) { t.start() and isPrototypePollutingAssignment(base, _, _, _) and result = base.getALocalSource() @@ -542,7 +550,9 @@ private DataFlow::SourceNode getANodeLeadingToBase(DataFlow::TypeBackTracker t, * This dynamic read is where the reference to a built-in prototype object is obtained, * and we need this to ensure that this object actually has a prototype. */ -private DataFlow::SourceNode getANodeLeadingToBaseBase(DataFlow::TypeBackTracker t, Node base) { +private DataFlow::SourceNode getANodeLeadingToBaseBase( + DataFlow::TypeBackTracker t, DataFlow::Node base +) { exists(DynamicPropRead read | read = getANodeLeadingToBase(t, base) and result = read.getBase().getALocalSource() @@ -553,29 +563,31 @@ private DataFlow::SourceNode getANodeLeadingToBaseBase(DataFlow::TypeBackTracker ) } -DataFlow::SourceNode getANodeLeadingToBaseBase(Node base) { +DataFlow::SourceNode getANodeLeadingToBaseBase(DataFlow::Node base) { result = getANodeLeadingToBaseBase(DataFlow::TypeBackTracker::end(), base) } /** A call to `Object.create(null)`. */ -class ObjectCreateNullCall extends CallNode { +class ObjectCreateNullCall extends DataFlow::CallNode { ObjectCreateNullCall() { - this = globalVarRef("Object").getAMemberCall("create") and + this = DataFlow::globalVarRef("Object").getAMemberCall("create") and this.getArgument(0).asExpr() instanceof NullLiteral } } +import DataFlow::DeduplicatePathGraph + from - PropNameTracking cfg, DataFlow::PathNode source, DataFlow::PathNode sink, Node propNameSource, - Node base, string msg, Node col1, Node col2 + PathNode source, PathNode sink, DataFlow::Node propNameSource, DataFlow::Node base, string msg, + DataFlow::Node col1, DataFlow::Node col2 where isPollutedPropName(propNameSource) and - cfg.hasFlowPath(source, sink) and + PropNameTracking::flowPath(source.getAnOriginalPathNode(), sink.getAnOriginalPathNode()) and isPrototypePollutingAssignment(base, _, _, propNameSource) and sink.getNode() = base and source.getNode() = propNameSource and ( - getANodeLeadingToBaseBase(base) instanceof ObjectLiteralNode + getANodeLeadingToBaseBase(base) instanceof DataFlow::ObjectLiteralNode or not getANodeLeadingToBaseBase(base) instanceof ObjectCreateNullCall ) and diff --git a/javascript/ql/src/Security/CWE-915/PrototypePollutingMergeCall.ql b/javascript/ql/src/Security/CWE-915/PrototypePollutingMergeCall.ql index 0bc84b82d45c..b23d7caa8d8b 100644 --- a/javascript/ql/src/Security/CWE-915/PrototypePollutingMergeCall.ql +++ b/javascript/ql/src/Security/CWE-915/PrototypePollutingMergeCall.ql @@ -19,13 +19,11 @@ import javascript import semmle.javascript.security.dataflow.PrototypePollutionQuery -import DataFlow::PathGraph +import DataFlow::DeduplicatePathGraph -from - Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, string moduleName, - Locatable dependencyLoc +from PathNode source, PathNode sink, string moduleName, Locatable dependencyLoc where - cfg.hasFlowPath(source, sink) and + PrototypePollutionFlow::flowPath(source.getAnOriginalPathNode(), sink.getAnOriginalPathNode()) and sink.getNode().(Sink).dependencyInfo(moduleName, dependencyLoc) select sink.getNode(), source, sink, "Prototype pollution caused by merging a $@ using a vulnerable version of $@.", source, diff --git a/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.ql b/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.ql index a40689f41dfd..1cfc3111ad91 100644 --- a/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.ql +++ b/javascript/ql/src/Security/CWE-916/InsufficientPasswordHash.ql @@ -12,9 +12,9 @@ import javascript import semmle.javascript.security.dataflow.InsufficientPasswordHashQuery -import DataFlow::PathGraph +import InsufficientPasswordHashFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) +from InsufficientPasswordHashFlow::PathNode source, InsufficientPasswordHashFlow::PathNode sink +where InsufficientPasswordHashFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Password from $@ is hashed insecurely.", source.getNode(), source.getNode().(Source).describe() diff --git a/javascript/ql/src/Security/CWE-918/ClientSideRequestForgery.ql b/javascript/ql/src/Security/CWE-918/ClientSideRequestForgery.ql index 4e03a62b1981..1f8fb9c2d416 100644 --- a/javascript/ql/src/Security/CWE-918/ClientSideRequestForgery.ql +++ b/javascript/ql/src/Security/CWE-918/ClientSideRequestForgery.ql @@ -13,11 +13,13 @@ import javascript import semmle.javascript.security.dataflow.ClientSideRequestForgeryQuery -import DataFlow::PathGraph +import ClientSideRequestForgeryFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, DataFlow::Node request +from + ClientSideRequestForgeryFlow::PathNode source, ClientSideRequestForgeryFlow::PathNode sink, + DataFlow::Node request where - cfg.hasFlowPath(source, sink) and + ClientSideRequestForgeryFlow::flowPath(source, sink) and request = sink.getNode().(Sink).getARequest() select request, source, sink, "The $@ of this request depends on a $@.", sink.getNode(), sink.getNode().(Sink).getKind(), source, "user-provided value" diff --git a/javascript/ql/src/Security/CWE-918/RequestForgery.ql b/javascript/ql/src/Security/CWE-918/RequestForgery.ql index c84f5f7d1cbb..6546104068bf 100644 --- a/javascript/ql/src/Security/CWE-918/RequestForgery.ql +++ b/javascript/ql/src/Security/CWE-918/RequestForgery.ql @@ -12,11 +12,11 @@ import javascript import semmle.javascript.security.dataflow.RequestForgeryQuery -import DataFlow::PathGraph +import RequestForgeryFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, DataFlow::Node request +from RequestForgeryFlow::PathNode source, RequestForgeryFlow::PathNode sink, DataFlow::Node request where - cfg.hasFlowPath(source, sink) and + RequestForgeryFlow::flowPath(source, sink) and request = sink.getNode().(Sink).getARequest() select request, source, sink, "The $@ of this request depends on a $@.", sink.getNode(), sink.getNode().(Sink).getKind(), source, "user-provided value" diff --git a/javascript/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql b/javascript/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql index a2437fa670cf..2f039b8fc3b4 100644 --- a/javascript/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql +++ b/javascript/ql/src/experimental/Security/CWE-340/TokenBuiltFromUUID.ql @@ -14,7 +14,6 @@ import javascript import DataFlow -import DataFlow::PathGraph class PredictableResultSource extends DataFlow::Node { PredictableResultSource() { @@ -38,14 +37,16 @@ class TokenAssignmentValueSink extends DataFlow::Node { } } -class TokenBuiltFromUuidConfig extends TaintTracking::Configuration { - TokenBuiltFromUuidConfig() { this = "TokenBuiltFromUuidConfig" } +module TokenBuiltFromUuidConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof PredictableResultSource } - override predicate isSource(DataFlow::Node source) { source instanceof PredictableResultSource } - - override predicate isSink(DataFlow::Node sink) { sink instanceof TokenAssignmentValueSink } + predicate isSink(DataFlow::Node sink) { sink instanceof TokenAssignmentValueSink } } -from DataFlow::PathNode source, DataFlow::PathNode sink, TokenBuiltFromUuidConfig config -where config.hasFlowPath(source, sink) +module TokenBuiltFromUuidFlow = TaintTracking::Global; + +import TokenBuiltFromUuidFlow::PathGraph + +from TokenBuiltFromUuidFlow::PathNode source, TokenBuiltFromUuidFlow::PathNode sink +where TokenBuiltFromUuidFlow::flowPath(source, sink) select sink.getNode(), source, sink, "Token built from $@.", source.getNode(), "predictable value" diff --git a/javascript/ql/src/experimental/Security/CWE-918/SSRF.ql b/javascript/ql/src/experimental/Security/CWE-918/SSRF.ql index ce4d3f7791cf..7ea1826bbfab 100644 --- a/javascript/ql/src/experimental/Security/CWE-918/SSRF.ql +++ b/javascript/ql/src/experimental/Security/CWE-918/SSRF.ql @@ -12,9 +12,9 @@ import javascript import SSRF -import DataFlow::PathGraph +import SsrfFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, DataFlow::Node request +from SsrfFlow::PathNode source, SsrfFlow::PathNode sink, DataFlow::Node request where - cfg.hasFlowPath(source, sink) and request = sink.getNode().(RequestForgery::Sink).getARequest() + SsrfFlow::flowPath(source, sink) and request = sink.getNode().(RequestForgery::Sink).getARequest() select sink, source, sink, "The URL of this request depends on a user-provided value." diff --git a/javascript/ql/src/experimental/Security/CWE-918/SSRF.qll b/javascript/ql/src/experimental/Security/CWE-918/SSRF.qll index 95d46aad8683..da20923ce1a1 100644 --- a/javascript/ql/src/experimental/Security/CWE-918/SSRF.qll +++ b/javascript/ql/src/experimental/Security/CWE-918/SSRF.qll @@ -2,42 +2,48 @@ import javascript import semmle.javascript.security.dataflow.RequestForgeryCustomizations import semmle.javascript.security.dataflow.UrlConcatenation -class Configuration extends TaintTracking::Configuration { - Configuration() { this = "SSRF" } - - override predicate isSource(DataFlow::Node source) { source instanceof RequestForgery::Source } +module SsrfConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof RequestForgery::Source } - override predicate isSink(DataFlow::Node sink) { sink instanceof RequestForgery::Sink } + predicate isSink(DataFlow::Node sink) { sink instanceof RequestForgery::Sink } - override predicate isSanitizer(DataFlow::Node node) { - super.isSanitizer(node) or - node instanceof RequestForgery::Sanitizer + predicate isBarrier(DataFlow::Node node) { + node instanceof RequestForgery::Sanitizer or node = Guards::getABarrierNode() } private predicate hasSanitizingSubstring(DataFlow::Node nd) { nd.getStringValue().regexpMatch(".*[?#].*") or - this.hasSanitizingSubstring(StringConcatenation::getAnOperand(nd)) + hasSanitizingSubstring(StringConcatenation::getAnOperand(nd)) or - this.hasSanitizingSubstring(nd.getAPredecessor()) + hasSanitizingSubstring(nd.getAPredecessor()) } private predicate strictSanitizingPrefixEdge(DataFlow::Node source, DataFlow::Node sink) { exists(DataFlow::Node operator, int n | StringConcatenation::taintStep(source, sink, operator, n) and - this.hasSanitizingSubstring(StringConcatenation::getOperand(operator, [0 .. n - 1])) + hasSanitizingSubstring(StringConcatenation::getOperand(operator, [0 .. n - 1])) ) } - override predicate isSanitizerOut(DataFlow::Node node) { - this.strictSanitizingPrefixEdge(node, _) - } + predicate isBarrierOut(DataFlow::Node node) { strictSanitizingPrefixEdge(node, _) } - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode nd) { + private predicate isBarrierGuard(DataFlow::BarrierGuardNode nd) { nd instanceof IntegerCheck or nd instanceof ValidatorCheck or nd instanceof TernaryOperatorSanitizerGuard } + + private module Guards = DataFlow::MakeLegacyBarrierGuard; +} + +module SsrfFlow = TaintTracking::Global; + +/** + * DEPRECATED. Use the `SsrfFlow` module instead. + */ +deprecated class Configuration extends TaintTracking::Configuration { + Configuration() { this = "SSRF" } } /** @@ -104,7 +110,9 @@ class TernaryOperatorSanitizerGuard extends TaintTracking::SanitizerGuardNode { not this.asExpr() instanceof LogicalBinaryExpr } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + + predicate blocksExpr(boolean outcome, Expr e) { not this.asExpr() instanceof LogNotExpr and originalGuard.sanitizes(outcome, e) or @@ -126,7 +134,9 @@ class TernaryOperatorSanitizerGuard extends TaintTracking::SanitizerGuardNode { class IntegerCheck extends TaintTracking::SanitizerGuardNode, DataFlow::CallNode { IntegerCheck() { this = DataFlow::globalVarRef("Number").getAMemberCall("isInteger") } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + + predicate blocksExpr(boolean outcome, Expr e) { outcome = true and e = this.getArgument(0).asExpr() } @@ -149,7 +159,9 @@ class ValidatorCheck extends TaintTracking::SanitizerGuardNode, DataFlow::CallNo ) } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + + predicate blocksExpr(boolean outcome, Expr e) { outcome = true and e = this.getArgument(0).asExpr() } diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql index dff265363191..4bf06b544474 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql @@ -12,11 +12,15 @@ import javascript import semmle.javascript.security.dataflow.ExternalAPIUsedWithUntrustedDataQuery -import DataFlow::PathGraph import semmle.javascript.heuristics.AdditionalSources +import ExternalAPIUsedWithUntrustedDataFlow::PathGraph -from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink -where config.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource +from + ExternalAPIUsedWithUntrustedDataFlow::PathNode source, + ExternalAPIUsedWithUntrustedDataFlow::PathNode sink +where + ExternalAPIUsedWithUntrustedDataFlow::flowPath(source, sink) and + source.getNode() instanceof HeuristicSource select sink, source, sink, "Call to " + sink.getNode().(Sink).getApiName() + " with untrusted data from $@.", source, source.toString() diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-078/CommandInjection.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-078/CommandInjection.ql index b21c86fc50a6..f59de018f8b3 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-078/CommandInjection.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-078/CommandInjection.ql @@ -16,17 +16,17 @@ import javascript import semmle.javascript.security.dataflow.CommandInjectionQuery -import DataFlow::PathGraph import semmle.javascript.heuristics.AdditionalSources +import CommandInjectionFlow::PathGraph from - Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, DataFlow::Node highlight, - Source sourceNode + CommandInjectionFlow::PathNode source, CommandInjectionFlow::PathNode sink, + DataFlow::Node highlight, Source sourceNode where - cfg.hasFlowPath(source, sink) and + CommandInjectionFlow::flowPath(source, sink) and ( - if cfg.isSinkWithHighlight(sink.getNode(), _) - then cfg.isSinkWithHighlight(sink.getNode(), highlight) + if isSinkWithHighlight(sink.getNode(), _) + then isSinkWithHighlight(sink.getNode(), highlight) else highlight = sink.getNode() ) and sourceNode = source.getNode() and diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-079/Xss.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-079/Xss.ql index e93cd7e6ca5c..2db4b18e570e 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-079/Xss.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-079/Xss.ql @@ -15,11 +15,11 @@ import javascript import semmle.javascript.security.dataflow.DomBasedXssQuery -import DataFlow::PathGraph import semmle.javascript.heuristics.AdditionalSources +import DomBasedXssFlow::PathGraph -from DataFlow::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource +from DomBasedXssFlow::PathNode source, DomBasedXssFlow::PathNode sink +where DomBasedXssFlow::flowPath(source, sink) and source.getNode() instanceof HeuristicSource select sink.getNode(), source, sink, sink.getNode().(Sink).getVulnerabilityKind() + " vulnerability due to $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-089/SqlInjection.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-089/SqlInjection.ql index e82b9d40d5be..b8928021085f 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-089/SqlInjection.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-089/SqlInjection.ql @@ -15,18 +15,24 @@ */ import javascript -import semmle.javascript.security.dataflow.SqlInjectionQuery as SqlInjection -import semmle.javascript.security.dataflow.NosqlInjectionQuery as NosqlInjection -import DataFlow::PathGraph +import semmle.javascript.security.dataflow.SqlInjectionQuery as Sql +import semmle.javascript.security.dataflow.NosqlInjectionQuery as Nosql import semmle.javascript.heuristics.AdditionalSources -from DataFlow::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink, string type +module Merged = + DataFlow::MergePathGraph; + +import DataFlow::DeduplicatePathGraph + +from PathNode source, PathNode sink, string type where - ( - cfg instanceof SqlInjection::Configuration and type = "string" - or - cfg instanceof NosqlInjection::Configuration and type = "object" - ) and - cfg.hasFlowPath(source, sink) + Sql::SqlInjectionFlow::flowPath(source.getAnOriginalPathNode().asPathNode1(), + sink.getAnOriginalPathNode().asPathNode1()) and + type = "string" + or + Nosql::NosqlInjectionFlow::flowPath(source.getAnOriginalPathNode().asPathNode2(), + sink.getAnOriginalPathNode().asPathNode2()) and + type = "object" select sink.getNode(), source, sink, "This query " + type + " depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-094/CodeInjection.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-094/CodeInjection.ql index 89d7d253f413..34ebe06f68c1 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-094/CodeInjection.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-094/CodeInjection.ql @@ -17,10 +17,10 @@ import javascript import semmle.javascript.security.dataflow.CodeInjectionQuery -import DataFlow::PathGraph +import CodeInjectionFlow::PathGraph import semmle.javascript.heuristics.AdditionalSources -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource +from CodeInjectionFlow::PathNode source, CodeInjectionFlow::PathNode sink +where CodeInjectionFlow::flowPath(source, sink) and source.getNode() instanceof HeuristicSource select sink.getNode(), source, sink, sink.getNode().(Sink).getMessagePrefix() + " depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-117/LogInjection.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-117/LogInjection.ql index 534de9167725..8d9eca39be52 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-117/LogInjection.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-117/LogInjection.ql @@ -13,11 +13,11 @@ */ import javascript -import DataFlow::PathGraph import semmle.javascript.security.dataflow.LogInjectionQuery import semmle.javascript.heuristics.AdditionalSources +import LogInjectionFlow::PathGraph -from LogInjectionConfiguration config, DataFlow::PathNode source, DataFlow::PathNode sink -where config.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource +from LogInjectionFlow::PathNode source, LogInjectionFlow::PathNode sink +where LogInjectionFlow::flowPath(source, sink) and source.getNode() instanceof HeuristicSource select sink.getNode(), source, sink, "Log entry depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-134/TaintedFormatString.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-134/TaintedFormatString.ql index 883f8292c758..8ba7a1273eae 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-134/TaintedFormatString.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-134/TaintedFormatString.ql @@ -13,10 +13,11 @@ import javascript import semmle.javascript.security.dataflow.TaintedFormatStringQuery -import DataFlow::PathGraph +import TaintedFormatStringFlow::PathGraph import semmle.javascript.heuristics.AdditionalSources -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource +from TaintedFormatStringFlow::PathNode source, TaintedFormatStringFlow::PathNode sink +where + TaintedFormatStringFlow::flowPath(source, sink) and source.getNode() instanceof HeuristicSource select sink.getNode(), source, sink, "Format string depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql index 3448e4e99b62..02677fd6a9ec 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-346/CorsMisconfigurationForCredentials.ql @@ -15,11 +15,12 @@ import javascript import semmle.javascript.security.dataflow.CorsMisconfigurationForCredentialsQuery -import DataFlow::PathGraph import semmle.javascript.heuristics.AdditionalSources +import CorsMisconfigurationFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource +from CorsMisconfigurationFlow::PathNode source, CorsMisconfigurationFlow::PathNode sink +where + CorsMisconfigurationFlow::flowPath(source, sink) and source.getNode() instanceof HeuristicSource select sink.getNode(), source, sink, "$@ leak vulnerability due to a $@.", sink.getNode().(Sink).getCredentialsHeader(), "Credential", source.getNode(), "misconfigured CORS header value" diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-400/RemotePropertyInjection.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-400/RemotePropertyInjection.ql index fd707ae8faa4..7118c49f2e22 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-400/RemotePropertyInjection.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-400/RemotePropertyInjection.ql @@ -15,10 +15,12 @@ import javascript import semmle.javascript.security.dataflow.RemotePropertyInjectionQuery -import DataFlow::PathGraph +import RemotePropertyInjectionFlow::PathGraph import semmle.javascript.heuristics.AdditionalSources -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource +from RemotePropertyInjectionFlow::PathNode source, RemotePropertyInjectionFlow::PathNode sink +where + RemotePropertyInjectionFlow::flowPath(source, sink) and + source.getNode() instanceof HeuristicSource select sink.getNode(), source, sink, sink.getNode().(Sink).getMessage() + " depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-502/UnsafeDeserialization.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-502/UnsafeDeserialization.ql index 24939f49b0dc..8acde1f396e8 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-502/UnsafeDeserialization.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-502/UnsafeDeserialization.ql @@ -14,10 +14,11 @@ import javascript import semmle.javascript.security.dataflow.UnsafeDeserializationQuery -import DataFlow::PathGraph +import UnsafeDeserializationFlow::PathGraph import semmle.javascript.heuristics.AdditionalSources -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource +from UnsafeDeserializationFlow::PathNode source, UnsafeDeserializationFlow::PathNode sink +where + UnsafeDeserializationFlow::flowPath(source, sink) and source.getNode() instanceof HeuristicSource select sink.getNode(), source, sink, "Unsafe deserialization depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-611/Xxe.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-611/Xxe.ql index cbfaa33ca518..262c9d52fe04 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-611/Xxe.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-611/Xxe.ql @@ -15,11 +15,11 @@ import javascript import semmle.javascript.security.dataflow.XxeQuery -import DataFlow::PathGraph +import XxeFlow::PathGraph import semmle.javascript.heuristics.AdditionalSources -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource +from XxeFlow::PathNode source, XxeFlow::PathNode sink +where XxeFlow::flowPath(source, sink) and source.getNode() instanceof HeuristicSource select sink.getNode(), source, sink, "XML parsing depends on a $@ without guarding against external entity expansion.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-643/XpathInjection.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-643/XpathInjection.ql index 0a00511c86b6..c7cd82938ccc 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-643/XpathInjection.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-643/XpathInjection.ql @@ -14,10 +14,10 @@ import javascript import semmle.javascript.security.dataflow.XpathInjectionQuery -import DataFlow::PathGraph +import XpathInjectionFlow::PathGraph import semmle.javascript.heuristics.AdditionalSources -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource +from XpathInjectionFlow::PathNode source, XpathInjectionFlow::PathNode sink +where XpathInjectionFlow::flowPath(source, sink) and source.getNode() instanceof HeuristicSource select sink.getNode(), source, sink, "XPath expression depends on a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-730/RegExpInjection.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-730/RegExpInjection.ql index de302e53871e..b0e761257cb5 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-730/RegExpInjection.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-730/RegExpInjection.ql @@ -16,10 +16,10 @@ import javascript import semmle.javascript.security.dataflow.RegExpInjectionQuery -import DataFlow::PathGraph +import RegExpInjectionFlow::PathGraph import semmle.javascript.heuristics.AdditionalSources -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource +from RegExpInjectionFlow::PathNode source, RegExpInjectionFlow::PathNode sink +where RegExpInjectionFlow::flowPath(source, sink) and source.getNode() instanceof HeuristicSource select sink.getNode(), source, sink, "This regular expression is constructed from a $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-770/ResourceExhaustion.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-770/ResourceExhaustion.ql index 37e702b55e01..9b37ce896d18 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-770/ResourceExhaustion.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-770/ResourceExhaustion.ql @@ -14,11 +14,11 @@ */ import javascript -import DataFlow::PathGraph import semmle.javascript.security.dataflow.ResourceExhaustionQuery import semmle.javascript.heuristics.AdditionalSources +import ResourceExhaustionFlow::PathGraph -from Configuration dataflow, DataFlow::PathNode source, DataFlow::PathNode sink -where dataflow.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource +from ResourceExhaustionFlow::PathNode source, ResourceExhaustionFlow::PathNode sink +where ResourceExhaustionFlow::flowPath(source, sink) and source.getNode() instanceof HeuristicSource select sink, source, sink, sink.getNode().(Sink).getProblemDescription() + " from a $@.", source, "user-provided value" diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-776/XmlBomb.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-776/XmlBomb.ql index 1c05ba2424f0..dacaa08a1b2a 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-776/XmlBomb.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-776/XmlBomb.ql @@ -15,11 +15,11 @@ import javascript import semmle.javascript.security.dataflow.XmlBombQuery -import DataFlow::PathGraph +import XmlBombFlow::PathGraph import semmle.javascript.heuristics.AdditionalSources -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource +from XmlBombFlow::PathNode source, XmlBombFlow::PathNode sink +where XmlBombFlow::flowPath(source, sink) and source.getNode() instanceof HeuristicSource select sink.getNode(), source, sink, "XML parsing depends on a $@ without guarding against uncontrolled entity expansion.", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-807/ConditionalBypass.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-807/ConditionalBypass.ql index 6fe3ff742f3f..2980b78e1d1d 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-807/ConditionalBypass.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-807/ConditionalBypass.ql @@ -14,13 +14,15 @@ import javascript import semmle.javascript.security.dataflow.ConditionalBypassQuery -import DataFlow::PathGraph import semmle.javascript.heuristics.AdditionalSources +import ConditionalBypassFlow::PathGraph -from DataFlow::PathNode source, DataFlow::PathNode sink, SensitiveAction action +from + ConditionalBypassFlow::PathNode source, ConditionalBypassFlow::PathNode sink, + SensitiveAction action where - isTaintedGuardForSensitiveAction(sink, source, action) and - not isEarlyAbortGuard(sink, action) and + isTaintedGuardNodeForSensitiveAction(sink, source, action) and + not isEarlyAbortGuardNode(sink, action) and source.getNode() instanceof HeuristicSource select sink.getNode(), source, sink, "This condition guards a sensitive $@, but a $@ controls it.", action, "action", source.getNode(), "user-provided value" diff --git a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql index eae399ea00fe..2b619f0614e0 100644 --- a/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql +++ b/javascript/ql/src/experimental/heuristics/ql/src/Security/CWE-915/PrototypePollutingAssignment.ql @@ -20,11 +20,15 @@ import javascript import semmle.javascript.security.dataflow.PrototypePollutingAssignmentQuery -import DataFlow::PathGraph import semmle.javascript.heuristics.AdditionalSources +import PrototypePollutingAssignmentFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource +from + PrototypePollutingAssignmentFlow::PathNode source, PrototypePollutingAssignmentFlow::PathNode sink +where + PrototypePollutingAssignmentFlow::flowPath(source, sink) and + not isIgnoredLibraryFlow(source.getNode(), sink.getNode()) and + source.getNode() instanceof HeuristicSource select sink, source, sink, "This assignment may alter Object.prototype if a malicious '__proto__' string is injected from $@.", source.getNode(), source.getNode().(Source).describe() diff --git a/javascript/ql/src/meta/alerts/TaintedNodes.ql b/javascript/ql/src/meta/alerts/TaintedNodes.ql index 6bdd0a6bc307..da9f7bab6f46 100644 --- a/javascript/ql/src/meta/alerts/TaintedNodes.ql +++ b/javascript/ql/src/meta/alerts/TaintedNodes.ql @@ -12,20 +12,20 @@ import javascript import meta.internal.TaintMetrics -class BasicTaintConfiguration extends TaintTracking::Configuration { - BasicTaintConfiguration() { this = "BasicTaintConfiguration" } +module BasicTaintConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node = relevantTaintSource() } - override predicate isSource(DataFlow::Node node) { node = relevantTaintSource() } - - override predicate isSink(DataFlow::Node node) { + predicate isSink(DataFlow::Node node) { // To reduce noise from synthetic nodes, only count value nodes node instanceof DataFlow::ValueNode and not node.getFile() instanceof IgnoredFile } } +module BasicTaintFlow = TaintTracking::Global; + // Avoid linking to the source as this would upset the statistics: nodes reachable -// from multiple sources would be counted multilpe times, and that's not what we intend to measure. +// from multiple sources would be counted multiple times, and that's not what we intend to measure. from DataFlow::Node node -where any(BasicTaintConfiguration cfg).hasFlow(_, node) +where BasicTaintFlow::flowTo(node) select node, "Tainted node" diff --git a/javascript/ql/src/meta/analysis-quality/SanitizersReachableFromSource.ql b/javascript/ql/src/meta/analysis-quality/SanitizersReachableFromSource.ql index a477c8af8a95..f99d3b9a3917 100644 --- a/javascript/ql/src/meta/analysis-quality/SanitizersReachableFromSource.ql +++ b/javascript/ql/src/meta/analysis-quality/SanitizersReachableFromSource.ql @@ -11,12 +11,12 @@ import javascript import meta.internal.TaintMetrics -class BasicTaintConfiguration extends TaintTracking::Configuration { - BasicTaintConfiguration() { this = "BasicTaintConfiguration" } +module BasicTaintConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node = relevantTaintSource() } - override predicate isSource(DataFlow::Node node) { node = relevantTaintSource() } - - override predicate isSink(DataFlow::Node node) { node = relevantSanitizerInput() } + predicate isSink(DataFlow::Node node) { node = relevantSanitizerInput() } } -select projectRoot(), count(DataFlow::Node node | any(BasicTaintConfiguration cfg).hasFlow(_, node)) +module BasicTaintFlow = TaintTracking::Global; + +select projectRoot(), count(DataFlow::Node node | BasicTaintFlow::flowTo(node)) diff --git a/javascript/ql/src/meta/analysis-quality/SinksReachableFromSanitizer.ql b/javascript/ql/src/meta/analysis-quality/SinksReachableFromSanitizer.ql index e57d562aebbe..7786fce5ecef 100644 --- a/javascript/ql/src/meta/analysis-quality/SinksReachableFromSanitizer.ql +++ b/javascript/ql/src/meta/analysis-quality/SinksReachableFromSanitizer.ql @@ -11,12 +11,12 @@ import javascript import meta.internal.TaintMetrics -class BasicTaintConfiguration extends TaintTracking::Configuration { - BasicTaintConfiguration() { this = "BasicTaintConfiguration" } +module BasicTaintConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node = relevantSanitizerOutput() } - override predicate isSource(DataFlow::Node node) { node = relevantSanitizerOutput() } - - override predicate isSink(DataFlow::Node node) { node = relevantTaintSink() } + predicate isSink(DataFlow::Node node) { node = relevantTaintSink() } } -select projectRoot(), count(DataFlow::Node node | any(BasicTaintConfiguration cfg).hasFlow(_, node)) +module BasicTaintFlow = TaintTracking::Global; + +select projectRoot(), count(DataFlow::Node node | BasicTaintFlow::flowTo(node)) diff --git a/javascript/ql/src/meta/analysis-quality/TaintedNodes.ql b/javascript/ql/src/meta/analysis-quality/TaintedNodes.ql index 208a39b9ab16..7b2dfbbf6427 100644 --- a/javascript/ql/src/meta/analysis-quality/TaintedNodes.ql +++ b/javascript/ql/src/meta/analysis-quality/TaintedNodes.ql @@ -12,16 +12,16 @@ import javascript import meta.internal.TaintMetrics -class BasicTaintConfiguration extends TaintTracking::Configuration { - BasicTaintConfiguration() { this = "BasicTaintConfiguration" } +module BasicTaintConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node = relevantTaintSource() } - override predicate isSource(DataFlow::Node node) { node = relevantTaintSource() } - - override predicate isSink(DataFlow::Node node) { + predicate isSink(DataFlow::Node node) { // To reduce noise from synthetic nodes, only count value nodes node instanceof DataFlow::ValueNode and not node.getFile() instanceof IgnoredFile } } -select projectRoot(), count(DataFlow::Node node | any(BasicTaintConfiguration cfg).hasFlow(_, node)) +module BasicTaintFlow = TaintTracking::Global; + +select projectRoot(), count(DataFlow::Node node | BasicTaintFlow::flowTo(node)) diff --git a/javascript/ql/test/experimental/Security/CWE-918/SSRF.expected b/javascript/ql/test/experimental/Security/CWE-918/SSRF.expected index 848264b661b1..b2b293a6ca9a 100644 --- a/javascript/ql/test/experimental/Security/CWE-918/SSRF.expected +++ b/javascript/ql/test/experimental/Security/CWE-918/SSRF.expected @@ -1,157 +1,67 @@ -nodes -| check-domain.js:16:9:16:27 | url | -| check-domain.js:16:15:16:27 | req.query.url | -| check-domain.js:16:15:16:27 | req.query.url | -| check-domain.js:17:13:17:15 | url | -| check-domain.js:17:13:17:15 | url | -| check-domain.js:26:15:26:27 | req.query.url | -| check-domain.js:26:15:26:27 | req.query.url | -| check-domain.js:26:15:26:27 | req.query.url | -| check-middleware.js:9:13:9:43 | "test.c ... tainted | -| check-middleware.js:9:13:9:43 | "test.c ... tainted | -| check-middleware.js:9:27:9:43 | req.query.tainted | -| check-middleware.js:9:27:9:43 | req.query.tainted | -| check-path.js:19:13:19:43 | 'test.c ... tainted | -| check-path.js:19:13:19:43 | 'test.c ... tainted | -| check-path.js:19:27:19:43 | req.query.tainted | -| check-path.js:19:27:19:43 | req.query.tainted | -| check-path.js:23:13:23:45 | `/addre ... inted}` | -| check-path.js:23:13:23:45 | `/addre ... inted}` | -| check-path.js:23:27:23:43 | req.query.tainted | -| check-path.js:23:27:23:43 | req.query.tainted | -| check-path.js:33:15:33:45 | 'test.c ... tainted | -| check-path.js:33:15:33:45 | 'test.c ... tainted | -| check-path.js:33:29:33:45 | req.query.tainted | -| check-path.js:33:29:33:45 | req.query.tainted | -| check-path.js:37:15:37:45 | 'test.c ... tainted | -| check-path.js:37:15:37:45 | 'test.c ... tainted | -| check-path.js:37:29:37:45 | req.query.tainted | -| check-path.js:37:29:37:45 | req.query.tainted | -| check-path.js:45:13:45:44 | `${base ... inted}` | -| check-path.js:45:13:45:44 | `${base ... inted}` | -| check-path.js:45:26:45:42 | req.query.tainted | -| check-path.js:45:26:45:42 | req.query.tainted | -| check-regex.js:16:15:16:45 | "test.c ... tainted | -| check-regex.js:16:15:16:45 | "test.c ... tainted | -| check-regex.js:16:29:16:45 | req.query.tainted | -| check-regex.js:16:29:16:45 | req.query.tainted | -| check-regex.js:24:15:24:42 | baseURL ... tainted | -| check-regex.js:24:15:24:42 | baseURL ... tainted | -| check-regex.js:24:25:24:42 | req.params.tainted | -| check-regex.js:24:25:24:42 | req.params.tainted | -| check-regex.js:31:15:31:45 | "test.c ... tainted | -| check-regex.js:31:15:31:45 | "test.c ... tainted | -| check-regex.js:31:29:31:45 | req.query.tainted | -| check-regex.js:31:29:31:45 | req.query.tainted | -| check-regex.js:34:15:34:42 | baseURL ... tainted | -| check-regex.js:34:15:34:42 | baseURL ... tainted | -| check-regex.js:34:25:34:42 | req.params.tainted | -| check-regex.js:34:25:34:42 | req.params.tainted | -| check-regex.js:41:13:41:43 | "test.c ... tainted | -| check-regex.js:41:13:41:43 | "test.c ... tainted | -| check-regex.js:41:27:41:43 | req.query.tainted | -| check-regex.js:41:27:41:43 | req.query.tainted | -| check-validator.js:15:15:15:45 | "test.c ... tainted | -| check-validator.js:15:15:15:45 | "test.c ... tainted | -| check-validator.js:15:29:15:45 | req.query.tainted | -| check-validator.js:15:29:15:45 | req.query.tainted | -| check-validator.js:27:15:27:45 | "test.c ... tainted | -| check-validator.js:27:15:27:45 | "test.c ... tainted | -| check-validator.js:27:29:27:45 | req.query.tainted | -| check-validator.js:27:29:27:45 | req.query.tainted | -| check-validator.js:50:15:50:45 | "test.c ... tainted | -| check-validator.js:50:15:50:45 | "test.c ... tainted | -| check-validator.js:50:29:50:45 | req.query.tainted | -| check-validator.js:50:29:50:45 | req.query.tainted | -| check-validator.js:54:9:54:37 | numberURL | -| check-validator.js:54:21:54:37 | req.query.tainted | -| check-validator.js:54:21:54:37 | req.query.tainted | -| check-validator.js:59:15:59:45 | "test.c ... tainted | -| check-validator.js:59:15:59:45 | "test.c ... tainted | -| check-validator.js:59:29:59:45 | req.query.tainted | -| check-validator.js:59:29:59:45 | req.query.tainted | -| check-validator.js:62:15:62:37 | "test.c ... mberURL | -| check-validator.js:62:15:62:37 | "test.c ... mberURL | -| check-validator.js:62:29:62:37 | numberURL | -| check-validator.js:68:15:68:45 | "test.c ... tainted | -| check-validator.js:68:15:68:45 | "test.c ... tainted | -| check-validator.js:68:29:68:45 | req.query.tainted | -| check-validator.js:68:29:68:45 | req.query.tainted | edges -| check-domain.js:16:9:16:27 | url | check-domain.js:17:13:17:15 | url | -| check-domain.js:16:9:16:27 | url | check-domain.js:17:13:17:15 | url | -| check-domain.js:16:15:16:27 | req.query.url | check-domain.js:16:9:16:27 | url | -| check-domain.js:16:15:16:27 | req.query.url | check-domain.js:16:9:16:27 | url | -| check-domain.js:26:15:26:27 | req.query.url | check-domain.js:26:15:26:27 | req.query.url | -| check-middleware.js:9:27:9:43 | req.query.tainted | check-middleware.js:9:13:9:43 | "test.c ... tainted | -| check-middleware.js:9:27:9:43 | req.query.tainted | check-middleware.js:9:13:9:43 | "test.c ... tainted | -| check-middleware.js:9:27:9:43 | req.query.tainted | check-middleware.js:9:13:9:43 | "test.c ... tainted | -| check-middleware.js:9:27:9:43 | req.query.tainted | check-middleware.js:9:13:9:43 | "test.c ... tainted | -| check-path.js:19:27:19:43 | req.query.tainted | check-path.js:19:13:19:43 | 'test.c ... tainted | -| check-path.js:19:27:19:43 | req.query.tainted | check-path.js:19:13:19:43 | 'test.c ... tainted | -| check-path.js:19:27:19:43 | req.query.tainted | check-path.js:19:13:19:43 | 'test.c ... tainted | -| check-path.js:19:27:19:43 | req.query.tainted | check-path.js:19:13:19:43 | 'test.c ... tainted | -| check-path.js:23:27:23:43 | req.query.tainted | check-path.js:23:13:23:45 | `/addre ... inted}` | -| check-path.js:23:27:23:43 | req.query.tainted | check-path.js:23:13:23:45 | `/addre ... inted}` | -| check-path.js:23:27:23:43 | req.query.tainted | check-path.js:23:13:23:45 | `/addre ... inted}` | -| check-path.js:23:27:23:43 | req.query.tainted | check-path.js:23:13:23:45 | `/addre ... inted}` | -| check-path.js:33:29:33:45 | req.query.tainted | check-path.js:33:15:33:45 | 'test.c ... tainted | -| check-path.js:33:29:33:45 | req.query.tainted | check-path.js:33:15:33:45 | 'test.c ... tainted | -| check-path.js:33:29:33:45 | req.query.tainted | check-path.js:33:15:33:45 | 'test.c ... tainted | -| check-path.js:33:29:33:45 | req.query.tainted | check-path.js:33:15:33:45 | 'test.c ... tainted | -| check-path.js:37:29:37:45 | req.query.tainted | check-path.js:37:15:37:45 | 'test.c ... tainted | -| check-path.js:37:29:37:45 | req.query.tainted | check-path.js:37:15:37:45 | 'test.c ... tainted | -| check-path.js:37:29:37:45 | req.query.tainted | check-path.js:37:15:37:45 | 'test.c ... tainted | -| check-path.js:37:29:37:45 | req.query.tainted | check-path.js:37:15:37:45 | 'test.c ... tainted | -| check-path.js:45:26:45:42 | req.query.tainted | check-path.js:45:13:45:44 | `${base ... inted}` | -| check-path.js:45:26:45:42 | req.query.tainted | check-path.js:45:13:45:44 | `${base ... inted}` | -| check-path.js:45:26:45:42 | req.query.tainted | check-path.js:45:13:45:44 | `${base ... inted}` | -| check-path.js:45:26:45:42 | req.query.tainted | check-path.js:45:13:45:44 | `${base ... inted}` | -| check-regex.js:16:29:16:45 | req.query.tainted | check-regex.js:16:15:16:45 | "test.c ... tainted | -| check-regex.js:16:29:16:45 | req.query.tainted | check-regex.js:16:15:16:45 | "test.c ... tainted | -| check-regex.js:16:29:16:45 | req.query.tainted | check-regex.js:16:15:16:45 | "test.c ... tainted | -| check-regex.js:16:29:16:45 | req.query.tainted | check-regex.js:16:15:16:45 | "test.c ... tainted | -| check-regex.js:24:25:24:42 | req.params.tainted | check-regex.js:24:15:24:42 | baseURL ... tainted | -| check-regex.js:24:25:24:42 | req.params.tainted | check-regex.js:24:15:24:42 | baseURL ... tainted | -| check-regex.js:24:25:24:42 | req.params.tainted | check-regex.js:24:15:24:42 | baseURL ... tainted | -| check-regex.js:24:25:24:42 | req.params.tainted | check-regex.js:24:15:24:42 | baseURL ... tainted | -| check-regex.js:31:29:31:45 | req.query.tainted | check-regex.js:31:15:31:45 | "test.c ... tainted | -| check-regex.js:31:29:31:45 | req.query.tainted | check-regex.js:31:15:31:45 | "test.c ... tainted | -| check-regex.js:31:29:31:45 | req.query.tainted | check-regex.js:31:15:31:45 | "test.c ... tainted | -| check-regex.js:31:29:31:45 | req.query.tainted | check-regex.js:31:15:31:45 | "test.c ... tainted | -| check-regex.js:34:25:34:42 | req.params.tainted | check-regex.js:34:15:34:42 | baseURL ... tainted | -| check-regex.js:34:25:34:42 | req.params.tainted | check-regex.js:34:15:34:42 | baseURL ... tainted | -| check-regex.js:34:25:34:42 | req.params.tainted | check-regex.js:34:15:34:42 | baseURL ... tainted | -| check-regex.js:34:25:34:42 | req.params.tainted | check-regex.js:34:15:34:42 | baseURL ... tainted | -| check-regex.js:41:27:41:43 | req.query.tainted | check-regex.js:41:13:41:43 | "test.c ... tainted | -| check-regex.js:41:27:41:43 | req.query.tainted | check-regex.js:41:13:41:43 | "test.c ... tainted | -| check-regex.js:41:27:41:43 | req.query.tainted | check-regex.js:41:13:41:43 | "test.c ... tainted | -| check-regex.js:41:27:41:43 | req.query.tainted | check-regex.js:41:13:41:43 | "test.c ... tainted | -| check-validator.js:15:29:15:45 | req.query.tainted | check-validator.js:15:15:15:45 | "test.c ... tainted | -| check-validator.js:15:29:15:45 | req.query.tainted | check-validator.js:15:15:15:45 | "test.c ... tainted | -| check-validator.js:15:29:15:45 | req.query.tainted | check-validator.js:15:15:15:45 | "test.c ... tainted | -| check-validator.js:15:29:15:45 | req.query.tainted | check-validator.js:15:15:15:45 | "test.c ... tainted | -| check-validator.js:27:29:27:45 | req.query.tainted | check-validator.js:27:15:27:45 | "test.c ... tainted | -| check-validator.js:27:29:27:45 | req.query.tainted | check-validator.js:27:15:27:45 | "test.c ... tainted | -| check-validator.js:27:29:27:45 | req.query.tainted | check-validator.js:27:15:27:45 | "test.c ... tainted | -| check-validator.js:27:29:27:45 | req.query.tainted | check-validator.js:27:15:27:45 | "test.c ... tainted | -| check-validator.js:50:29:50:45 | req.query.tainted | check-validator.js:50:15:50:45 | "test.c ... tainted | -| check-validator.js:50:29:50:45 | req.query.tainted | check-validator.js:50:15:50:45 | "test.c ... tainted | -| check-validator.js:50:29:50:45 | req.query.tainted | check-validator.js:50:15:50:45 | "test.c ... tainted | -| check-validator.js:50:29:50:45 | req.query.tainted | check-validator.js:50:15:50:45 | "test.c ... tainted | -| check-validator.js:54:9:54:37 | numberURL | check-validator.js:62:29:62:37 | numberURL | -| check-validator.js:54:21:54:37 | req.query.tainted | check-validator.js:54:9:54:37 | numberURL | -| check-validator.js:54:21:54:37 | req.query.tainted | check-validator.js:54:9:54:37 | numberURL | -| check-validator.js:59:29:59:45 | req.query.tainted | check-validator.js:59:15:59:45 | "test.c ... tainted | -| check-validator.js:59:29:59:45 | req.query.tainted | check-validator.js:59:15:59:45 | "test.c ... tainted | -| check-validator.js:59:29:59:45 | req.query.tainted | check-validator.js:59:15:59:45 | "test.c ... tainted | -| check-validator.js:59:29:59:45 | req.query.tainted | check-validator.js:59:15:59:45 | "test.c ... tainted | -| check-validator.js:62:29:62:37 | numberURL | check-validator.js:62:15:62:37 | "test.c ... mberURL | -| check-validator.js:62:29:62:37 | numberURL | check-validator.js:62:15:62:37 | "test.c ... mberURL | -| check-validator.js:68:29:68:45 | req.query.tainted | check-validator.js:68:15:68:45 | "test.c ... tainted | -| check-validator.js:68:29:68:45 | req.query.tainted | check-validator.js:68:15:68:45 | "test.c ... tainted | -| check-validator.js:68:29:68:45 | req.query.tainted | check-validator.js:68:15:68:45 | "test.c ... tainted | -| check-validator.js:68:29:68:45 | req.query.tainted | check-validator.js:68:15:68:45 | "test.c ... tainted | +| check-domain.js:16:9:16:27 | url | check-domain.js:17:13:17:15 | url | provenance | | +| check-domain.js:16:15:16:27 | req.query.url | check-domain.js:16:9:16:27 | url | provenance | | +| check-middleware.js:9:27:9:43 | req.query.tainted | check-middleware.js:9:13:9:43 | "test.c ... tainted | provenance | | +| check-path.js:19:27:19:43 | req.query.tainted | check-path.js:19:13:19:43 | 'test.c ... tainted | provenance | | +| check-path.js:23:27:23:43 | req.query.tainted | check-path.js:23:13:23:45 | `/addre ... inted}` | provenance | | +| check-path.js:33:29:33:45 | req.query.tainted | check-path.js:33:15:33:45 | 'test.c ... tainted | provenance | | +| check-path.js:37:29:37:45 | req.query.tainted | check-path.js:37:15:37:45 | 'test.c ... tainted | provenance | | +| check-path.js:45:26:45:42 | req.query.tainted | check-path.js:45:13:45:44 | `${base ... inted}` | provenance | | +| check-regex.js:16:29:16:45 | req.query.tainted | check-regex.js:16:15:16:45 | "test.c ... tainted | provenance | | +| check-regex.js:24:25:24:42 | req.params.tainted | check-regex.js:24:15:24:42 | baseURL ... tainted | provenance | | +| check-regex.js:31:29:31:45 | req.query.tainted | check-regex.js:31:15:31:45 | "test.c ... tainted | provenance | | +| check-regex.js:34:25:34:42 | req.params.tainted | check-regex.js:34:15:34:42 | baseURL ... tainted | provenance | | +| check-regex.js:41:27:41:43 | req.query.tainted | check-regex.js:41:13:41:43 | "test.c ... tainted | provenance | | +| check-validator.js:15:29:15:45 | req.query.tainted | check-validator.js:15:15:15:45 | "test.c ... tainted | provenance | | +| check-validator.js:27:29:27:45 | req.query.tainted | check-validator.js:27:15:27:45 | "test.c ... tainted | provenance | | +| check-validator.js:50:29:50:45 | req.query.tainted | check-validator.js:50:15:50:45 | "test.c ... tainted | provenance | | +| check-validator.js:54:9:54:37 | numberURL | check-validator.js:62:29:62:37 | numberURL | provenance | | +| check-validator.js:54:21:54:37 | req.query.tainted | check-validator.js:54:9:54:37 | numberURL | provenance | | +| check-validator.js:59:29:59:45 | req.query.tainted | check-validator.js:59:15:59:45 | "test.c ... tainted | provenance | | +| check-validator.js:62:29:62:37 | numberURL | check-validator.js:62:15:62:37 | "test.c ... mberURL | provenance | | +| check-validator.js:68:29:68:45 | req.query.tainted | check-validator.js:68:15:68:45 | "test.c ... tainted | provenance | | +nodes +| check-domain.js:16:9:16:27 | url | semmle.label | url | +| check-domain.js:16:15:16:27 | req.query.url | semmle.label | req.query.url | +| check-domain.js:17:13:17:15 | url | semmle.label | url | +| check-domain.js:26:15:26:27 | req.query.url | semmle.label | req.query.url | +| check-middleware.js:9:13:9:43 | "test.c ... tainted | semmle.label | "test.c ... tainted | +| check-middleware.js:9:27:9:43 | req.query.tainted | semmle.label | req.query.tainted | +| check-path.js:19:13:19:43 | 'test.c ... tainted | semmle.label | 'test.c ... tainted | +| check-path.js:19:27:19:43 | req.query.tainted | semmle.label | req.query.tainted | +| check-path.js:23:13:23:45 | `/addre ... inted}` | semmle.label | `/addre ... inted}` | +| check-path.js:23:27:23:43 | req.query.tainted | semmle.label | req.query.tainted | +| check-path.js:33:15:33:45 | 'test.c ... tainted | semmle.label | 'test.c ... tainted | +| check-path.js:33:29:33:45 | req.query.tainted | semmle.label | req.query.tainted | +| check-path.js:37:15:37:45 | 'test.c ... tainted | semmle.label | 'test.c ... tainted | +| check-path.js:37:29:37:45 | req.query.tainted | semmle.label | req.query.tainted | +| check-path.js:45:13:45:44 | `${base ... inted}` | semmle.label | `${base ... inted}` | +| check-path.js:45:26:45:42 | req.query.tainted | semmle.label | req.query.tainted | +| check-regex.js:16:15:16:45 | "test.c ... tainted | semmle.label | "test.c ... tainted | +| check-regex.js:16:29:16:45 | req.query.tainted | semmle.label | req.query.tainted | +| check-regex.js:24:15:24:42 | baseURL ... tainted | semmle.label | baseURL ... tainted | +| check-regex.js:24:25:24:42 | req.params.tainted | semmle.label | req.params.tainted | +| check-regex.js:31:15:31:45 | "test.c ... tainted | semmle.label | "test.c ... tainted | +| check-regex.js:31:29:31:45 | req.query.tainted | semmle.label | req.query.tainted | +| check-regex.js:34:15:34:42 | baseURL ... tainted | semmle.label | baseURL ... tainted | +| check-regex.js:34:25:34:42 | req.params.tainted | semmle.label | req.params.tainted | +| check-regex.js:41:13:41:43 | "test.c ... tainted | semmle.label | "test.c ... tainted | +| check-regex.js:41:27:41:43 | req.query.tainted | semmle.label | req.query.tainted | +| check-validator.js:15:15:15:45 | "test.c ... tainted | semmle.label | "test.c ... tainted | +| check-validator.js:15:29:15:45 | req.query.tainted | semmle.label | req.query.tainted | +| check-validator.js:27:15:27:45 | "test.c ... tainted | semmle.label | "test.c ... tainted | +| check-validator.js:27:29:27:45 | req.query.tainted | semmle.label | req.query.tainted | +| check-validator.js:50:15:50:45 | "test.c ... tainted | semmle.label | "test.c ... tainted | +| check-validator.js:50:29:50:45 | req.query.tainted | semmle.label | req.query.tainted | +| check-validator.js:54:9:54:37 | numberURL | semmle.label | numberURL | +| check-validator.js:54:21:54:37 | req.query.tainted | semmle.label | req.query.tainted | +| check-validator.js:59:15:59:45 | "test.c ... tainted | semmle.label | "test.c ... tainted | +| check-validator.js:59:29:59:45 | req.query.tainted | semmle.label | req.query.tainted | +| check-validator.js:62:15:62:37 | "test.c ... mberURL | semmle.label | "test.c ... mberURL | +| check-validator.js:62:29:62:37 | numberURL | semmle.label | numberURL | +| check-validator.js:68:15:68:45 | "test.c ... tainted | semmle.label | "test.c ... tainted | +| check-validator.js:68:29:68:45 | req.query.tainted | semmle.label | req.query.tainted | +subpaths #select | check-domain.js:17:13:17:15 | url | check-domain.js:16:15:16:27 | req.query.url | check-domain.js:17:13:17:15 | url | The URL of this request depends on a user-provided value. | | check-domain.js:26:15:26:27 | req.query.url | check-domain.js:26:15:26:27 | req.query.url | check-domain.js:26:15:26:27 | req.query.url | The URL of this request depends on a user-provided value. | diff --git a/javascript/ql/test/library-tests/Arrays/DataFlow.expected b/javascript/ql/test/library-tests/Arrays/DataFlow.expected index 6de9bf77257a..340f5dbe2302 100644 --- a/javascript/ql/test/library-tests/Arrays/DataFlow.expected +++ b/javascript/ql/test/library-tests/Arrays/DataFlow.expected @@ -1,9 +1,11 @@ +legacyDataFlowDifference +| arrays.js:2:16:2:23 | "source" | arrays.js:39:8:39:24 | arr4_spread.pop() | only flow with OLD data flow library | +flow | arrays.js:2:16:2:23 | "source" | arrays.js:5:8:5:14 | obj.foo | | arrays.js:2:16:2:23 | "source" | arrays.js:11:10:11:15 | arr[i] | | arrays.js:2:16:2:23 | "source" | arrays.js:15:27:15:27 | e | | arrays.js:2:16:2:23 | "source" | arrays.js:16:23:16:23 | e | | arrays.js:2:16:2:23 | "source" | arrays.js:20:8:20:16 | arr.pop() | -| arrays.js:2:16:2:23 | "source" | arrays.js:39:8:39:24 | arr4_spread.pop() | | arrays.js:2:16:2:23 | "source" | arrays.js:61:10:61:10 | x | | arrays.js:2:16:2:23 | "source" | arrays.js:65:10:65:10 | x | | arrays.js:2:16:2:23 | "source" | arrays.js:69:10:69:10 | x | diff --git a/javascript/ql/test/library-tests/Arrays/DataFlow.ql b/javascript/ql/test/library-tests/Arrays/DataFlow.ql index 80c9f068a10f..dab899b56b07 100644 --- a/javascript/ql/test/library-tests/Arrays/DataFlow.ql +++ b/javascript/ql/test/library-tests/Arrays/DataFlow.ql @@ -1,15 +1,23 @@ import javascript -class ArrayFlowConfig extends DataFlow::Configuration { - ArrayFlowConfig() { this = "ArrayFlowConfig" } +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.asExpr().getStringValue() = "source" } - override predicate isSource(DataFlow::Node source) { source.asExpr().getStringValue() = "source" } - - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { sink = any(DataFlow::CallNode call | call.getCalleeName() = "sink").getAnArgument() } } -from ArrayFlowConfig config, DataFlow::Node src, DataFlow::Node snk -where config.hasFlow(src, snk) -select src, snk +module TestFlow = DataFlow::Global; + +class LegacyConfig extends DataFlow::Configuration { + LegacyConfig() { this = "LegacyConfig" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } +} + +import testUtilities.LegacyDataFlowDiff::DataFlowDiff + +query predicate flow = TestFlow::flow/2; diff --git a/javascript/ql/test/library-tests/Arrays/TaintFlow.expected b/javascript/ql/test/library-tests/Arrays/TaintFlow.expected index 6f62ae76f152..0f246a750bc9 100644 --- a/javascript/ql/test/library-tests/Arrays/TaintFlow.expected +++ b/javascript/ql/test/library-tests/Arrays/TaintFlow.expected @@ -1,9 +1,11 @@ +legacyDataFlowDifference +| arrays.js:2:16:2:23 | "source" | arrays.js:39:8:39:24 | arr4_spread.pop() | only flow with OLD data flow library | +flow | arrays.js:2:16:2:23 | "source" | arrays.js:5:8:5:14 | obj.foo | | arrays.js:2:16:2:23 | "source" | arrays.js:11:10:11:15 | arr[i] | | arrays.js:2:16:2:23 | "source" | arrays.js:15:27:15:27 | e | | arrays.js:2:16:2:23 | "source" | arrays.js:16:23:16:23 | e | | arrays.js:2:16:2:23 | "source" | arrays.js:20:8:20:16 | arr.pop() | -| arrays.js:2:16:2:23 | "source" | arrays.js:39:8:39:24 | arr4_spread.pop() | | arrays.js:2:16:2:23 | "source" | arrays.js:58:8:58:13 | arr[0] | | arrays.js:2:16:2:23 | "source" | arrays.js:61:10:61:10 | x | | arrays.js:2:16:2:23 | "source" | arrays.js:65:10:65:10 | x | diff --git a/javascript/ql/test/library-tests/Arrays/TaintFlow.ql b/javascript/ql/test/library-tests/Arrays/TaintFlow.ql index cee2f294a349..8e0763c8a394 100644 --- a/javascript/ql/test/library-tests/Arrays/TaintFlow.ql +++ b/javascript/ql/test/library-tests/Arrays/TaintFlow.ql @@ -1,15 +1,23 @@ import javascript -class ArrayTaintFlowConfig extends TaintTracking::Configuration { - ArrayTaintFlowConfig() { this = "ArrayTaintFlowConfig" } +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.asExpr().getStringValue() = "source" } - override predicate isSource(DataFlow::Node source) { source.asExpr().getStringValue() = "source" } - - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { sink = any(DataFlow::CallNode call | call.getCalleeName() = "sink").getAnArgument() } } -from ArrayTaintFlowConfig config, DataFlow::Node src, DataFlow::Node snk -where config.hasFlow(src, snk) -select src, snk +module TestFlow = TaintTracking::Global; + +class LegacyConfig extends TaintTracking::Configuration { + LegacyConfig() { this = "LegacyConfig" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } +} + +import testUtilities.LegacyDataFlowDiff::DataFlowDiff + +query predicate flow = TestFlow::flow/2; diff --git a/javascript/ql/test/library-tests/Barriers/SimpleBarrierGuard.expected b/javascript/ql/test/library-tests/Barriers/SimpleBarrierGuard.expected index 437c60684f8d..ef95465e01a6 100644 --- a/javascript/ql/test/library-tests/Barriers/SimpleBarrierGuard.expected +++ b/javascript/ql/test/library-tests/Barriers/SimpleBarrierGuard.expected @@ -1,3 +1,5 @@ -| tst.js:4:10:4:10 | x | tst.js:2:13:2:20 | SOURCE() | -| tst.js:9:14:9:14 | x | tst.js:2:13:2:20 | SOURCE() | -| tst.js:12:10:12:10 | x | tst.js:2:13:2:20 | SOURCE() | +legacyDataFlowDifference +flow +| tst.js:2:13:2:20 | SOURCE() | tst.js:4:10:4:10 | x | +| tst.js:2:13:2:20 | SOURCE() | tst.js:9:14:9:14 | x | +| tst.js:2:13:2:20 | SOURCE() | tst.js:12:10:12:10 | x | diff --git a/javascript/ql/test/library-tests/Barriers/SimpleBarrierGuard.ql b/javascript/ql/test/library-tests/Barriers/SimpleBarrierGuard.ql index 595d7797d36f..a548e99a1ff4 100644 --- a/javascript/ql/test/library-tests/Barriers/SimpleBarrierGuard.ql +++ b/javascript/ql/test/library-tests/Barriers/SimpleBarrierGuard.ql @@ -1,33 +1,47 @@ import javascript -class Configuration extends DataFlow::Configuration { - Configuration() { this = "SimpleBarrierGuard" } - - override predicate isSource(DataFlow::Node source) { +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.(DataFlow::InvokeNode).getCalleeName() = "SOURCE" } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { exists(DataFlow::InvokeNode call | call.getCalleeName() = "SINK" and sink = call.getArgument(0) ) } - override predicate isBarrierGuard(DataFlow::BarrierGuardNode guard) { - guard instanceof SimpleBarrierGuardNode + predicate isBarrier(DataFlow::Node node) { + node = DataFlow::MakeBarrierGuard::getABarrierNode() } } +module TestFlow = DataFlow::Global; + class SimpleBarrierGuardNode extends DataFlow::BarrierGuardNode, DataFlow::InvokeNode { SimpleBarrierGuardNode() { this.getCalleeName() = "BARRIER" } - override predicate blocks(boolean outcome, Expr e) { + override predicate blocks(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + + predicate blocksExpr(boolean outcome, Expr e) { outcome = true and e = this.getArgument(0).asExpr() } } -from Configuration cfg, DataFlow::Node source, DataFlow::Node sink -where cfg.hasFlow(source, sink) -select sink, source +class LegacyConfig extends DataFlow::Configuration { + LegacyConfig() { this = "LegacyConfig" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } + + override predicate isBarrierGuard(DataFlow::BarrierGuardNode guard) { + guard instanceof SimpleBarrierGuardNode + } +} + +import testUtilities.LegacyDataFlowDiff::DataFlowDiff + +query predicate flow = TestFlow::flow/2; diff --git a/javascript/ql/test/library-tests/Classes/tests.expected b/javascript/ql/test/library-tests/Classes/tests.expected index 1d4cce399def..aadd449349c2 100644 --- a/javascript/ql/test/library-tests/Classes/tests.expected +++ b/javascript/ql/test/library-tests/Classes/tests.expected @@ -1,3 +1,4 @@ +legacyDataFlowDifference test_FieldInits | dataflow.js:5:3:5:17 | #priv = source; | dataflow.js:5:11:5:16 | source | | fields.js:3:3:3:8 | y = 42 | fields.js:3:7:3:8 | 42 | @@ -287,9 +288,6 @@ getAccessModifier | tst.js:12:3:12:8 | m() {} | tst.js:12:3:12:3 | m | Public | | tst.js:13:3:13:10 | [m]() {} | tst.js:13:4:13:4 | m | Public | | tst.js:17:3:17:20 | m() { return 42; } | tst.js:17:3:17:3 | m | Public | -dataflow -| dataflow.js:2:15:2:22 | "source" | dataflow.js:14:7:14:25 | new Foo().getPriv() | -| dataflow.js:2:15:2:22 | "source" | dataflow.js:16:7:16:33 | new Foo ... ivate() | staticInitializer | staticInitializer.js:1:1:18:1 | class M ... ;\\n }\\n} | staticInitializer.js:6:10:8:3 | {\\n M ... 3;\\n } | | staticInitializer.js:1:1:18:1 | class M ... ;\\n }\\n} | staticInitializer.js:15:10:17:3 | {\\n t ... 6;\\n } | @@ -312,3 +310,6 @@ privateIdentifier | privateFields.js:37:12:37:17 | #brand | | privateFields.js:37:29:37:35 | #method | | privateFields.js:37:47:37:53 | #getter | +dataflow +| dataflow.js:2:15:2:22 | "source" | dataflow.js:14:7:14:25 | new Foo().getPriv() | +| dataflow.js:2:15:2:22 | "source" | dataflow.js:16:7:16:33 | new Foo ... ivate() | diff --git a/javascript/ql/test/library-tests/Classes/tests.ql b/javascript/ql/test/library-tests/Classes/tests.ql index cd236367152d..d01f8f6f6408 100644 --- a/javascript/ql/test/library-tests/Classes/tests.ql +++ b/javascript/ql/test/library-tests/Classes/tests.ql @@ -57,22 +57,30 @@ query string getAccessModifier(DataFlow::PropRef ref, Expr prop) { if ref.isPrivateField() then result = "Private" else result = "Public" } -class Configuration extends DataFlow::Configuration { - Configuration() { this = "ClassDataFlowTestingConfig" } - - override predicate isSource(DataFlow::Node source) { +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.getEnclosingExpr().(StringLiteral).getValue().toLowerCase() = "source" } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { any(DataFlow::CallNode call | call.getCalleeName() = "sink").getAnArgument() = sink } } -query predicate dataflow(DataFlow::Node pred, DataFlow::Node succ) { - any(Configuration c).hasFlow(pred, succ) +module TestFlow = DataFlow::Global; + +class LegacyConfig extends DataFlow::Configuration { + LegacyConfig() { this = "LegacyConfig" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } } +import testUtilities.LegacyDataFlowDiff::DataFlowDiff + +query predicate dataflow = TestFlow::flow/2; + query BlockStmt staticInitializer(ClassDefinition cd) { result = cd.getAStaticInitializerBlock() } query Identifier privateIdentifier() { result.getName().matches("#%") } diff --git a/javascript/ql/test/library-tests/CustomLoadStoreSteps/test.ql b/javascript/ql/test/library-tests/CustomLoadStoreSteps/test.ql index 2c56d41ab4d5..c6721b522171 100644 --- a/javascript/ql/test/library-tests/CustomLoadStoreSteps/test.ql +++ b/javascript/ql/test/library-tests/CustomLoadStoreSteps/test.ql @@ -1,5 +1,6 @@ import javascript +// Note: this test has not been ported to ConfigSig, because isAdditionalLoadStep has no equivalent there class Configuration extends TaintTracking::Configuration { Configuration() { this = "PromiseFlowTestingConfig" } diff --git a/javascript/ql/test/library-tests/DataFlow/tests.expected b/javascript/ql/test/library-tests/DataFlow/tests.expected index d4c55bdd8a10..3b127d2dfa0e 100644 --- a/javascript/ql/test/library-tests/DataFlow/tests.expected +++ b/javascript/ql/test/library-tests/DataFlow/tests.expected @@ -16,12 +16,14 @@ basicBlock | arguments.js:1:1:12:4 | exceptional return of (functi ... );\\n})() | arguments.js:1:1:1:0 | entry node of | | arguments.js:1:2:1:1 | this | arguments.js:1:2:1:1 | entry node of functio ... , 3);\\n} | | arguments.js:1:2:12:1 | 'arguments' object of anonymous function | arguments.js:1:2:1:1 | entry node of functio ... , 3);\\n} | +| arguments.js:1:2:12:1 | [function self-reference] functio ... , 3);\\n} | arguments.js:1:2:1:1 | entry node of functio ... , 3);\\n} | | arguments.js:1:2:12:1 | exceptional return of anonymous function | arguments.js:1:2:1:1 | entry node of functio ... , 3);\\n} | | arguments.js:1:2:12:1 | functio ... , 3);\\n} | arguments.js:1:1:1:0 | entry node of | | arguments.js:1:2:12:1 | return of anonymous function | arguments.js:1:2:1:1 | entry node of functio ... , 3);\\n} | | arguments.js:2:5:2:4 | this | arguments.js:2:5:2:4 | entry node of functio ... ;\\n } | | arguments.js:2:5:2:5 | arguments | arguments.js:2:5:2:4 | entry node of functio ... ;\\n } | | arguments.js:2:5:10:5 | 'arguments' object of function f | arguments.js:2:5:2:4 | entry node of functio ... ;\\n } | +| arguments.js:2:5:10:5 | [function self-reference] functio ... ;\\n } | arguments.js:2:5:2:4 | entry node of functio ... ;\\n } | | arguments.js:2:5:10:5 | exceptional return of function f | arguments.js:2:5:2:4 | entry node of functio ... ;\\n } | | arguments.js:2:5:10:5 | functio ... ;\\n } | arguments.js:1:2:1:1 | entry node of functio ... , 3);\\n} | | arguments.js:2:5:10:5 | return of function f | arguments.js:2:5:2:4 | entry node of functio ... ;\\n } | @@ -69,6 +71,7 @@ basicBlock | eval.js:1:1:1:0 | this | eval.js:1:1:1:0 | entry node of | | eval.js:1:1:1:0 | this | eval.js:1:1:1:0 | entry node of functio ... eval`\\n} | | eval.js:1:1:5:1 | 'arguments' object of function k | eval.js:1:1:1:0 | entry node of functio ... eval`\\n} | +| eval.js:1:1:5:1 | [function self-reference] functio ... eval`\\n} | eval.js:1:1:1:0 | entry node of functio ... eval`\\n} | | eval.js:1:1:5:1 | exceptional return of function k | eval.js:1:1:1:0 | entry node of functio ... eval`\\n} | | eval.js:1:1:5:1 | functio ... eval`\\n} | eval.js:1:1:1:0 | entry node of | | eval.js:1:1:5:1 | return of function k | eval.js:1:1:1:0 | entry node of functio ... eval`\\n} | @@ -89,6 +92,7 @@ basicBlock | sources.js:1:6:1:6 | x | sources.js:1:6:1:5 | entry node of x => x | | sources.js:1:6:1:6 | x | sources.js:1:6:1:5 | entry node of x => x | | sources.js:1:6:1:11 | 'arguments' object of anonymous function | sources.js:1:6:1:5 | entry node of x => x | +| sources.js:1:6:1:11 | [function self-reference] x => x | sources.js:1:6:1:5 | entry node of x => x | | sources.js:1:6:1:11 | exceptional return of anonymous function | sources.js:1:6:1:5 | entry node of x => x | | sources.js:1:6:1:11 | return of anonymous function | sources.js:1:6:1:5 | entry node of x => x | | sources.js:1:6:1:11 | x => x | sources.js:1:1:1:0 | entry node of | @@ -98,6 +102,7 @@ basicBlock | sources.js:3:1:5:6 | exceptional return of (functi ... \\n})(23) | sources.js:1:1:1:0 | entry node of | | sources.js:3:2:3:1 | this | sources.js:3:2:3:1 | entry node of functio ... x+19;\\n} | | sources.js:3:2:5:1 | 'arguments' object of anonymous function | sources.js:3:2:3:1 | entry node of functio ... x+19;\\n} | +| sources.js:3:2:5:1 | [function self-reference] functio ... x+19;\\n} | sources.js:3:2:3:1 | entry node of functio ... x+19;\\n} | | sources.js:3:2:5:1 | exceptional return of anonymous function | sources.js:3:2:3:1 | entry node of functio ... x+19;\\n} | | sources.js:3:2:5:1 | functio ... x+19;\\n} | sources.js:1:1:1:0 | entry node of | | sources.js:3:2:5:1 | return of anonymous function | sources.js:3:2:3:1 | entry node of functio ... x+19;\\n} | @@ -110,6 +115,7 @@ basicBlock | sources.js:7:1:7:3 | /x/ | sources.js:1:1:1:0 | entry node of | | sources.js:9:1:9:0 | this | sources.js:9:1:9:0 | entry node of functio ... ey; }\\n} | | sources.js:9:1:12:1 | 'arguments' object of function foo | sources.js:9:1:9:0 | entry node of functio ... ey; }\\n} | +| sources.js:9:1:12:1 | [function self-reference] functio ... ey; }\\n} | sources.js:9:1:9:0 | entry node of functio ... ey; }\\n} | | sources.js:9:1:12:1 | exceptional return of function foo | sources.js:12:2:12:1 | exit node of functio ... ey; }\\n} | | sources.js:9:1:12:1 | functio ... ey; }\\n} | sources.js:1:1:1:0 | entry node of | | sources.js:9:1:12:1 | return of function foo | sources.js:12:2:12:1 | exit node of functio ... ey; }\\n} | @@ -147,6 +153,7 @@ basicBlock | tst2.ts:7:1:7:0 | A | tst2.ts:7:1:7:0 | entry node of functio ... = 23;\\n} | | tst2.ts:7:1:7:0 | this | tst2.ts:7:1:7:0 | entry node of functio ... = 23;\\n} | | tst2.ts:7:1:9:1 | 'arguments' object of function setX | tst2.ts:7:1:7:0 | entry node of functio ... = 23;\\n} | +| tst2.ts:7:1:9:1 | [function self-reference] functio ... = 23;\\n} | tst2.ts:7:1:7:0 | entry node of functio ... = 23;\\n} | | tst2.ts:7:1:9:1 | exceptional return of function setX | tst2.ts:7:1:7:0 | entry node of functio ... = 23;\\n} | | tst2.ts:7:1:9:1 | functio ... = 23;\\n} | tst2.ts:1:1:1:0 | entry node of | | tst2.ts:7:1:9:1 | return of function setX | tst2.ts:7:1:7:0 | entry node of functio ... = 23;\\n} | @@ -170,6 +177,7 @@ basicBlock | tst2.ts:13:39:13:38 | 'arguments' object of default constructor of class StringList | tst2.ts:13:39:13:38 | entry node of (...arg ... rgs); } | | tst2.ts:13:39:13:38 | (...arg ... rgs); } | tst2.ts:1:1:1:0 | entry node of | | tst2.ts:13:39:13:38 | ...args | tst2.ts:13:39:13:38 | entry node of (...arg ... rgs); } | +| tst2.ts:13:39:13:38 | [function self-reference] (...arg ... rgs); } | tst2.ts:13:39:13:38 | entry node of (...arg ... rgs); } | | tst2.ts:13:39:13:38 | args | tst2.ts:13:39:13:38 | entry node of (...arg ... rgs); } | | tst2.ts:13:39:13:38 | args | tst2.ts:13:39:13:38 | entry node of (...arg ... rgs); } | | tst2.ts:13:39:13:38 | args | tst2.ts:13:39:13:38 | entry node of (...arg ... rgs); } | @@ -236,6 +244,7 @@ basicBlock | tst.js:16:1:20:9 | exceptional return of (functi ... ("arg") | tst.js:16:1:20:10 | (functi ... "arg"); | | tst.js:16:2:16:1 | this | tst.js:16:2:16:1 | entry node of functio ... n "";\\n} | | tst.js:16:2:20:1 | 'arguments' object of function f | tst.js:16:2:16:1 | entry node of functio ... n "";\\n} | +| tst.js:16:2:20:1 | [function self-reference] functio ... n "";\\n} | tst.js:16:2:16:1 | entry node of functio ... n "";\\n} | | tst.js:16:2:20:1 | exceptional return of function f | tst.js:20:2:20:1 | exit node of functio ... n "";\\n} | | tst.js:16:2:20:1 | functio ... n "";\\n} | tst.js:16:1:20:10 | (functi ... "arg"); | | tst.js:16:2:20:1 | return of function f | tst.js:20:2:20:1 | exit node of functio ... n "";\\n} | @@ -271,12 +280,14 @@ basicBlock | tst.js:28:2:28:1 | x | tst.js:28:2:28:1 | entry node of () =>\\n x | | tst.js:28:2:29:3 | 'arguments' object of anonymous function | tst.js:28:2:28:1 | entry node of () =>\\n x | | tst.js:28:2:29:3 | () =>\\n x | tst.js:16:1:20:10 | (functi ... "arg"); | +| tst.js:28:2:29:3 | [function self-reference] () =>\\n x | tst.js:28:2:28:1 | entry node of () =>\\n x | | tst.js:28:2:29:3 | exceptional return of anonymous function | tst.js:28:2:28:1 | entry node of () =>\\n x | | tst.js:28:2:29:3 | return of anonymous function | tst.js:28:2:28:1 | entry node of () =>\\n x | | tst.js:29:3:29:3 | x | tst.js:28:2:28:1 | entry node of () =>\\n x | | tst.js:32:1:32:0 | this | tst.js:32:1:32:0 | entry node of functio ... ables\\n} | | tst.js:32:1:32:0 | x | tst.js:32:1:32:0 | entry node of functio ... ables\\n} | | tst.js:32:1:34:1 | 'arguments' object of function g | tst.js:32:1:32:0 | entry node of functio ... ables\\n} | +| tst.js:32:1:34:1 | [function self-reference] functio ... ables\\n} | tst.js:32:1:32:0 | entry node of functio ... ables\\n} | | tst.js:32:1:34:1 | exceptional return of function g | tst.js:32:1:32:0 | entry node of functio ... ables\\n} | | tst.js:32:1:34:1 | functio ... ables\\n} | tst.js:16:1:20:10 | (functi ... "arg"); | | tst.js:32:1:34:1 | return of function g | tst.js:32:1:32:0 | entry node of functio ... ables\\n} | @@ -302,6 +313,7 @@ basicBlock | tst.js:39:4:39:3 | this | tst.js:39:4:39:3 | entry node of () {\\n this;\\n } | | tst.js:39:4:41:3 | 'arguments' object of method m | tst.js:39:4:39:3 | entry node of () {\\n this;\\n } | | tst.js:39:4:41:3 | () {\\n this;\\n } | tst.js:16:1:20:10 | (functi ... "arg"); | +| tst.js:39:4:41:3 | [function self-reference] () {\\n this;\\n } | tst.js:39:4:39:3 | entry node of () {\\n this;\\n } | | tst.js:39:4:41:3 | exceptional return of method m | tst.js:39:4:39:3 | entry node of () {\\n this;\\n } | | tst.js:39:4:41:3 | return of method m | tst.js:39:4:39:3 | entry node of () {\\n this;\\n } | | tst.js:40:5:40:8 | this | tst.js:39:4:39:3 | entry node of () {\\n this;\\n } | @@ -327,6 +339,7 @@ basicBlock | tst.js:50:14:50:13 | this | tst.js:50:14:50:13 | entry node of () {\\n ... et`\\n } | | tst.js:50:14:53:3 | 'arguments' object of constructor of class A | tst.js:50:14:50:13 | entry node of () {\\n ... et`\\n } | | tst.js:50:14:53:3 | () {\\n ... et`\\n } | tst.js:16:1:20:10 | (functi ... "arg"); | +| tst.js:50:14:53:3 | [function self-reference] () {\\n ... et`\\n } | tst.js:50:14:50:13 | entry node of () {\\n ... et`\\n } | | tst.js:50:14:53:3 | exceptional return of constructor of class A | tst.js:50:14:50:13 | entry node of () {\\n ... et`\\n } | | tst.js:50:14:53:3 | return of constructor of class A | tst.js:50:14:50:13 | entry node of () {\\n ... et`\\n } | | tst.js:51:5:51:9 | super | tst.js:50:14:50:13 | entry node of () {\\n ... et`\\n } | @@ -353,6 +366,7 @@ basicBlock | tst.js:62:4:62:4 | g | tst.js:16:1:20:10 | (functi ... "arg"); | | tst.js:64:1:64:0 | this | tst.js:64:1:64:0 | entry node of functio ... lysed\\n} | | tst.js:64:1:67:1 | 'arguments' object of function h | tst.js:64:1:64:0 | entry node of functio ... lysed\\n} | +| tst.js:64:1:67:1 | [function self-reference] functio ... lysed\\n} | tst.js:64:1:64:0 | entry node of functio ... lysed\\n} | | tst.js:64:1:67:1 | exceptional return of function h | tst.js:64:1:64:0 | entry node of functio ... lysed\\n} | | tst.js:64:1:67:1 | functio ... lysed\\n} | tst.js:16:1:20:10 | (functi ... "arg"); | | tst.js:64:1:67:1 | return of function h | tst.js:64:1:64:0 | entry node of functio ... lysed\\n} | @@ -377,6 +391,7 @@ basicBlock | tst.js:69:11:69:12 | 23 | tst.js:16:1:20:10 | (functi ... "arg"); | | tst.js:71:1:71:0 | this | tst.js:71:1:71:0 | entry node of async f ... lysed\\n} | | tst.js:71:1:73:1 | 'arguments' object of function k | tst.js:71:1:71:0 | entry node of async f ... lysed\\n} | +| tst.js:71:1:73:1 | [function self-reference] async f ... lysed\\n} | tst.js:71:1:71:0 | entry node of async f ... lysed\\n} | | tst.js:71:1:73:1 | async f ... lysed\\n} | tst.js:16:1:20:10 | (functi ... "arg"); | | tst.js:71:1:73:1 | exceptional return of function k | tst.js:71:1:71:0 | entry node of async f ... lysed\\n} | | tst.js:71:1:73:1 | return of function k | tst.js:71:1:71:0 | entry node of async f ... lysed\\n} | @@ -420,6 +435,7 @@ basicBlock | tst.js:87:1:96:2 | exceptional return of (functi ... r: 0\\n}) | tst.js:85:5:85:28 | vs2 = ( ... o) v ) | | tst.js:87:2:87:1 | this | tst.js:87:2:87:1 | entry node of functio ... + z;\\n} | | tst.js:87:2:92:1 | 'arguments' object of anonymous function | tst.js:87:2:87:1 | entry node of functio ... + z;\\n} | +| tst.js:87:2:92:1 | [function self-reference] functio ... + z;\\n} | tst.js:87:2:87:1 | entry node of functio ... + z;\\n} | | tst.js:87:2:92:1 | exceptional return of anonymous function | tst.js:87:2:87:1 | entry node of functio ... + z;\\n} | | tst.js:87:2:92:1 | functio ... + z;\\n} | tst.js:85:5:85:28 | vs2 = ( ... o) v ) | | tst.js:87:2:92:1 | return of anonymous function | tst.js:87:2:87:1 | entry node of functio ... + z;\\n} | @@ -474,6 +490,7 @@ basicBlock | tst.js:98:1:103:17 | exceptional return of (functi ... 3, 0 ]) | tst.js:85:5:85:28 | vs2 = ( ... o) v ) | | tst.js:98:2:98:1 | this | tst.js:98:2:98:1 | entry node of functio ... + z;\\n} | | tst.js:98:2:103:1 | 'arguments' object of anonymous function | tst.js:98:2:98:1 | entry node of functio ... + z;\\n} | +| tst.js:98:2:103:1 | [function self-reference] functio ... + z;\\n} | tst.js:98:2:98:1 | entry node of functio ... + z;\\n} | | tst.js:98:2:103:1 | exceptional return of anonymous function | tst.js:98:2:98:1 | entry node of functio ... + z;\\n} | | tst.js:98:2:103:1 | functio ... + z;\\n} | tst.js:85:5:85:28 | vs2 = ( ... o) v ) | | tst.js:98:2:103:1 | return of anonymous function | tst.js:98:2:98:1 | entry node of functio ... + z;\\n} | @@ -516,6 +533,7 @@ basicBlock | tst.js:107:1:113:2 | (functi ... v2c;\\n}) | tst.js:107:1:113:3 | (functi ... 2c;\\n}); | | tst.js:107:2:107:1 | this | tst.js:107:2:107:1 | entry node of functio ... v2c;\\n} | | tst.js:107:2:113:1 | 'arguments' object of anonymous function | tst.js:107:2:107:1 | entry node of functio ... v2c;\\n} | +| tst.js:107:2:113:1 | [function self-reference] functio ... v2c;\\n} | tst.js:107:2:107:1 | entry node of functio ... v2c;\\n} | | tst.js:107:2:113:1 | exceptional return of anonymous function | tst.js:107:2:107:1 | entry node of functio ... v2c;\\n} | | tst.js:107:2:113:1 | functio ... v2c;\\n} | tst.js:107:1:113:3 | (functi ... 2c;\\n}); | | tst.js:107:2:113:1 | return of anonymous function | tst.js:107:2:107:1 | entry node of functio ... v2c;\\n} | @@ -998,6 +1016,7 @@ flowStep | tst2.ts:13:26:13:29 | List | tst2.ts:13:26:13:37 | List | | tst2.ts:13:39:13:38 | args | tst2.ts:13:39:13:38 | args | | tst2.ts:13:39:13:38 | args | tst2.ts:13:39:13:38 | args | +| tst2.ts:13:39:13:38 | this | tst2.ts:13:39:13:38 | implicit 'this' argument of super(...args) | | tst2.ts:15:11:15:13 | A.x | tst2.ts:15:11:15:30 | A.x satisfies number | | tst.js:1:1:1:1 | x | tst.js:3:5:3:5 | x | | tst.js:1:10:1:11 | fs | tst.js:1:10:1:11 | fs | @@ -1078,6 +1097,7 @@ flowStep | tst.js:46:10:46:11 | "" | tst.js:46:1:46:11 | global = "" | | tst.js:49:1:54:1 | A | tst.js:55:1:55:1 | A | | tst.js:49:1:54:1 | class A ... `\\n }\\n} | tst.js:49:1:54:1 | A | +| tst.js:50:14:50:13 | this | tst.js:51:5:51:13 | implicit 'this' argument of super(42) | | tst.js:64:1:67:1 | functio ... lysed\\n} | tst.js:64:11:64:11 | h | | tst.js:64:11:64:11 | h | tst.js:68:12:68:12 | h | | tst.js:68:5:68:14 | iter | tst.js:69:1:69:4 | iter | @@ -1442,7 +1462,6 @@ incomplete | tst.js:117:10:117:24 | exceptional return of Object.seal(x1) | call | | tst.js:117:22:117:23 | x1 | global | noBasicBlock -| file://:0:0:0:0 | global access path | | tst.js:1:10:1:11 | fs | | tst.js:1:10:1:11 | fs | | tst.js:1:20:1:23 | 'fs' | diff --git a/javascript/ql/test/library-tests/DataFlow/tests.ql b/javascript/ql/test/library-tests/DataFlow/tests.ql index 14a3635b5340..8fd5fd694a10 100644 --- a/javascript/ql/test/library-tests/DataFlow/tests.ql +++ b/javascript/ql/test/library-tests/DataFlow/tests.ql @@ -23,7 +23,10 @@ query predicate incomplete(DataFlow::Node dfn, DataFlow::Incompleteness cause) { dfn.isIncomplete(cause) } -query predicate noBasicBlock(DataFlow::Node node) { not exists(node.getBasicBlock()) } +query predicate noBasicBlock(DataFlow::Node node) { + (node instanceof DataFlow::ValueNode or node instanceof DataFlow::SsaDefinitionNode) and + not exists(node.getBasicBlock()) +} query predicate parameters(DataFlow::ParameterNode param) { any() } diff --git a/javascript/ql/test/library-tests/FlowSummary/CaptureConsistency.expected b/javascript/ql/test/library-tests/FlowSummary/CaptureConsistency.expected new file mode 100644 index 000000000000..35f4edcf1fb9 --- /dev/null +++ b/javascript/ql/test/library-tests/FlowSummary/CaptureConsistency.expected @@ -0,0 +1,17 @@ +uniqueToString +uniqueEnclosingCallable +uniqueDominator +localDominator +localSuccessor +uniqueDefiningScope +variableIsCaptured +uniqueLocation +uniqueCfgNode +uniqueWriteTarget +uniqueWriteCfgNode +uniqueReadVariable +closureMustHaveBody +closureAliasMustBeInSameScope +variableAccessAstNesting +uniqueCallableLocation +consistencyOverview diff --git a/javascript/ql/test/library-tests/FlowSummary/CaptureConsistency.ql b/javascript/ql/test/library-tests/FlowSummary/CaptureConsistency.ql new file mode 100644 index 000000000000..1134eee1f2b0 --- /dev/null +++ b/javascript/ql/test/library-tests/FlowSummary/CaptureConsistency.ql @@ -0,0 +1 @@ +import semmle.javascript.dataflow.internal.VariableCapture::VariableCaptureOutput::ConsistencyChecks diff --git a/javascript/ql/test/library-tests/FlowSummary/DataFlowConsistency.expected b/javascript/ql/test/library-tests/FlowSummary/DataFlowConsistency.expected new file mode 100644 index 000000000000..5a967f1256e3 --- /dev/null +++ b/javascript/ql/test/library-tests/FlowSummary/DataFlowConsistency.expected @@ -0,0 +1,209 @@ +uniqueEnclosingCallable +uniqueCallEnclosingCallable +uniqueType +uniqueNodeLocation +missingLocation +uniqueNodeToString +parameterCallable +localFlowIsLocal +readStepIsLocal +storeStepIsLocal +compatibleTypesReflexive +unreachableNodeCCtx +localCallNodes +postIsNotPre +postHasUniquePre +uniquePostUpdate +postIsInSameCallable +reverseRead +| tst.js:109:11:113:3 | 'arguments' object of anonymous function | Origin of readStep is missing a PostUpdateNode. | +| tst.js:267:28:267:31 | map3 | Origin of readStep is missing a PostUpdateNode. | +argHasPostUpdate +| tst.js:219:18:219:27 | [source()] | ArgumentNode is missing PostUpdateNode. | +postWithInFlow +| file://:0:0:0:0 | [summary] to write: Argument[1] in Array method with flow into callback | PostUpdateNode should not be the target of local flow. | +| file://:0:0:0:0 | [summary] to write: Argument[1] in Array#filter | PostUpdateNode should not be the target of local flow. | +| file://:0:0:0:0 | [summary] to write: Argument[1] in Array#find / Array#findLast | PostUpdateNode should not be the target of local flow. | +| file://:0:0:0:0 | [summary] to write: Argument[1] in Array#flatMap | PostUpdateNode should not be the target of local flow. | +| file://:0:0:0:0 | [summary] to write: Argument[1] in Array#forEach / Map#forEach / Set#forEach | PostUpdateNode should not be the target of local flow. | +| file://:0:0:0:0 | [summary] to write: Argument[1] in Array#map | PostUpdateNode should not be the target of local flow. | +| file://:0:0:0:0 | [summary] to write: Argument[1] in Array#reduce / Array#reduceRight | PostUpdateNode should not be the target of local flow. | +| file://:0:0:0:0 | [summary] to write: Argument[2] in 'array.prototype.find' / 'array-find' | PostUpdateNode should not be the target of local flow. | +| file://:0:0:0:0 | [summary] to write: Argument[2] in Array.from(arg, callback, [thisArg]) | PostUpdateNode should not be the target of local flow. | +| file://:0:0:0:0 | [summary] to write: Argument[this] in Array#flatMap | PostUpdateNode should not be the target of local flow. | +| file://:0:0:0:0 | [summary] to write: Argument[this] in Array#forEach / Map#forEach / Set#forEach | PostUpdateNode should not be the target of local flow. | +| file://:0:0:0:0 | [summary] to write: Argument[this] in Array#map | PostUpdateNode should not be the target of local flow. | +| file://:0:0:0:0 | [summary] to write: Argument[this] in Array#reduce / Array#reduceRight | PostUpdateNode should not be the target of local flow. | +| tst.js:97:24:97:74 | new Pro ... rce())) | PostUpdateNode should not be the target of local flow. | +| tst.js:100:3:100:53 | new Pro ... rce())) | PostUpdateNode should not be the target of local flow. | +| tst.js:101:3:101:53 | new Pro ... rce())) | PostUpdateNode should not be the target of local flow. | +| tst.js:102:3:102:52 | new Pro ... rce())) | PostUpdateNode should not be the target of local flow. | +| tst.js:103:3:103:52 | new Pro ... rce())) | PostUpdateNode should not be the target of local flow. | +| tst.js:250:15:250:23 | new Map() | PostUpdateNode should not be the target of local flow. | +| tst.js:258:16:258:24 | new Map() | PostUpdateNode should not be the target of local flow. | +| tst.js:264:16:264:24 | new Map() | PostUpdateNode should not be the target of local flow. | +viableImplInCallContextTooLarge +uniqueParameterNodeAtPosition +uniqueParameterNodePosition +uniqueContentApprox +identityLocalStep +missingArgumentCall +multipleArgumentCall +| tst.js:30:8:30:37 | flowInt ... urce()) | tst.js:30:8:30:41 | flowInt ... ()).pop (as accessor call) | Multiple calls for argument node. | +| tst.js:30:8:30:37 | flowInt ... urce()) | tst.js:30:8:30:43 | flowInt ... ).pop() | Multiple calls for argument node. | +| tst.js:32:39:32:42 | Math | tst.js:32:39:32:49 | Math.random (as accessor call) | Multiple calls for argument node. | +| tst.js:32:39:32:42 | Math | tst.js:32:39:32:51 | Math.random() | Multiple calls for argument node. | +| tst.js:54:25:54:31 | Promise | tst.js:54:25:54:39 | Promise.resolve (as accessor call) | Multiple calls for argument node. | +| tst.js:54:25:54:31 | Promise | tst.js:54:25:54:49 | Promise ... urce()) | Multiple calls for argument node. | +| tst.js:55:25:55:31 | Promise | tst.js:55:25:55:39 | Promise.resolve (as accessor call) | Multiple calls for argument node. | +| tst.js:55:25:55:31 | Promise | tst.js:55:25:55:47 | Promise ... "safe") | Multiple calls for argument node. | +| tst.js:55:25:55:47 | Promise ... "safe") | tst.js:55:25:55:52 | Promise ... ").then (as accessor call) | Multiple calls for argument node. | +| tst.js:55:25:55:47 | Promise ... "safe") | tst.js:55:25:55:67 | Promise ... urce()) | Multiple calls for argument node. | +| tst.js:56:25:56:31 | Promise | tst.js:56:25:56:39 | Promise.resolve (as accessor call) | Multiple calls for argument node. | +| tst.js:56:25:56:31 | Promise | tst.js:56:25:56:47 | Promise ... "safe") | Multiple calls for argument node. | +| tst.js:56:25:56:47 | Promise ... "safe") | tst.js:56:25:56:52 | Promise ... ").then (as accessor call) | Multiple calls for argument node. | +| tst.js:56:25:56:47 | Promise ... "safe") | tst.js:56:25:56:65 | Promise ... "safe") | Multiple calls for argument node. | +| tst.js:57:25:57:31 | Promise | tst.js:57:25:57:39 | Promise.resolve (as accessor call) | Multiple calls for argument node. | +| tst.js:57:25:57:31 | Promise | tst.js:57:25:57:49 | Promise ... urce()) | Multiple calls for argument node. | +| tst.js:57:25:57:49 | Promise ... urce()) | tst.js:57:25:57:54 | Promise ... )).then (as accessor call) | Multiple calls for argument node. | +| tst.js:57:25:57:49 | Promise ... urce()) | tst.js:57:25:57:67 | Promise ... "safe") | Multiple calls for argument node. | +| tst.js:59:25:59:31 | Promise | tst.js:59:25:59:38 | Promise.reject (as accessor call) | Multiple calls for argument node. | +| tst.js:59:25:59:31 | Promise | tst.js:59:25:59:48 | Promise ... urce()) | Multiple calls for argument node. | +| tst.js:60:25:60:31 | Promise | tst.js:60:25:60:38 | Promise.reject (as accessor call) | Multiple calls for argument node. | +| tst.js:60:25:60:31 | Promise | tst.js:60:25:60:48 | Promise ... urce()) | Multiple calls for argument node. | +| tst.js:60:25:60:48 | Promise ... urce()) | tst.js:60:25:60:53 | Promise ... )).then (as accessor call) | Multiple calls for argument node. | +| tst.js:60:25:60:48 | Promise ... urce()) | tst.js:60:25:60:74 | Promise ... y => y) | Multiple calls for argument node. | +| tst.js:61:25:61:31 | Promise | tst.js:61:25:61:38 | Promise.reject (as accessor call) | Multiple calls for argument node. | +| tst.js:61:25:61:31 | Promise | tst.js:61:25:61:48 | Promise ... urce()) | Multiple calls for argument node. | +| tst.js:61:25:61:48 | Promise ... urce()) | tst.js:61:25:61:53 | Promise ... )).then (as accessor call) | Multiple calls for argument node. | +| tst.js:61:25:61:48 | Promise ... urce()) | tst.js:61:25:61:74 | Promise ... "safe") | Multiple calls for argument node. | +| tst.js:62:25:62:31 | Promise | tst.js:62:25:62:38 | Promise.reject (as accessor call) | Multiple calls for argument node. | +| tst.js:62:25:62:31 | Promise | tst.js:62:25:62:46 | Promise ... "safe") | Multiple calls for argument node. | +| tst.js:62:25:62:46 | Promise ... "safe") | tst.js:62:25:62:51 | Promise ... ").then (as accessor call) | Multiple calls for argument node. | +| tst.js:62:25:62:46 | Promise ... "safe") | tst.js:62:25:62:67 | Promise ... y => y) | Multiple calls for argument node. | +| tst.js:64:25:64:31 | Promise | tst.js:64:25:64:38 | Promise.reject (as accessor call) | Multiple calls for argument node. | +| tst.js:64:25:64:31 | Promise | tst.js:64:25:64:48 | Promise ... urce()) | Multiple calls for argument node. | +| tst.js:65:25:65:31 | Promise | tst.js:65:25:65:38 | Promise.reject (as accessor call) | Multiple calls for argument node. | +| tst.js:65:25:65:31 | Promise | tst.js:65:25:65:48 | Promise ... urce()) | Multiple calls for argument node. | +| tst.js:65:25:65:48 | Promise ... urce()) | tst.js:65:25:65:54 | Promise ... ).catch (as accessor call) | Multiple calls for argument node. | +| tst.js:65:25:65:48 | Promise ... urce()) | tst.js:65:25:65:66 | Promise ... => err) | Multiple calls for argument node. | +| tst.js:66:25:66:31 | Promise | tst.js:66:25:66:38 | Promise.reject (as accessor call) | Multiple calls for argument node. | +| tst.js:66:25:66:31 | Promise | tst.js:66:25:66:48 | Promise ... urce()) | Multiple calls for argument node. | +| tst.js:66:25:66:48 | Promise ... urce()) | tst.js:66:25:66:54 | Promise ... ).catch (as accessor call) | Multiple calls for argument node. | +| tst.js:66:25:66:48 | Promise ... urce()) | tst.js:66:25:66:69 | Promise ... "safe") | Multiple calls for argument node. | +| tst.js:67:25:67:31 | Promise | tst.js:67:25:67:38 | Promise.reject (as accessor call) | Multiple calls for argument node. | +| tst.js:67:25:67:31 | Promise | tst.js:67:25:67:46 | Promise ... "safe") | Multiple calls for argument node. | +| tst.js:67:25:67:46 | Promise ... "safe") | tst.js:67:25:67:52 | Promise ... ).catch (as accessor call) | Multiple calls for argument node. | +| tst.js:67:25:67:46 | Promise ... "safe") | tst.js:67:25:67:64 | Promise ... => err) | Multiple calls for argument node. | +| tst.js:69:25:69:31 | Promise | tst.js:69:25:69:38 | Promise.reject (as accessor call) | Multiple calls for argument node. | +| tst.js:69:25:69:31 | Promise | tst.js:69:25:69:48 | Promise ... urce()) | Multiple calls for argument node. | +| tst.js:69:25:69:48 | Promise ... urce()) | tst.js:69:25:69:53 | Promise ... )).then (as accessor call) | Multiple calls for argument node. | +| tst.js:69:25:69:48 | Promise ... urce()) | tst.js:69:25:69:66 | Promise ... "safe") | Multiple calls for argument node. | +| tst.js:69:25:69:66 | Promise ... "safe") | tst.js:69:25:69:72 | Promise ... ).catch (as accessor call) | Multiple calls for argument node. | +| tst.js:69:25:69:66 | Promise ... "safe") | tst.js:69:25:69:84 | Promise ... => err) | Multiple calls for argument node. | +| tst.js:71:25:71:31 | Promise | tst.js:71:25:71:38 | Promise.reject (as accessor call) | Multiple calls for argument node. | +| tst.js:71:25:71:31 | Promise | tst.js:71:25:71:48 | Promise ... urce()) | Multiple calls for argument node. | +| tst.js:71:25:71:48 | Promise ... urce()) | tst.js:71:25:71:56 | Promise ... finally (as accessor call) | Multiple calls for argument node. | +| tst.js:71:25:71:48 | Promise ... urce()) | tst.js:71:25:71:70 | Promise ... "safe") | Multiple calls for argument node. | +| tst.js:71:25:71:70 | Promise ... "safe") | tst.js:71:25:71:76 | Promise ... ).catch (as accessor call) | Multiple calls for argument node. | +| tst.js:71:25:71:70 | Promise ... "safe") | tst.js:71:25:71:88 | Promise ... => err) | Multiple calls for argument node. | +| tst.js:72:25:72:31 | Promise | tst.js:72:25:72:39 | Promise.resolve (as accessor call) | Multiple calls for argument node. | +| tst.js:72:25:72:31 | Promise | tst.js:72:25:72:49 | Promise ... urce()) | Multiple calls for argument node. | +| tst.js:72:25:72:49 | Promise ... urce()) | tst.js:72:25:72:57 | Promise ... finally (as accessor call) | Multiple calls for argument node. | +| tst.js:72:25:72:49 | Promise ... urce()) | tst.js:72:25:72:71 | Promise ... "safe") | Multiple calls for argument node. | +| tst.js:72:25:72:71 | Promise ... "safe") | tst.js:72:25:72:76 | Promise ... ").then (as accessor call) | Multiple calls for argument node. | +| tst.js:72:25:72:71 | Promise ... "safe") | tst.js:72:25:72:88 | Promise ... => err) | Multiple calls for argument node. | +| tst.js:73:25:73:31 | Promise | tst.js:73:25:73:38 | Promise.reject (as accessor call) | Multiple calls for argument node. | +| tst.js:73:25:73:31 | Promise | tst.js:73:25:73:46 | Promise ... "safe") | Multiple calls for argument node. | +| tst.js:73:25:73:46 | Promise ... "safe") | tst.js:73:25:73:54 | Promise ... finally (as accessor call) | Multiple calls for argument node. | +| tst.js:73:25:73:46 | Promise ... "safe") | tst.js:73:25:73:80 | Promise ... ce() }) | Multiple calls for argument node. | +| tst.js:73:25:73:80 | Promise ... ce() }) | tst.js:73:25:73:86 | Promise ... ).catch (as accessor call) | Multiple calls for argument node. | +| tst.js:73:25:73:80 | Promise ... ce() }) | tst.js:73:25:73:98 | Promise ... => err) | Multiple calls for argument node. | +| tst.js:75:3:75:9 | Promise | tst.js:75:3:75:17 | Promise.resolve (as accessor call) | Multiple calls for argument node. | +| tst.js:75:3:75:9 | Promise | tst.js:75:3:75:25 | Promise ... "safe") | Multiple calls for argument node. | +| tst.js:75:3:75:25 | Promise ... "safe") | tst.js:75:3:76:9 | Promise ... .then (as accessor call) | Multiple calls for argument node. | +| tst.js:75:3:75:25 | Promise ... "safe") | tst.js:75:3:76:35 | Promise ... e(); }) | Multiple calls for argument node. | +| tst.js:75:3:76:35 | Promise ... e(); }) | tst.js:75:3:77:10 | Promise ... .catch (as accessor call) | Multiple calls for argument node. | +| tst.js:75:3:76:35 | Promise ... e(); }) | tst.js:75:3:79:6 | Promise ... \\n }) | Multiple calls for argument node. | +| tst.js:81:3:81:9 | Promise | tst.js:81:3:81:17 | Promise.resolve (as accessor call) | Multiple calls for argument node. | +| tst.js:81:3:81:9 | Promise | tst.js:81:3:81:25 | Promise ... "safe") | Multiple calls for argument node. | +| tst.js:81:3:81:25 | Promise ... "safe") | tst.js:81:3:82:9 | Promise ... .then (as accessor call) | Multiple calls for argument node. | +| tst.js:81:3:81:25 | Promise ... "safe") | tst.js:81:3:82:35 | Promise ... e(); }) | Multiple calls for argument node. | +| tst.js:81:3:82:35 | Promise ... e(); }) | tst.js:81:3:83:9 | Promise ... .then (as accessor call) | Multiple calls for argument node. | +| tst.js:81:3:82:35 | Promise ... e(); }) | tst.js:81:3:83:22 | Promise ... "safe") | Multiple calls for argument node. | +| tst.js:81:3:83:22 | Promise ... "safe") | tst.js:81:3:84:10 | Promise ... .catch (as accessor call) | Multiple calls for argument node. | +| tst.js:81:3:83:22 | Promise ... "safe") | tst.js:81:3:86:6 | Promise ... \\n }) | Multiple calls for argument node. | +| tst.js:89:3:89:27 | flowInt ... urce()) | tst.js:89:3:89:32 | flowInt ... )).then (as accessor call) | Multiple calls for argument node. | +| tst.js:89:3:89:27 | flowInt ... urce()) | tst.js:89:3:89:54 | flowInt ... value)) | Multiple calls for argument node. | +| tst.js:100:3:100:53 | new Pro ... rce())) | tst.js:100:3:100:58 | new Pro ... )).then (as accessor call) | Multiple calls for argument node. | +| tst.js:100:3:100:53 | new Pro ... rce())) | tst.js:100:3:100:72 | new Pro ... ink(x)) | Multiple calls for argument node. | +| tst.js:101:3:101:53 | new Pro ... rce())) | tst.js:101:3:101:59 | new Pro ... ).catch (as accessor call) | Multiple calls for argument node. | +| tst.js:101:3:101:53 | new Pro ... rce())) | tst.js:101:3:101:77 | new Pro ... k(err)) | Multiple calls for argument node. | +| tst.js:102:3:102:52 | new Pro ... rce())) | tst.js:102:3:102:57 | new Pro ... )).then (as accessor call) | Multiple calls for argument node. | +| tst.js:102:3:102:52 | new Pro ... rce())) | tst.js:102:3:102:71 | new Pro ... ink(x)) | Multiple calls for argument node. | +| tst.js:103:3:103:52 | new Pro ... rce())) | tst.js:103:3:103:58 | new Pro ... ).catch (as accessor call) | Multiple calls for argument node. | +| tst.js:103:3:103:52 | new Pro ... rce())) | tst.js:103:3:103:76 | new Pro ... k(err)) | Multiple calls for argument node. | +| tst.js:105:3:105:9 | Promise | tst.js:105:3:105:13 | Promise.all (as accessor call) | Multiple calls for argument node. | +| tst.js:105:3:105:9 | Promise | tst.js:105:3:109:4 | Promise ... e"\\n ]) | Multiple calls for argument node. | +| tst.js:105:3:109:4 | Promise ... e"\\n ]) | tst.js:105:3:109:9 | Promise ... ]).then (as accessor call) | Multiple calls for argument node. | +| tst.js:105:3:109:4 | Promise ... e"\\n ]) | tst.js:105:3:113:4 | Promise ... OK\\n }) | Multiple calls for argument node. | +| tst.js:170:19:170:25 | Promise | tst.js:170:19:170:33 | Promise.resolve (as accessor call) | Multiple calls for argument node. | +| tst.js:170:19:170:25 | Promise | tst.js:170:19:170:38 | Promise.resolve(obj) | Multiple calls for argument node. | +| tst.js:209:3:209:7 | array | tst.js:209:3:209:12 | array.push (as accessor call) | Multiple calls for argument node. | +| tst.js:209:3:209:7 | array | tst.js:209:3:209:38 | array.p ... urce()) | Multiple calls for argument node. | +| tst.js:210:8:210:12 | array | tst.js:210:8:210:16 | array.pop (as accessor call) | Multiple calls for argument node. | +| tst.js:210:8:210:12 | array | tst.js:210:8:210:18 | array.pop() | Multiple calls for argument node. | +| tst.js:213:3:213:8 | array2 | tst.js:213:3:213:13 | array2.push (as accessor call) | Multiple calls for argument node. | +| tst.js:213:3:213:8 | array2 | tst.js:213:3:213:23 | array2. ... urce()) | Multiple calls for argument node. | +| tst.js:214:3:214:8 | array2 | tst.js:214:3:214:13 | array2.push (as accessor call) | Multiple calls for argument node. | +| tst.js:214:3:214:8 | array2 | tst.js:214:3:214:21 | array2.push("safe") | Multiple calls for argument node. | +| tst.js:215:3:215:8 | array2 | tst.js:215:3:215:13 | array2.push (as accessor call) | Multiple calls for argument node. | +| tst.js:215:3:215:8 | array2 | tst.js:215:3:215:21 | array2.push("safe") | Multiple calls for argument node. | +| tst.js:216:3:216:8 | array2 | tst.js:216:3:216:16 | array2.forEach (as accessor call) | Multiple calls for argument node. | +| tst.js:216:3:216:8 | array2 | tst.js:216:3:216:30 | array2. ... ink(x)) | Multiple calls for argument node. | +| tst.js:219:3:219:8 | array3 | tst.js:219:3:219:13 | array3.push (as accessor call) | Multiple calls for argument node. | +| tst.js:219:3:219:8 | array3 | tst.js:219:3:219:28 | array3. ... rce()]) | Multiple calls for argument node. | +| tst.js:220:3:220:8 | array3 | tst.js:220:3:220:16 | array3.forEach (as accessor call) | Multiple calls for argument node. | +| tst.js:220:3:220:8 | array3 | tst.js:220:3:220:30 | array3. ... ink(x)) | Multiple calls for argument node. | +| tst.js:223:12:223:32 | Array.p ... e.slice | tst.js:223:12:223:37 | Array.p ... ce.call (as accessor call) | Multiple calls for argument node. | +| tst.js:223:12:223:32 | Array.p ... e.slice | tst.js:223:12:223:45 | Array.p ... array4) | Multiple calls for argument node. | +| tst.js:223:12:223:32 | Array.p ... e.slice | tst.js:223:12:223:45 | reflective call | Multiple calls for argument node. | +| tst.js:223:39:223:44 | array4 | tst.js:223:12:223:45 | Array.p ... array4) | Multiple calls for argument node. | +| tst.js:223:39:223:44 | array4 | tst.js:223:12:223:45 | reflective call | Multiple calls for argument node. | +| tst.js:224:8:224:13 | array4 | tst.js:224:8:224:17 | array4.pop (as accessor call) | Multiple calls for argument node. | +| tst.js:224:8:224:13 | array4 | tst.js:224:8:224:19 | array4.pop() | Multiple calls for argument node. | +| tst.js:226:3:226:12 | [source()] | tst.js:226:3:226:20 | [source()].forEach (as accessor call) | Multiple calls for argument node. | +| tst.js:226:3:226:12 | [source()] | tst.js:226:3:226:68 | [source ... p()) }) | Multiple calls for argument node. | +| tst.js:226:54:226:58 | array | tst.js:226:54:226:62 | array.pop (as accessor call) | Multiple calls for argument node. | +| tst.js:226:54:226:58 | array | tst.js:226:54:226:64 | array.pop() | Multiple calls for argument node. | +| tst.js:228:3:228:8 | array5 | tst.js:228:3:228:16 | array5.forEach (as accessor call) | Multiple calls for argument node. | +| tst.js:228:3:228:8 | array5 | tst.js:228:3:228:64 | array5. ... p()) }) | Multiple calls for argument node. | +| tst.js:228:50:228:54 | array | tst.js:228:50:228:58 | array.pop (as accessor call) | Multiple calls for argument node. | +| tst.js:228:50:228:54 | array | tst.js:228:50:228:60 | array.pop() | Multiple calls for argument node. | +| tst.js:229:3:229:10 | ["safe"] | tst.js:229:3:229:18 | ["safe"].forEach (as accessor call) | Multiple calls for argument node. | +| tst.js:229:3:229:10 | ["safe"] | tst.js:229:3:229:66 | ["safe" ... p()) }) | Multiple calls for argument node. | +| tst.js:229:52:229:56 | array | tst.js:229:52:229:60 | array.pop (as accessor call) | Multiple calls for argument node. | +| tst.js:229:52:229:56 | array | tst.js:229:52:229:62 | array.pop() | Multiple calls for argument node. | +| tst.js:251:3:251:5 | map | tst.js:251:3:251:9 | map.set (as accessor call) | Multiple calls for argument node. | +| tst.js:251:3:251:5 | map | tst.js:251:3:251:26 | map.set ... urce()) | Multiple calls for argument node. | +| tst.js:252:3:252:5 | map | tst.js:252:3:252:9 | map.set (as accessor call) | Multiple calls for argument node. | +| tst.js:252:3:252:5 | map | tst.js:252:3:252:24 | map.set ... 'safe') | Multiple calls for argument node. | +| tst.js:254:8:254:10 | map | tst.js:254:8:254:14 | map.get (as accessor call) | Multiple calls for argument node. | +| tst.js:254:8:254:10 | map | tst.js:254:8:254:21 | map.get('foo') | Multiple calls for argument node. | +| tst.js:255:8:255:10 | map | tst.js:255:8:255:14 | map.get (as accessor call) | Multiple calls for argument node. | +| tst.js:255:8:255:10 | map | tst.js:255:8:255:21 | map.get('bar') | Multiple calls for argument node. | +| tst.js:256:8:256:10 | map | tst.js:256:8:256:14 | map.get (as accessor call) | Multiple calls for argument node. | +| tst.js:256:8:256:10 | map | tst.js:256:8:256:27 | map.get(getUnkown()) | Multiple calls for argument node. | +| tst.js:259:3:259:6 | map2 | tst.js:259:3:259:10 | map2.set (as accessor call) | Multiple calls for argument node. | +| tst.js:259:3:259:6 | map2 | tst.js:259:3:259:33 | map2.se ... urce()) | Multiple calls for argument node. | +| tst.js:260:8:260:11 | map2 | tst.js:260:8:260:15 | map2.get (as accessor call) | Multiple calls for argument node. | +| tst.js:260:8:260:11 | map2 | tst.js:260:8:260:22 | map2.get('foo') | Multiple calls for argument node. | +| tst.js:261:8:261:11 | map2 | tst.js:261:8:261:15 | map2.get (as accessor call) | Multiple calls for argument node. | +| tst.js:261:8:261:11 | map2 | tst.js:261:8:261:22 | map2.get('bar') | Multiple calls for argument node. | +| tst.js:262:8:262:11 | map2 | tst.js:262:8:262:15 | map2.get (as accessor call) | Multiple calls for argument node. | +| tst.js:262:8:262:11 | map2 | tst.js:262:8:262:28 | map2.ge ... kown()) | Multiple calls for argument node. | +| tst.js:265:3:265:6 | map3 | tst.js:265:3:265:10 | map3.set (as accessor call) | Multiple calls for argument node. | +| tst.js:265:3:265:6 | map3 | tst.js:265:3:265:27 | map3.se ... urce()) | Multiple calls for argument node. | +| tst.js:266:3:266:6 | map3 | tst.js:266:3:266:14 | map3.forEach (as accessor call) | Multiple calls for argument node. | +| tst.js:266:3:266:6 | map3 | tst.js:266:3:266:36 | map3.fo ... value)) | Multiple calls for argument node. | +lambdaCallEnclosingCallableMismatch diff --git a/javascript/ql/test/library-tests/FlowSummary/DataFlowConsistency.ql b/javascript/ql/test/library-tests/FlowSummary/DataFlowConsistency.ql new file mode 100644 index 000000000000..02dd5540b6fb --- /dev/null +++ b/javascript/ql/test/library-tests/FlowSummary/DataFlowConsistency.ql @@ -0,0 +1,2 @@ +import javascript +import semmle.javascript.dataflow.internal.DataFlowImplConsistency::Consistency diff --git a/javascript/ql/test/library-tests/FlowSummary/Summaries.qll b/javascript/ql/test/library-tests/FlowSummary/Summaries.qll new file mode 100644 index 000000000000..e6037cb814b9 --- /dev/null +++ b/javascript/ql/test/library-tests/FlowSummary/Summaries.qll @@ -0,0 +1,37 @@ +import javascript +import semmle.javascript.dataflow.FlowSummary + +class MkSummary extends SummarizedCallable { + private CallExpr mkSummary; + + MkSummary() { + mkSummary.getCalleeName() = "mkSummary" and + this = + "mkSummary at " + mkSummary.getFile().getRelativePath() + ":" + + mkSummary.getLocation().getStartLine() + } + + override DataFlow::InvokeNode getACall() { + result = mkSummary.flow().(DataFlow::CallNode).getAnInvocation() + } + + override predicate propagatesFlowExt(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + // mkSummary(input, output) + input = mkSummary.getArgument(0).getStringValue() and + output = mkSummary.getArgument(1).getStringValue() + or + // mkSummary([ + // [input1, output1], + // [input2, output2], + // ... + // ]) + exists(ArrayExpr pair | + pair = mkSummary.getArgument(0).(ArrayExpr).getAnElement() and + input = pair.getElement(0).getStringValue() and + output = pair.getElement(1).getStringValue() + ) + ) + } +} diff --git a/javascript/ql/test/library-tests/FlowSummary/test.expected b/javascript/ql/test/library-tests/FlowSummary/test.expected new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/javascript/ql/test/library-tests/FlowSummary/test.ql b/javascript/ql/test/library-tests/FlowSummary/test.ql new file mode 100644 index 000000000000..3b300bbe19b1 --- /dev/null +++ b/javascript/ql/test/library-tests/FlowSummary/test.ql @@ -0,0 +1,36 @@ +import javascript +import testUtilities.ConsistencyChecking +import Summaries + +DataFlow::CallNode getACall(string name) { + result.getCalleeName() = name + or + result.getCalleeNode().getALocalSource() = DataFlow::globalVarRef(name) +} + +module ConfigArg implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node = getACall("source") } + + predicate isSink(DataFlow::Node node) { node = getACall("sink").getAnArgument() } + + predicate isBarrier(DataFlow::Node node) { + node.(DataFlow::InvokeNode).getCalleeName().matches("sanitizer_%") or + node = DataFlow::MakeBarrierGuard::getABarrierNode() + } +} + +module Configuration = DataFlow::Global; + +class BasicBarrierGuard extends DataFlow::CallNode { + BasicBarrierGuard() { this = getACall("isSafe") } + + predicate blocksExpr(boolean outcome, Expr e) { + outcome = true and e = this.getArgument(0).asExpr() + } +} + +class ConsistencyConfig extends ConsistencyConfiguration { + ConsistencyConfig() { this = "ConsistencyConfig" } + + override DataFlow::Node getAnAlert() { Configuration::flow(_, result) } +} diff --git a/javascript/ql/test/library-tests/FlowSummary/tst.js b/javascript/ql/test/library-tests/FlowSummary/tst.js new file mode 100644 index 000000000000..aea6cf4f6fa1 --- /dev/null +++ b/javascript/ql/test/library-tests/FlowSummary/tst.js @@ -0,0 +1,270 @@ +function m1() { + const flowThrough = mkSummary("Argument[0]", "ReturnValue"); + sink(flowThrough(source())); // NOT OK + sink(flowThrough(source() + "x")); // OK - we are not tracking taint in this test + sink(flowThrough("x")); // OK +} + +function m2() { + const flowIntoProp = mkSummary("Argument[0]", "ReturnValue.Member[prop]"); + sink(flowIntoProp(source()).prop); // NOT OK + sink(flowIntoProp(source()).prop2); // OK + sink(flowIntoProp(source())); // OK +} + +function m3() { + const flowOutOfProp = mkSummary("Argument[0].Member[prop]", "ReturnValue"); + sink(flowOutOfProp({ prop: source() })); // NOT OK + sink(flowOutOfProp({ prop2: source() })); // OK + sink(flowOutOfProp(source())); // OK + + const obj = {}; + obj.prop = source(); + sink(flowOutOfProp(obj)); // NOT OK + sink(obj); // OK + sink(obj.prop); // NOT OK +} + +function m4() { + const flowIntoArrayElement = mkSummary("Argument[0]", "ReturnValue.ArrayElement"); + sink(flowIntoArrayElement(source()).pop()); // NOT OK + sink(flowIntoArrayElement(source())[0]); // NOT OK [INCONSISTENCY] + sink(flowIntoArrayElement(source())[Math.random()]); // NOT OK + sink(flowIntoArrayElement(source()).prop); // OK +} + +function m5() { + const flowOutOfInnerCallback = mkSummary("Argument[0].Parameter[0].Argument[0]", "ReturnValue"); + sink(flowOutOfInnerCallback(cb => { cb(source()); })); // NOT OK [INCONSISTENCY] +} + +async function m6() { + const flowOutOfPromise = mkSummary("Argument[0].Awaited", "ReturnValue"); + const flowIntoPromise = mkSummary("Argument[0]", "ReturnValue.Awaited"); + + sink(flowOutOfPromise(flowIntoPromise(source()))); // NOT OK (although the synchronous flow is technically not possible) + + let data = { prop: source() }; + sink(flowOutOfPromise(flowIntoPromise(data)).prop); // NOT OK + sink(flowOutOfPromise(flowIntoPromise(flowIntoPromise(data))).prop); // NOT OK + sink(flowOutOfPromise(flowOutOfPromise(flowIntoPromise(data))).prop); // NOT OK + sink(flowOutOfPromise(data).prop); // NOT OK - because Awaited allows pass-through of a non-promise value + sink(flowIntoPromise(data).prop); // OK - promise object does not have the 'prop' property + + sink(flowOutOfPromise(Promise.resolve(source()))); // NOT OK + sink(flowOutOfPromise(Promise.resolve("safe").then(x => source()))); // NOT OK + sink(flowOutOfPromise(Promise.resolve("safe").then(x => "safe"))); // OK + sink(flowOutOfPromise(Promise.resolve(source()).then(x => "safe"))); // OK + + sink(flowOutOfPromise(Promise.reject(source()))); // OK + sink(flowOutOfPromise(Promise.reject(source()).then(x => "safe", y => y))); // NOT OK + sink(flowOutOfPromise(Promise.reject(source()).then(x => x, y => "safe"))); // OK + sink(flowOutOfPromise(Promise.reject("safe").then(x => x, y => y))); // OK + + sink(flowOutOfPromise(Promise.reject(source()))); // OK + sink(flowOutOfPromise(Promise.reject(source()).catch(err => err))); // NOT OK + sink(flowOutOfPromise(Promise.reject(source()).catch(err => "safe"))); // OK + sink(flowOutOfPromise(Promise.reject("safe").catch(err => err))); // OK + + sink(flowOutOfPromise(Promise.reject(source()).then(x => "safe").catch(err => err))); // NOT OK + + sink(flowOutOfPromise(Promise.reject(source()).finally(() => "safe").catch(err => err))); // NOT OK + sink(flowOutOfPromise(Promise.resolve(source()).finally(() => "safe").then(err => err))); // NOT OK + sink(flowOutOfPromise(Promise.reject("safe").finally(() => { throw source() }).catch(err => err))); // NOT OK + + Promise.resolve("safe") + .then(x => { throw source(); }) + .catch(err => { + sink(err); // NOT OK + }); + + Promise.resolve("safe") + .then(x => { throw source(); }) + .then(x => "safe") + .catch(err => { + sink(err); // NOT OK + }); + + sink(await flowIntoPromise(source())); // NOT OK + flowIntoPromise(source()).then(value => sink(value)); // NOT OK + sink(await flowIntoPromise(flowIntoPromise(source()))); // NOT OK + + async function makePromise() { + return source(); + } + sink(flowOutOfPromise(makePromise())); // NOT OK + + let taintedPromise = new Promise((resolve, reject) => resolve(source())); + sink(flowOutOfPromise(taintedPromise)); // NOT OK + + new Promise((resolve, reject) => resolve(source())).then(x => sink(x)); // NOT OK + new Promise((resolve, reject) => resolve(source())).catch(err => sink(err)); // OK + new Promise((resolve, reject) => reject(source())).then(x => sink(x)); // OK + new Promise((resolve, reject) => reject(source())).catch(err => sink(err)); // NOT OK + + Promise.all([ + flowIntoPromise(source()), + source(), + "safe" + ]).then(([x1, x2, x3]) => { + sink(x1); // NOT OK + sink(x2); // NOT OK + sink(x3); // OK + }); +} + +function m8() { + const flowOutOfCallback = mkSummary("Argument[0].ReturnValue", "ReturnValue"); + + sink(flowOutOfCallback(() => source())); // NOT OK + sink(flowOutOfCallback((source))); // OK + + function sourceCallback() { + return source(); + } + sink(flowOutOfCallback(sourceCallback)); // NOT OK +} + +function m9() { + const flowIntoCallback = mkSummary("Argument[0]", "Argument[1].Parameter[0]"); + + sink(flowIntoCallback(source(), x => sink(x))); // NOT OK + sink(flowIntoCallback("safe", x => sink(x))); // OK + sink(flowIntoCallback(source(), x => ignore(x))); // OK + sink(flowIntoCallback("safe", x => ignore(x))); // OK +} + +function m10() { + const flowThroughCallback = mkSummary([ + ["Argument[0]", "Argument[1].Parameter[0]"], + ["Argument[1].ReturnValue", "ReturnValue"] + ]); + + sink(flowThroughCallback(source(), x => x)); // NOT OK + sink(flowThroughCallback(source(), x => "safe")); // OK + sink(flowThroughCallback("safe", x => x)); // OK + sink(flowThroughCallback("safe", x => "safe")); // OK +} + +function m11() { + const flowFromSideEffectOnParameter = mkSummary("Argument[0].Parameter[0].Member[prop]", "ReturnValue"); + + let data = flowFromSideEffectOnParameter(param => { + param.prop = source(); + }); + sink(data); // NOT OK + + function manullyWritten(param) { + param.prop = source(); + } + let obj = {}; + manullyWritten(obj); + sink(obj.prop); // NOT OK +} + +async function m13() { + async function testStoreBack(x) { + (await x).prop = source(); + } + const obj = {}; + const promise = Promise.resolve(obj); + testStoreBack(promise); + sink(obj.prop); // NOT OK [INCONSISTENCY] + sink(promise.prop); // OK [INCONSISTENCY] + sink((await promise).prop); // NOT OK + + const obj2 = {}; + testStoreBack(obj2); + sink(obj2.prop);; // NOT OK +} + +function m14() { + const flowOutOfAnyArgument = mkSummary("Argument[0..]", "ReturnValue"); + sink(flowOutOfAnyArgument(source())); // NOT OK + sink(flowOutOfAnyArgument(source(), "safe", "safe")); // NOT OK + sink(flowOutOfAnyArgument("safe", source(), "safe")); // NOT OK + sink(flowOutOfAnyArgument("safe", "safe", source())); // NOT OK + sink(flowOutOfAnyArgument("safe", "safe", "safe")); // OK + + const flowOutOfAnyArgumentExceptFirst = mkSummary("Argument[1..]", "ReturnValue"); + sink(flowOutOfAnyArgumentExceptFirst(source())); // OK + sink(flowOutOfAnyArgumentExceptFirst(source(), "safe", "safe")); // OK + sink(flowOutOfAnyArgumentExceptFirst("safe", source(), "safe")); // NOT OK + sink(flowOutOfAnyArgumentExceptFirst("safe", "safe", source())); // NOT OK + sink(flowOutOfAnyArgumentExceptFirst("safe", "safe", "safe")); // OK + + const flowIntoAnyParameter = mkSummary("Argument[0]", "Argument[1].Parameter[0..]"); + flowIntoAnyParameter(source(), (x1, x2, x3) => sink(x1)); // NOT OK + flowIntoAnyParameter(source(), (x1, x2, x3) => sink(x2)); // NOT OK + flowIntoAnyParameter(source(), (x1, x2, x3) => sink(x3)); // NOT OK + + const flowIntoAnyParameterExceptFirst = mkSummary("Argument[0]", "Argument[1].Parameter[1..]"); + flowIntoAnyParameterExceptFirst(source(), (x1, x2, x3) => sink(x1)); // OK + flowIntoAnyParameterExceptFirst(source(), (x1, x2, x3) => sink(x2)); // NOT OK + flowIntoAnyParameterExceptFirst(source(), (x1, x2, x3) => sink(x3)); // NOT OK +} + +function m15() { + const array = []; + array.push("safe", "safe", source()); + sink(array.pop()); // NOT OK + + const array2 = []; + array2.push(source()); + array2.push("safe"); + array2.push("safe"); + array2.forEach(x => sink(x)); // NOT OK + + const array3 = []; + array3.push(...[source()]); + array3.forEach(x => sink(x)); // NOT OK + + const array4 = [source()]; + array4 = Array.prototype.slice.call(array4); + sink(array4.pop()); // NOT OK + + [source()].forEach((value, index, array) => { sink(array.pop()) }); // NOT OK + const array5 = [source()]; + array5.forEach((value, index, array) => { sink(array.pop()) }); // NOT OK + ["safe"].forEach((value, index, array) => { sink(array.pop()) }); // OK +} + +function m16() { + const array0 = [source(), 'safe', 'safe']; + sink(array0[0]); // NOT OK + sink(array0[1]); // OK + sink(array0[2]); // OK + + const array1 = ['safe', source(), 'safe']; + sink(array1[0]); // OK + sink(array1[1]); // NOT OK + sink(array1[2]); // OK + + const array2 = ['safe', 'safe', source()]; + sink(array2[0]); // OK + sink(array2[1]); // OK + sink(array2[2]); // NOT OK +} + +function m17() { + const map = new Map(); + map.set('foo', source()); + map.set('bar', 'safe'); + + sink(map.get('foo')); // NOT OK + sink(map.get('bar')); // OK + sink(map.get(getUnkown())); // NOT OK + + const map2 = new Map(); + map2.set(getUnkown(), source()); + sink(map2.get('foo')); // NOT OK + sink(map2.get('bar')); // NOT OK + sink(map2.get(getUnkown())); // NOT OK + + const map3 = new Map(); + map3.set('foo', source()); + map3.forEach(value => sink(value)); // NOT OK + for (let [key, value] of map3) { + sink(value); // NOT OK + } +} diff --git a/javascript/ql/test/library-tests/Generators/DataFlow.expected b/javascript/ql/test/library-tests/Generators/DataFlow.expected index e69de29bb2d1..0b23f47de268 100644 --- a/javascript/ql/test/library-tests/Generators/DataFlow.expected +++ b/javascript/ql/test/library-tests/Generators/DataFlow.expected @@ -0,0 +1,5 @@ +legacyDataFlowDifference +| generators.js:2:16:2:23 | "source" | generators.js:37:10:37:10 | e | only flow with OLD data flow library | +| generators.js:2:16:2:23 | "source" | generators.js:46:10:46:10 | e | only flow with NEW data flow library | +| generators.js:2:16:2:23 | "source" | generators.js:51:10:51:10 | e | only flow with NEW data flow library | +consistencyIssue diff --git a/javascript/ql/test/library-tests/Generators/DataFlow.ql b/javascript/ql/test/library-tests/Generators/DataFlow.ql index 023c60ff8533..f613ed62f3b3 100644 --- a/javascript/ql/test/library-tests/Generators/DataFlow.ql +++ b/javascript/ql/test/library-tests/Generators/DataFlow.ql @@ -1,12 +1,28 @@ import javascript import testUtilities.ConsistencyChecking -class GeneratorFlowConfig extends DataFlow::Configuration { - GeneratorFlowConfig() { this = "GeneratorFlowConfig" } +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.asExpr().getStringValue() = "source" } - override predicate isSource(DataFlow::Node source) { source.asExpr().getStringValue() = "source" } - - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { sink = any(DataFlow::CallNode call | call.getCalleeName() = "sink").getAnArgument() } } + +module TestFlow = DataFlow::Global; + +class LegacyConfig extends DataFlow::Configuration { + LegacyConfig() { this = "GeneratorFlowConfig" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } +} + +import testUtilities.LegacyDataFlowDiff::DataFlowDiff + +class Consistency extends ConsistencyConfiguration { + Consistency() { this = "Consistency" } + + override DataFlow::Node getAnAlert() { TestFlow::flowTo(result) } +} diff --git a/javascript/ql/test/library-tests/Generators/generators.js b/javascript/ql/test/library-tests/Generators/generators.js index 89d5be345dcb..dc602f152648 100644 --- a/javascript/ql/test/library-tests/Generators/generators.js +++ b/javascript/ql/test/library-tests/Generators/generators.js @@ -31,6 +31,26 @@ sink(e); // NOT OK } + try { + gen4(); + } catch (e) { + sink(e); // OK - exception is only thrown upon iteration + } + + const iterator = gen4(); + try { + for (let v of iterator) { + sink(v); // OK + } + } catch (e) { + sink(e); // NOT OK + } + try { + Array.from(iterator); + } catch (e) { + sink(e); // NOT OK + } + function *delegating() { yield* delegate(); } diff --git a/javascript/ql/test/library-tests/InterProceduralFlow/DataFlowConfig.qll b/javascript/ql/test/library-tests/InterProceduralFlow/DataFlowConfig.qll index 12edfc8b713d..f47fd78c159d 100644 --- a/javascript/ql/test/library-tests/InterProceduralFlow/DataFlowConfig.qll +++ b/javascript/ql/test/library-tests/InterProceduralFlow/DataFlowConfig.qll @@ -1,23 +1,21 @@ import javascript -class TestDataFlowConfiguration extends DataFlow::Configuration { - TestDataFlowConfiguration() { this = "TestDataFlowConfiguration" } - - override predicate isSource(DataFlow::Node src) { +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node src) { exists(VariableDeclarator vd | vd.getBindingPattern().(VarDecl).getName().matches("%source%") and src.asExpr() = vd.getInit() ) } - override predicate isSink(DataFlow::Node snk) { + predicate isSink(DataFlow::Node snk) { exists(VariableDeclarator vd | vd.getBindingPattern().(VarDecl).getName().matches("%sink%") and snk.asExpr() = vd.getInit() ) } - override predicate isBarrier(DataFlow::Node node) { + predicate isBarrier(DataFlow::Node node) { exists(Function f | f.getName().matches("%noReturnTracking%") and node = f.getAReturnedExpr().flow() @@ -26,3 +24,5 @@ class TestDataFlowConfiguration extends DataFlow::Configuration { node.asExpr().(PropAccess).getPropertyName() = "notTracked" } } + +module TestFlow = DataFlow::Global; diff --git a/javascript/ql/test/library-tests/InterProceduralFlow/async.js b/javascript/ql/test/library-tests/InterProceduralFlow/async.js index f91cda9cea85..21b9cb4852e7 100644 --- a/javascript/ql/test/library-tests/InterProceduralFlow/async.js +++ b/javascript/ql/test/library-tests/InterProceduralFlow/async.js @@ -11,7 +11,7 @@ return source; } let sink3 = sync(); // NOT OK - let sink4 = await sync(); // OK + let sink4 = await sync(); // NOT OK async function throwsAsync() { throw source; @@ -64,7 +64,7 @@ return x.x; } - var sink8 = unpack(pack(source)); // OK + var sink8 = unpack(pack(source)); // OK let sink9 = unpack(await (pack(source))); // NOT OK - but not found } })(); @@ -75,19 +75,19 @@ async function props() { p: x }; } - + let source = "source"; let sink = (await (foo(source))).p; // NOT OK - this requires the immidiatly awaited storeStep. let sink2 = foo("not a source").p; - + async function getP(base) { return base.p; } - + async function getQ(base) { return base.q; } - + let o3 = { p: source }; let sink6 = await (getP(o3)); // NOT OK - this requires the immidiatly awaited loadStep let sink7 = await (getQ(o3)); diff --git a/javascript/ql/test/library-tests/InterProceduralFlow/global.js b/javascript/ql/test/library-tests/InterProceduralFlow/global.js index a7132f1dcb59..99badab76b83 100644 --- a/javascript/ql/test/library-tests/InterProceduralFlow/global.js +++ b/javascript/ql/test/library-tests/InterProceduralFlow/global.js @@ -9,11 +9,11 @@ function g(x) { let sink1 = g(source1); let sink2 = g(source2); -document.location = source1; // should not flow to `global2.js` in spite of assignment +document.someProp = source1; // should not flow to `global2.js` in spite of assignment // `document = {}` in `fake-document.js` -window.location = source1; +window.someProp = source1; let win = window; -let sink3 = window.location; -let sink4 = win.location; -let sink5 = location; +let sink3 = window.someProp; +let sink4 = win.someProp; +let sink5 = someProp; diff --git a/javascript/ql/test/library-tests/InterProceduralFlow/global2.js b/javascript/ql/test/library-tests/InterProceduralFlow/global2.js index 258b79a7df9b..004a4ce50bb0 100644 --- a/javascript/ql/test/library-tests/InterProceduralFlow/global2.js +++ b/javascript/ql/test/library-tests/InterProceduralFlow/global2.js @@ -1,2 +1,2 @@ let remote_sink = source1; -let other_remote_sink = document.location; +let other_remote_sink = document.someProp; diff --git a/javascript/ql/test/library-tests/InterProceduralFlow/properties2.js b/javascript/ql/test/library-tests/InterProceduralFlow/properties2.js index 9f1b0c9ba070..83f0b701d10f 100644 --- a/javascript/ql/test/library-tests/InterProceduralFlow/properties2.js +++ b/javascript/ql/test/library-tests/InterProceduralFlow/properties2.js @@ -14,7 +14,7 @@ function setP(base, rhs) { var o = {}; setP(o, source); -var sink3 = o.p; // flow from `source` not yet detected +var sink3 = o.p; var sink4 = o.q; var o2 = {}; diff --git a/javascript/ql/test/library-tests/InterProceduralFlow/tests.expected b/javascript/ql/test/library-tests/InterProceduralFlow/tests.expected index 2088e2c1ca26..aab7951f4804 100644 --- a/javascript/ql/test/library-tests/InterProceduralFlow/tests.expected +++ b/javascript/ql/test/library-tests/InterProceduralFlow/tests.expected @@ -4,6 +4,7 @@ dataFlow | a.js:2:15:2:28 | "also tainted" | b.js:5:13:5:29 | notTaintedTrustMe | | async.js:2:16:2:23 | "source" | async.js:8:15:8:27 | await async() | | async.js:2:16:2:23 | "source" | async.js:13:15:13:20 | sync() | +| async.js:2:16:2:23 | "source" | async.js:14:15:14:26 | await sync() | | async.js:2:16:2:23 | "source" | async.js:27:17:27:17 | e | | async.js:2:16:2:23 | "source" | async.js:36:17:36:17 | e | | async.js:2:16:2:23 | "source" | async.js:41:17:41:17 | e | @@ -23,7 +24,6 @@ dataFlow | esLib.js:3:21:3:29 | "tainted" | esClient.js:11:13:11:17 | esFoo | | esLib.js:3:21:3:29 | "tainted" | nodeJsClient.js:5:13:5:21 | es.source | | global.js:1:15:1:24 | "tainted1" | global.js:9:13:9:22 | g(source1) | -| global.js:1:15:1:24 | "tainted1" | global.js:17:13:17:27 | window.location | | global.js:2:15:2:24 | "tainted2" | global.js:10:13:10:22 | g(source2) | | global.js:5:22:5:35 | "also tainted" | global.js:9:13:9:22 | g(source1) | | global.js:5:22:5:35 | "also tainted" | global.js:10:13:10:22 | g(source2) | @@ -55,11 +55,12 @@ dataFlow | promises.js:12:22:12:31 | "rejected" | promises.js:24:20:24:20 | v | | promises.js:32:24:32:37 | "also tainted" | promises.js:38:32:38:32 | v | | properties2.js:7:14:7:21 | "source" | properties2.js:8:12:8:24 | foo(source).p | +| properties2.js:7:14:7:21 | "source" | properties2.js:17:13:17:15 | o.p | | properties2.js:7:14:7:21 | "source" | properties2.js:33:13:33:20 | getP(o3) | +| properties2.js:7:14:7:21 | "source" | properties2.js:38:13:38:20 | getP(o4) | | properties.js:2:16:2:24 | "tainted" | properties.js:5:14:5:23 | a.someProp | | properties.js:2:16:2:24 | "tainted" | properties.js:12:15:12:24 | x.someProp | | properties.js:2:16:2:24 | "tainted" | properties.js:14:15:14:27 | tmp1.someProp | -| properties.js:18:26:18:42 | "tainted as well" | properties.js:20:24:20:33 | window.foo | | tst2.js:2:17:2:26 | "tainted1" | tst2.js:10:15:10:24 | g(source1) | | tst2.js:3:17:3:26 | "tainted2" | tst2.js:11:15:11:24 | g(source2) | | tst2.js:6:24:6:37 | "also tainted" | tst2.js:10:15:10:24 | g(source1) | @@ -105,7 +106,6 @@ taintTracking | esLib.js:3:21:3:29 | "tainted" | esClient.js:11:13:11:17 | esFoo | | esLib.js:3:21:3:29 | "tainted" | nodeJsClient.js:5:13:5:21 | es.source | | global.js:1:15:1:24 | "tainted1" | global.js:9:13:9:22 | g(source1) | -| global.js:1:15:1:24 | "tainted1" | global.js:17:13:17:27 | window.location | | global.js:2:15:2:24 | "tainted2" | global.js:10:13:10:22 | g(source2) | | global.js:5:22:5:35 | "also tainted" | global.js:9:13:9:22 | g(source1) | | global.js:5:22:5:35 | "also tainted" | global.js:10:13:10:22 | g(source2) | @@ -140,11 +140,12 @@ taintTracking | promises.js:12:22:12:31 | "rejected" | promises.js:24:20:24:20 | v | | promises.js:32:24:32:37 | "also tainted" | promises.js:38:32:38:32 | v | | properties2.js:7:14:7:21 | "source" | properties2.js:8:12:8:24 | foo(source).p | +| properties2.js:7:14:7:21 | "source" | properties2.js:17:13:17:15 | o.p | | properties2.js:7:14:7:21 | "source" | properties2.js:33:13:33:20 | getP(o3) | +| properties2.js:7:14:7:21 | "source" | properties2.js:38:13:38:20 | getP(o4) | | properties.js:2:16:2:24 | "tainted" | properties.js:5:14:5:23 | a.someProp | | properties.js:2:16:2:24 | "tainted" | properties.js:12:15:12:24 | x.someProp | | properties.js:2:16:2:24 | "tainted" | properties.js:14:15:14:27 | tmp1.someProp | -| properties.js:18:26:18:42 | "tainted as well" | properties.js:20:24:20:33 | window.foo | | tst2.js:2:17:2:26 | "tainted1" | tst2.js:10:15:10:24 | g(source1) | | tst2.js:3:17:3:26 | "tainted2" | tst2.js:11:15:11:24 | g(source2) | | tst2.js:6:24:6:37 | "also tainted" | tst2.js:10:15:10:24 | g(source1) | @@ -191,6 +192,7 @@ germanFlow | a.js:2:15:2:28 | "also tainted" | b.js:5:13:5:29 | notTaintedTrustMe | | async.js:2:16:2:23 | "source" | async.js:8:15:8:27 | await async() | | async.js:2:16:2:23 | "source" | async.js:13:15:13:20 | sync() | +| async.js:2:16:2:23 | "source" | async.js:14:15:14:26 | await sync() | | async.js:2:16:2:23 | "source" | async.js:27:17:27:17 | e | | async.js:2:16:2:23 | "source" | async.js:36:17:36:17 | e | | async.js:2:16:2:23 | "source" | async.js:41:17:41:17 | e | @@ -211,7 +213,6 @@ germanFlow | esLib.js:3:21:3:29 | "tainted" | esClient.js:11:13:11:17 | esFoo | | esLib.js:3:21:3:29 | "tainted" | nodeJsClient.js:5:13:5:21 | es.source | | global.js:1:15:1:24 | "tainted1" | global.js:9:13:9:22 | g(source1) | -| global.js:1:15:1:24 | "tainted1" | global.js:17:13:17:27 | window.location | | global.js:2:15:2:24 | "tainted2" | global.js:10:13:10:22 | g(source2) | | global.js:5:22:5:35 | "also tainted" | global.js:9:13:9:22 | g(source1) | | global.js:5:22:5:35 | "also tainted" | global.js:10:13:10:22 | g(source2) | @@ -243,11 +244,12 @@ germanFlow | promises.js:12:22:12:31 | "rejected" | promises.js:24:20:24:20 | v | | promises.js:32:24:32:37 | "also tainted" | promises.js:38:32:38:32 | v | | properties2.js:7:14:7:21 | "source" | properties2.js:8:12:8:24 | foo(source).p | +| properties2.js:7:14:7:21 | "source" | properties2.js:17:13:17:15 | o.p | | properties2.js:7:14:7:21 | "source" | properties2.js:33:13:33:20 | getP(o3) | +| properties2.js:7:14:7:21 | "source" | properties2.js:38:13:38:20 | getP(o4) | | properties.js:2:16:2:24 | "tainted" | properties.js:5:14:5:23 | a.someProp | | properties.js:2:16:2:24 | "tainted" | properties.js:12:15:12:24 | x.someProp | | properties.js:2:16:2:24 | "tainted" | properties.js:14:15:14:27 | tmp1.someProp | -| properties.js:18:26:18:42 | "tainted as well" | properties.js:20:24:20:33 | window.foo | | tst2.js:2:17:2:26 | "tainted1" | tst2.js:10:15:10:24 | g(source1) | | tst2.js:3:17:3:26 | "tainted2" | tst2.js:11:15:11:24 | g(source2) | | tst2.js:6:24:6:37 | "also tainted" | tst2.js:10:15:10:24 | g(source1) | diff --git a/javascript/ql/test/library-tests/InterProceduralFlow/tests.ql b/javascript/ql/test/library-tests/InterProceduralFlow/tests.ql index a490c4c9146f..e20ec8ff6d4e 100644 --- a/javascript/ql/test/library-tests/InterProceduralFlow/tests.ql +++ b/javascript/ql/test/library-tests/InterProceduralFlow/tests.ql @@ -1,8 +1,7 @@ +import javascript import DataFlowConfig -query predicate dataFlow(DataFlow::Node src, DataFlow::Node snk) { - exists(TestDataFlowConfiguration tttc | tttc.hasFlow(src, snk)) -} +query predicate dataFlow(DataFlow::Node src, DataFlow::Node snk) { TestFlow::flow(src, snk) } class Parity extends DataFlow::FlowLabel { Parity() { this = "even" or this = "odd" } @@ -10,21 +9,21 @@ class Parity extends DataFlow::FlowLabel { Parity flip() { result != this } } -class FLowLabelConfig extends DataFlow::Configuration { - FLowLabelConfig() { this = "FLowLabelConfig" } +module FlowLabelConfig implements DataFlow::StateConfigSig { + class FlowState = DataFlow::FlowLabel; - override predicate isSource(DataFlow::Node nd, DataFlow::FlowLabel lbl) { + predicate isSource(DataFlow::Node nd, DataFlow::FlowLabel lbl) { nd.(DataFlow::CallNode).getCalleeName() = "source" and lbl = "even" } - override predicate isSink(DataFlow::Node nd, DataFlow::FlowLabel lbl) { + predicate isSink(DataFlow::Node nd, DataFlow::FlowLabel lbl) { nd = any(DataFlow::CallNode c | c.getCalleeName() = "sink").getAnArgument() and lbl = "even" } - override predicate isAdditionalFlowStep( - DataFlow::Node pred, DataFlow::Node succ, DataFlow::FlowLabel predLabel, + predicate isAdditionalFlowStep( + DataFlow::Node pred, DataFlow::FlowLabel predLabel, DataFlow::Node succ, DataFlow::FlowLabel succLabel ) { exists(DataFlow::CallNode c | c = succ | @@ -35,28 +34,28 @@ class FLowLabelConfig extends DataFlow::Configuration { } } -query predicate flowLabels(DataFlow::PathNode source, DataFlow::PathNode sink) { - exists(FLowLabelConfig cfg | cfg.hasFlowPath(source, sink)) -} +module FlowLabelFlow = DataFlow::GlobalWithState; -class TestTaintTrackingConfiguration extends TaintTracking::Configuration { - TestTaintTrackingConfiguration() { this = "TestTaintTrackingConfiguration" } +query predicate flowLabels(FlowLabelFlow::PathNode source, FlowLabelFlow::PathNode sink) { + FlowLabelFlow::flowPath(source, sink) +} - override predicate isSource(DataFlow::Node src) { +module TaintConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node src) { exists(VariableDeclarator vd | vd.getBindingPattern().(VarDecl).getName().matches("%source%") and src.asExpr() = vd.getInit() ) } - override predicate isSink(DataFlow::Node snk) { + predicate isSink(DataFlow::Node snk) { exists(VariableDeclarator vd | vd.getBindingPattern().(VarDecl).getName().matches("%sink%") and snk.asExpr() = vd.getInit() ) } - override predicate isSanitizer(DataFlow::Node node) { + predicate isBarrier(DataFlow::Node node) { exists(Function f | f.getName().matches("%noReturnTracking%") and node = f.getAReturnedExpr().flow() @@ -66,14 +65,12 @@ class TestTaintTrackingConfiguration extends TaintTracking::Configuration { } } -query predicate taintTracking(DataFlow::Node src, DataFlow::Node snk) { - exists(TestTaintTrackingConfiguration tttc | tttc.hasFlow(src, snk)) -} +module TaintFlow = TaintTracking::Global; -class GermanFlowConfig extends DataFlow::Configuration { - GermanFlowConfig() { this = "GermanFlowConfig" } +query predicate taintTracking(DataFlow::Node src, DataFlow::Node snk) { TaintFlow::flow(src, snk) } - override predicate isSource(DataFlow::Node src) { +module GermanConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node src) { exists(VariableDeclarator vd | vd.getBindingPattern().(VarDecl).getName().matches("%source%") and src.asExpr() = vd.getInit() @@ -82,7 +79,7 @@ class GermanFlowConfig extends DataFlow::Configuration { src.asExpr() = any(Variable v | v.getName() = "quelle").getAnAssignedExpr() } - override predicate isSink(DataFlow::Node snk) { + predicate isSink(DataFlow::Node snk) { exists(VariableDeclarator vd | vd.getBindingPattern().(VarDecl).getName().matches("%sink%") and snk.asExpr() = vd.getInit() @@ -91,7 +88,7 @@ class GermanFlowConfig extends DataFlow::Configuration { snk.asExpr() = any(Variable v | v.getName() = "abfluss").getAnAssignedExpr() } - override predicate isBarrier(DataFlow::Node node) { + predicate isBarrier(DataFlow::Node node) { exists(Function f | f.getName().matches("%noReturnTracking%") and node = f.getAReturnedExpr().flow() @@ -101,6 +98,6 @@ class GermanFlowConfig extends DataFlow::Configuration { } } -query predicate germanFlow(DataFlow::Node src, DataFlow::Node snk) { - exists(GermanFlowConfig tttc | tttc.hasFlow(src, snk)) -} +module GermanFlow = DataFlow::Global; + +query predicate germanFlow(DataFlow::Node src, DataFlow::Node snk) { GermanFlow::flow(src, snk) } diff --git a/javascript/ql/test/library-tests/LabelledBarrierGuards/LabelledBarrierGuards.expected b/javascript/ql/test/library-tests/LabelledBarrierGuards/LabelledBarrierGuards.expected index c4ce68baa8b9..4597c58babe3 100644 --- a/javascript/ql/test/library-tests/LabelledBarrierGuards/LabelledBarrierGuards.expected +++ b/javascript/ql/test/library-tests/LabelledBarrierGuards/LabelledBarrierGuards.expected @@ -1,3 +1,5 @@ +legacyDataFlowDifference +#select | tst.js:2:11:2:18 | source() | tst.js:8:12:8:12 | x | | tst.js:2:11:2:18 | source() | tst.js:12:12:12:12 | x | | tst.js:2:11:2:18 | source() | tst.js:14:12:14:12 | x | diff --git a/javascript/ql/test/library-tests/LabelledBarrierGuards/LabelledBarrierGuards.ql b/javascript/ql/test/library-tests/LabelledBarrierGuards/LabelledBarrierGuards.ql index 002fafb8c2bc..781db8026f32 100644 --- a/javascript/ql/test/library-tests/LabelledBarrierGuards/LabelledBarrierGuards.ql +++ b/javascript/ql/test/library-tests/LabelledBarrierGuards/LabelledBarrierGuards.ql @@ -4,15 +4,15 @@ class CustomFlowLabel extends DataFlow::FlowLabel { CustomFlowLabel() { this = "A" or this = "B" } } -class Config extends TaintTracking::Configuration { - Config() { this = "Config" } +module TestConfig implements DataFlow::StateConfigSig { + class FlowState = DataFlow::FlowLabel; - override predicate isSource(DataFlow::Node node, DataFlow::FlowLabel lbl) { + predicate isSource(DataFlow::Node node, DataFlow::FlowLabel lbl) { node.(DataFlow::CallNode).getCalleeName() = "source" and lbl instanceof CustomFlowLabel } - override predicate isSink(DataFlow::Node node, DataFlow::FlowLabel lbl) { + predicate isSink(DataFlow::Node node, DataFlow::FlowLabel lbl) { exists(DataFlow::CallNode call | call.getCalleeName() = "sink" and node = call.getAnArgument() and @@ -20,10 +20,32 @@ class Config extends TaintTracking::Configuration { ) } - override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode node) { + additional predicate isBarrierGuard(DataFlow::BarrierGuardNode node) { node instanceof IsTypeAGuard or node instanceof IsSanitizedGuard } + + predicate isBarrier(DataFlow::Node node, DataFlow::FlowLabel lbl) { + node = DataFlow::MakeLegacyBarrierGuardLabeled::getABarrierNode(lbl) + } +} + +module TestFlow = TaintTracking::GlobalWithState; + +class LegacyConfig extends TaintTracking::Configuration { + LegacyConfig() { this = "LegacyConfig" } + + override predicate isSource(DataFlow::Node node, DataFlow::FlowLabel lbl) { + TestConfig::isSource(node, lbl) + } + + override predicate isSink(DataFlow::Node node, DataFlow::FlowLabel lbl) { + TestConfig::isSink(node, lbl) + } + + override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode node) { + TestConfig::isBarrierGuard(node) + } } /** @@ -34,6 +56,10 @@ class IsTypeAGuard extends TaintTracking::LabeledSanitizerGuardNode, DataFlow::C IsTypeAGuard() { this.getCalleeName() = "isTypeA" } override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel lbl) { + this.blocksExpr(outcome, e, lbl) + } + + predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel lbl) { e = this.getArgument(0).asExpr() and ( outcome = true and lbl = "B" @@ -47,6 +73,10 @@ class IsSanitizedGuard extends TaintTracking::LabeledSanitizerGuardNode, DataFlo IsSanitizedGuard() { this.getCalleeName() = "sanitizeA" or this.getCalleeName() = "sanitizeB" } override predicate sanitizes(boolean outcome, Expr e, DataFlow::FlowLabel lbl) { + this.blocksExpr(outcome, e, lbl) + } + + predicate blocksExpr(boolean outcome, Expr e, DataFlow::FlowLabel lbl) { e = this.getArgument(0).asExpr() and outcome = true and ( @@ -57,6 +87,8 @@ class IsSanitizedGuard extends TaintTracking::LabeledSanitizerGuardNode, DataFlo } } -from Config cfg, DataFlow::Node source, DataFlow::Node sink -where cfg.hasFlow(source, sink) +import testUtilities.LegacyDataFlowDiff::DataFlowDiff + +from DataFlow::Node source, DataFlow::Node sink +where TestFlow::flow(source, sink) select source, sink diff --git a/javascript/ql/test/library-tests/Promises/flow.js b/javascript/ql/test/library-tests/Promises/flow.js index 81af660561a8..52c8f512a1f2 100644 --- a/javascript/ql/test/library-tests/Promises/flow.js +++ b/javascript/ql/test/library-tests/Promises/flow.js @@ -51,7 +51,7 @@ return Promise.resolve(src); } createPromise(source).then(v => sink(v)); // NOT OK! - + var p8 = new Promise((resolve, reject) => reject(source)); var p9 = p8.then(() => {}); var p10 = p9.finally(() => {}); @@ -65,31 +65,31 @@ await new Promise((resolve, reject) => reject(source)); } try { - throws(); + await throws(); } catch(e) { sink(e); // NOT OK! } - + function chainedPromise() { return new Promise((resolve, reject) => reject(source)).then(() => {}); } chainedPromise().then(() => {}).catch(e => sink(e)); // NOT OK! - + function leaksResolvedPromise(p) { p.then(x => sink(x)); // NOT OK! } leaksResolvedPromise(Promise.resolve(source)); - + function leaksRejectedPromise(p) { p.catch(e => sink(e)); // NOT OK! } leaksRejectedPromise(new Promise((resolve, reject) => reject(source))); - + function leaksRejectedAgain(p) { ("foo", p).then(() => {}).catch(e => sink(e)); // NOT OK! } leaksRejectedAgain(new Promise((resolve, reject) => reject(source)).then(() => {})); - + async function returnsRejected(p) { try { await p; @@ -99,48 +99,48 @@ } var foo = await returnsRejected(new Promise((resolve, reject) => reject(source))); sink(foo); // NOT OK! - + new Promise((resolve, reject) => reject("BLA")).catch(x => {return source}).then(x => sink(x)); // NOT OK - + new Promise((resolve, reject) => reject("BLA")).finally(x => {throw source}).catch(x => sink(x)); // NOT OK - + var rejected = new Promise((resolve, reject) => reject(source)); - + new Promise((resolve, reject) => reject("BLA")).finally(x => rejected).catch(x => sink(x)); // NOT OK - + new Promise((resolve, reject) => reject("BLA")).catch(x => rejected).then(x => sink(x)) // OK - + new Promise((resolve, reject) => reject("BLA")).catch(x => rejected).catch(x => sink(x)) // NOT OK - + var resolved = Promise.resolve(source); - + new Promise((resolve, reject) => reject("BLA")).catch(x => resolved).catch(x => sink(x)) // OK - + new Promise((resolve, reject) => reject("BLA")).catch(x => resolved).then(x => sink(x)) // NOT OK - + Promise.resolve(123).then(x => resolved).catch(x => sink(x)) // OK - + Promise.resolve(123).then(x => resolved).then(x => sink(x)) // NOT OK - + Promise.resolve(123).then(x => rejected).catch(x => sink(x)) // NOT OK - + Promise.resolve(123).then(x => rejected).then(x => sink(x)) // OK - + new Promise((resolve, reject) => resolve(resolved)).then(x => sink(x)); // NOT OK - + Promise.resolve(resolved).then(x => sink(x)); // NOT OK })(); (async function () { var source = "source"; - + async function async() { return source; } sink(async()); // OK - wrapped in a promise. (NOT OK for taint-tracking configs) sink(await async()); // NOT OK - + async function throwsAsync() { throw source; } @@ -165,4 +165,4 @@ const foo = bluebird.mapSeries(source, x => x); sink(foo); // NOT OK (for taint-tracking configs) -}) \ No newline at end of file +}) diff --git a/javascript/ql/test/library-tests/Promises/flow.qll b/javascript/ql/test/library-tests/Promises/flow.qll index 94c2af706749..90069773b45d 100644 --- a/javascript/ql/test/library-tests/Promises/flow.qll +++ b/javascript/ql/test/library-tests/Promises/flow.qll @@ -1,39 +1,60 @@ import javascript private import semmle.javascript.dataflow.internal.StepSummary +import testUtilities.LegacyDataFlowDiff -class Configuration extends DataFlow::Configuration { - Configuration() { this = "PromiseDataFlowFlowTestingConfig" } - - override predicate isSource(DataFlow::Node source) { +module ValueFlowConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.getEnclosingExpr().getStringValue() = "source" } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { any(DataFlow::InvokeNode call | call.getCalleeName() = "sink").getAnArgument() = sink } } -class TaintConfig extends TaintTracking::Configuration { - TaintConfig() { this = "PromiseTaintFlowTestingConfig" } +module ValueFlow = DataFlow::Global; - override predicate isSource(DataFlow::Node source) { +module TaintConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.getEnclosingExpr().getStringValue() = "source" } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { any(DataFlow::InvokeNode call | call.getCalleeName() = "sink").getAnArgument() = sink } } -query predicate flow(DataFlow::Node source, DataFlow::Node sink) { - any(Configuration c).hasFlow(source, sink) -} +module TaintFlow = TaintTracking::Global; + +query predicate flow(DataFlow::Node source, DataFlow::Node sink) { ValueFlow::flow(source, sink) } query predicate exclusiveTaintFlow(DataFlow::Node source, DataFlow::Node sink) { - not any(Configuration c).hasFlow(source, sink) and - any(TaintConfig c).hasFlow(source, sink) + not ValueFlow::flow(source, sink) and + TaintFlow::flow(source, sink) } query predicate typetrack(DataFlow::SourceNode succ, DataFlow::SourceNode pred, StepSummary summary) { succ = PromiseTypeTracking::promiseStep(pred, summary) } + +class LegacyValueConfig extends DataFlow::Configuration { + LegacyValueConfig() { this = "LegacyValueConfig" } + + override predicate isSource(DataFlow::Node source) { ValueFlowConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { ValueFlowConfig::isSink(sink) } +} + +query predicate valueFlowDifference = + DataFlowDiff::legacyDataFlowDifference/3; + +class LegacyTaintConfig extends TaintTracking::Configuration { + LegacyTaintConfig() { this = "LegacyTaintConfig" } + + override predicate isSource(DataFlow::Node source) { TaintConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TaintConfig::isSink(sink) } +} + +query predicate taintFlowDifference = + DataFlowDiff::legacyDataFlowDifference/3; diff --git a/javascript/ql/test/library-tests/Promises/flow2.js b/javascript/ql/test/library-tests/Promises/flow2.js index ccafb83fd3f5..87994bd8245b 100644 --- a/javascript/ql/test/library-tests/Promises/flow2.js +++ b/javascript/ql/test/library-tests/Promises/flow2.js @@ -17,11 +17,11 @@ var [clean3, tainted3] = await Promise.all(["clean", Promise.resolve(source)]); sink(clean3); // OK - sink(tainted3); // NOT OK - but only flagged by taint-tracking + sink(tainted3); // NOT OK var tainted4 = await Promise.race(["clean", Promise.resolve(source)]); - sink(tainted4); // NOT OK - but only flagged by taint-tracking + sink(tainted4); // NOT OK var tainted5 = await Promise.any(["clean", Promise.resolve(source)]); - sink(tainted5); // NOT OK - but only flagged by taint-tracking -}); \ No newline at end of file + sink(tainted5); // NOT OK +}); diff --git a/javascript/ql/test/library-tests/Promises/tests.expected b/javascript/ql/test/library-tests/Promises/tests.expected index 3bfe8570322c..1b0d54662816 100644 --- a/javascript/ql/test/library-tests/Promises/tests.expected +++ b/javascript/ql/test/library-tests/Promises/tests.expected @@ -237,6 +237,7 @@ flow | flow2.js:2:15:2:22 | "source" | flow2.js:6:8:6:13 | arr[0] | | flow2.js:2:15:2:22 | "source" | flow2.js:12:7:12:13 | tainted | | flow2.js:2:15:2:22 | "source" | flow2.js:16:7:16:14 | tainted2 | +| flow2.js:2:15:2:22 | "source" | flow2.js:20:7:20:14 | tainted3 | | flow2.js:2:15:2:22 | "source" | flow2.js:23:7:23:14 | tainted4 | | flow2.js:2:15:2:22 | "source" | flow2.js:26:7:26:14 | tainted5 | | flow.js:2:15:2:22 | "source" | flow.js:5:7:5:14 | await p1 | @@ -273,7 +274,6 @@ flow | flow.js:136:15:136:22 | "source" | flow.js:142:7:142:19 | await async() | | flow.js:136:15:136:22 | "source" | flow.js:155:9:155:9 | e | exclusiveTaintFlow -| flow2.js:2:15:2:22 | "source" | flow2.js:20:7:20:14 | tainted3 | | flow.js:136:15:136:22 | "source" | flow.js:141:7:141:13 | async() | | flow.js:160:15:160:22 | "source" | flow.js:164:39:164:39 | x | | flow.js:160:15:160:22 | "source" | flow.js:167:7:167:9 | foo | @@ -367,6 +367,7 @@ typetrack | flow.js:62:2:62:24 | p12.cat ... ink(x)) | flow.js:62:17:62:23 | sink(x) | copy $PromiseResolveField$ | | flow.js:62:2:62:24 | p12.cat ... ink(x)) | flow.js:62:17:62:23 | sink(x) | store $PromiseResolveField$ | | flow.js:65:3:65:56 | await n ... ource)) | flow.js:65:9:65:56 | new Pro ... ource)) | load $PromiseResolveField$ | +| flow.js:68:3:68:16 | await throws() | flow.js:68:9:68:16 | throws() | load $PromiseResolveField$ | | flow.js:76:2:76:52 | chained ... ink(e)) | flow.js:76:2:76:32 | chained ... => {}) | copy $PromiseResolveField$ | | flow.js:76:2:76:52 | chained ... ink(e)) | flow.js:76:45:76:51 | sink(e) | copy $PromiseResolveField$ | | flow.js:76:2:76:52 | chained ... ink(e)) | flow.js:76:45:76:51 | sink(e) | store $PromiseResolveField$ | @@ -462,3 +463,6 @@ typetrack | promises.js:143:17:143:50 | Synchro ... source) | promises.js:143:44:143:49 | source | store $PromiseResolveField$ | | promises.js:153:17:153:39 | Promise ... source) | promises.js:153:33:153:38 | source | copy $PromiseResolveField$ | | promises.js:153:17:153:39 | Promise ... source) | promises.js:153:33:153:38 | source | store $PromiseResolveField$ | +valueFlowDifference +| flow2.js:2:15:2:22 | "source" | flow2.js:20:7:20:14 | tainted3 | only flow with NEW data flow library | +taintFlowDifference diff --git a/javascript/ql/test/library-tests/Routing/test.expected b/javascript/ql/test/library-tests/Routing/test.expected index e69de29bb2d1..d65d51bc4177 100644 --- a/javascript/ql/test/library-tests/Routing/test.expected +++ b/javascript/ql/test/library-tests/Routing/test.expected @@ -0,0 +1,2 @@ +legacyDataFlowDifference +consistencyIssue diff --git a/javascript/ql/test/library-tests/Routing/test.ql b/javascript/ql/test/library-tests/Routing/test.ql index b427f710894a..6a97d040bb9b 100644 --- a/javascript/ql/test/library-tests/Routing/test.ql +++ b/javascript/ql/test/library-tests/Routing/test.ql @@ -3,18 +3,34 @@ import testUtilities.ConsistencyChecking API::Node testInstance() { result = API::moduleImport("@example/test").getInstance() } -class Taint extends TaintTracking::Configuration { - Taint() { this = "Taint" } - - override predicate isSource(DataFlow::Node node) { +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node.(DataFlow::CallNode).getCalleeName() = "source" or node = testInstance().getMember("getSource").getReturn().asSource() } - override predicate isSink(DataFlow::Node node) { + predicate isSink(DataFlow::Node node) { node = any(DataFlow::CallNode call | call.getCalleeName() = "sink").getAnArgument() or node = testInstance().getMember("getSink").getAParameter().asSink() } } + +module TestFlow = TaintTracking::Global; + +class Consistency extends ConsistencyConfiguration { + Consistency() { this = "Consistency" } + + override DataFlow::Node getAnAlert() { TestFlow::flowTo(result) } +} + +class LegacyConfig extends TaintTracking::Configuration { + LegacyConfig() { this = "LegacyConfig" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } +} + +import testUtilities.LegacyDataFlowDiff::DataFlowDiff diff --git a/javascript/ql/test/library-tests/Security/heuristics/HeuristicSource.expected b/javascript/ql/test/library-tests/Security/heuristics/HeuristicSource.expected index e69de29bb2d1..d65d51bc4177 100644 --- a/javascript/ql/test/library-tests/Security/heuristics/HeuristicSource.expected +++ b/javascript/ql/test/library-tests/Security/heuristics/HeuristicSource.expected @@ -0,0 +1,2 @@ +legacyDataFlowDifference +consistencyIssue diff --git a/javascript/ql/test/library-tests/Security/heuristics/HeuristicSource.ql b/javascript/ql/test/library-tests/Security/heuristics/HeuristicSource.ql index 72d94707e6bf..44258ecb6ffe 100644 --- a/javascript/ql/test/library-tests/Security/heuristics/HeuristicSource.ql +++ b/javascript/ql/test/library-tests/Security/heuristics/HeuristicSource.ql @@ -2,12 +2,28 @@ import javascript private import semmle.javascript.heuristics.AdditionalSources import testUtilities.ConsistencyChecking -class Taint extends TaintTracking::Configuration { - Taint() { this = "Taint" } +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node instanceof HeuristicSource } - override predicate isSource(DataFlow::Node node) { node instanceof HeuristicSource } - - override predicate isSink(DataFlow::Node node) { + predicate isSink(DataFlow::Node node) { node = any(DataFlow::CallNode call | call.getCalleeName() = "sink").getAnArgument() } } + +module TestFlow = TaintTracking::Global; + +class Consistency extends ConsistencyConfiguration { + Consistency() { this = "Consistency" } + + override DataFlow::Node getAnAlert() { TestFlow::flowTo(result) } +} + +class LegacyConfig extends TaintTracking::Configuration { + LegacyConfig() { this = "LegacyConfig" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } +} + +import testUtilities.LegacyDataFlowDiff::DataFlowDiff diff --git a/javascript/ql/test/library-tests/TaintBarriers/ExampleConfiguration.qll b/javascript/ql/test/library-tests/TaintBarriers/ExampleConfiguration.qll index 50ac0fbfd241..56217573da81 100644 --- a/javascript/ql/test/library-tests/TaintBarriers/ExampleConfiguration.qll +++ b/javascript/ql/test/library-tests/TaintBarriers/ExampleConfiguration.qll @@ -6,16 +6,14 @@ StringOps::ConcatenationRoot sinkConcatenation() { result.getConstantStringParts().matches("%") } -class ExampleConfiguration extends TaintTracking::Configuration { - ExampleConfiguration() { this = "ExampleConfiguration" } - - override predicate isSource(DataFlow::Node source) { +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.asExpr().(CallExpr).getCalleeName() = "SOURCE" or source = sourceVariable() } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { exists(CallExpr callExpr | callExpr.getCalleeName() = "SINK" and DataFlow::valueNode(callExpr.getArgument(0)) = sink @@ -24,19 +22,40 @@ class ExampleConfiguration extends TaintTracking::Configuration { sink = sinkConcatenation() } - override predicate isSanitizerIn(DataFlow::Node node) { node = sourceVariable() } + predicate isBarrierIn(DataFlow::Node node) { node = sourceVariable() } - override predicate isSanitizerOut(DataFlow::Node node) { node = sinkConcatenation() } + predicate isBarrierOut(DataFlow::Node node) { node = sinkConcatenation() } - override predicate isSanitizer(DataFlow::Node node) { + additional predicate isBarrier1(DataFlow::Node node) { exists(CallExpr callExpr | callExpr.getCalleeName() = "SANITIZE" and DataFlow::valueNode(callExpr.getArgument(0)) = node ) } + predicate isBarrier(DataFlow::Node node) { + isBarrier1(node) + or + node = TaintTracking::AdHocWhitelistCheckSanitizer::getABarrierNode() + } +} + +module TestFlow = TaintTracking::Global; + +class ExampleConfiguration extends TaintTracking::Configuration { + ExampleConfiguration() { this = "ExampleConfiguration" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } + + override predicate isSanitizerIn(DataFlow::Node node) { TestConfig::isBarrierIn(node) } + + override predicate isSanitizerOut(DataFlow::Node node) { TestConfig::isBarrierOut(node) } + + override predicate isSanitizer(DataFlow::Node node) { TestConfig::isBarrier1(node) } + override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode guard) { - // add additional generic sanitizers guard instanceof TaintTracking::AdHocWhitelistCheckSanitizer } } diff --git a/javascript/ql/test/library-tests/TaintBarriers/tests.expected b/javascript/ql/test/library-tests/TaintBarriers/tests.expected index 4417a918423c..32731bbcb7a7 100644 --- a/javascript/ql/test/library-tests/TaintBarriers/tests.expected +++ b/javascript/ql/test/library-tests/TaintBarriers/tests.expected @@ -1,3 +1,4 @@ +legacyDataFlowDifference isBarrier isLabeledBarrier | ExampleConfiguration | tst.js:6:14:6:14 | v | taint | diff --git a/javascript/ql/test/library-tests/TaintBarriers/tests.ql b/javascript/ql/test/library-tests/TaintBarriers/tests.ql index d63d67cf6b1e..0feeae23a64d 100644 --- a/javascript/ql/test/library-tests/TaintBarriers/tests.ql +++ b/javascript/ql/test/library-tests/TaintBarriers/tests.ql @@ -16,5 +16,7 @@ query predicate sanitizingGuard(TaintTracking::SanitizerGuardNode g, Expr e, boo } query predicate taintedSink(DataFlow::Node source, DataFlow::Node sink) { - exists(ExampleConfiguration cfg | cfg.hasFlow(source, sink)) + TestFlow::flow(source, sink) } + +import testUtilities.LegacyDataFlowDiff::DataFlowDiff diff --git a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected index 3856d2ae6899..91a7f3865166 100644 --- a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected +++ b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected @@ -1,17 +1,32 @@ -typeInferenceMismatch -| call-apply.js:27:14:27:21 | source() | call-apply.js:3:1:5:1 | 'arguments' object of function foo1 | -| call-apply.js:27:14:27:21 | source() | call-apply.js:7:1:9:1 | 'arguments' object of function foo2 | -| call-apply.js:27:14:27:21 | source() | call-apply.js:12:10:12:30 | reflective call | -| call-apply.js:27:14:27:21 | source() | call-apply.js:16:10:16:40 | reflective call | -| call-apply.js:27:14:27:21 | source() | call-apply.js:23:1:25:1 | 'arguments' object of function foo1_sink | -| call-apply.js:27:14:27:21 | source() | call-apply.js:29:6:29:32 | reflective call | -| call-apply.js:27:14:27:21 | source() | call-apply.js:32:6:32:35 | reflective call | -| call-apply.js:27:14:27:21 | source() | call-apply.js:33:6:33:35 | reflective call | -| call-apply.js:27:14:27:21 | source() | call-apply.js:64:3:66:3 | 'arguments' object of function sinkArguments1 | -| call-apply.js:27:14:27:21 | source() | call-apply.js:67:3:69:3 | 'arguments' object of function sinkArguments0 | -| call-apply.js:27:14:27:21 | source() | call-apply.js:71:3:74:3 | 'arguments' object of function fowardArguments | -| destruct.js:20:7:20:14 | source() | destruct.js:13:14:13:19 | [a, b] | -#select +legacyDataFlowDifference +| bound-function.js:27:8:27:15 | source() | bound-function.js:30:10:30:10 | y | only flow with OLD data flow library | +| call-apply.js:45:8:45:15 | source() | call-apply.js:55:6:55:13 | foo(obj) | only flow with NEW data flow library | +| callbacks.js:37:17:37:24 | source() | callbacks.js:38:35:38:35 | x | only flow with NEW data flow library | +| callbacks.js:37:17:37:24 | source() | callbacks.js:41:10:41:10 | x | only flow with NEW data flow library | +| callbacks.js:44:17:44:24 | source() | callbacks.js:37:37:37:37 | x | only flow with NEW data flow library | +| callbacks.js:44:17:44:24 | source() | callbacks.js:38:35:38:35 | x | only flow with NEW data flow library | +| capture-flow.js:89:13:89:20 | source() | capture-flow.js:89:6:89:21 | test3c(source()) | only flow with NEW data flow library | +| capture-flow.js:101:12:101:19 | source() | capture-flow.js:102:6:102:20 | test5("safe")() | only flow with OLD data flow library | +| capture-flow.js:274:33:274:40 | source() | capture-flow.js:272:10:272:17 | this.foo | only flow with OLD data flow library | +| capture-flow.js:274:33:274:40 | source() | capture-flow.js:274:6:274:45 | new Cap ... ()).foo | only flow with OLD data flow library | +| capture-flow.js:283:34:283:41 | source() | capture-flow.js:284:6:284:44 | new Cap ... e').foo | only flow with NEW data flow library | +| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:40:8:40:14 | e.taint | only flow with NEW data flow library | +| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:44:8:44:19 | f_safe.taint | only flow with NEW data flow library | +| constructor-calls.js:20:15:20:22 | source() | constructor-calls.js:39:8:39:14 | e.param | only flow with NEW data flow library | +| exceptions.js:53:14:53:21 | source() | exceptions.js:54:10:54:10 | e | only flow with NEW data flow library | +| getters-and-setters.js:53:21:53:28 | source() | getters-and-setters.js:53:10:53:30 | getX(ne ... rce())) | only flow with NEW data flow library | +| nested-props.js:14:15:14:22 | source() | nested-props.js:15:10:15:16 | obj.x.y | only flow with NEW data flow library | +| nested-props.js:27:18:27:25 | source() | nested-props.js:28:10:28:14 | obj.x | only flow with NEW data flow library | +| nested-props.js:51:22:51:29 | source() | nested-props.js:52:10:52:16 | obj.x.y | only flow with NEW data flow library | +| object-bypass-sanitizer.js:35:29:35:36 | source() | object-bypass-sanitizer.js:23:14:23:20 | obj.foo | only flow with OLD data flow library | +| object-bypass-sanitizer.js:35:29:35:36 | source() | object-bypass-sanitizer.js:28:10:28:30 | sanitiz ... bj).foo | only flow with OLD data flow library | +| promise.js:12:20:12:27 | source() | promise.js:13:8:13:23 | resolver.promise | only flow with OLD data flow library | +| sanitizer-guards.js:57:11:57:18 | source() | sanitizer-guards.js:64:8:64:8 | x | only flow with NEW data flow library | +consistencyIssue +| library-tests/TaintTracking/nested-props.js:20 | expected an alert, but found none | NOT OK - but not found | Consistency | +| library-tests/TaintTracking/stringification-read-steps.js:17 | expected an alert, but found none | NOT OK | Consistency | +| library-tests/TaintTracking/stringification-read-steps.js:25 | expected an alert, but found none | NOT OK | Consistency | +flow | access-path-sanitizer.js:2:18:2:25 | source() | access-path-sanitizer.js:4:8:4:12 | obj.x | | addexpr.js:4:10:4:17 | source() | addexpr.js:7:8:7:8 | x | | addexpr.js:11:15:11:22 | source() | addexpr.js:21:8:21:12 | value | @@ -46,22 +61,22 @@ typeInferenceMismatch | booleanOps.js:2:11:2:18 | source() | booleanOps.js:13:10:13:10 | x | | booleanOps.js:2:11:2:18 | source() | booleanOps.js:19:10:19:10 | x | | booleanOps.js:2:11:2:18 | source() | booleanOps.js:22:10:22:10 | x | -| bound-function.js:12:12:12:19 | source() | bound-function.js:4:10:4:10 | y | -| bound-function.js:14:6:14:13 | source() | bound-function.js:4:10:4:10 | y | -| bound-function.js:22:8:22:15 | source() | bound-function.js:25:10:25:10 | y | -| bound-function.js:45:10:45:17 | source() | bound-function.js:45:6:45:18 | id3(source()) | -| bound-function.js:49:12:49:19 | source() | bound-function.js:54:6:54:14 | source0() | -| bound-function.js:49:12:49:19 | source() | bound-function.js:55:6:55:14 | source1() | +| bound-function.js:17:21:17:28 | source() | bound-function.js:5:10:5:16 | y.test2 | +| bound-function.js:19:15:19:22 | source() | bound-function.js:6:10:6:16 | y.test3 | +| bound-function.js:50:10:50:17 | source() | bound-function.js:50:6:50:18 | id3(source()) | +| bound-function.js:54:12:54:19 | source() | bound-function.js:59:6:59:14 | source0() | +| bound-function.js:54:12:54:19 | source() | bound-function.js:60:6:60:14 | source1() | | call-apply.js:27:14:27:21 | source() | call-apply.js:24:8:24:11 | arg1 | | call-apply.js:27:14:27:21 | source() | call-apply.js:29:6:29:32 | foo1.ca ... ce, "") | | call-apply.js:27:14:27:21 | source() | call-apply.js:32:6:32:35 | foo1.ap ... e, ""]) | | call-apply.js:27:14:27:21 | source() | call-apply.js:33:6:33:35 | foo2.ap ... e, ""]) | -| call-apply.js:27:14:27:21 | source() | call-apply.js:40:6:40:29 | foo1_ap ... e, ""]) | -| call-apply.js:27:14:27:21 | source() | call-apply.js:46:6:46:28 | foo1_ca ... e, ""]) | -| call-apply.js:27:14:27:21 | source() | call-apply.js:47:6:47:28 | foo1_ca ... ource]) | -| call-apply.js:27:14:27:21 | source() | call-apply.js:65:10:65:21 | arguments[1] | -| call-apply.js:27:14:27:21 | source() | call-apply.js:68:10:68:21 | arguments[0] | -| call-apply.js:87:17:87:24 | source() | call-apply.js:84:8:84:11 | this | +| call-apply.js:27:14:27:21 | source() | call-apply.js:34:6:34:29 | foo1_ap ... e, ""]) | +| call-apply.js:27:14:27:21 | source() | call-apply.js:40:6:40:28 | foo1_ca ... e, ""]) | +| call-apply.js:27:14:27:21 | source() | call-apply.js:41:6:41:28 | foo1_ca ... ource]) | +| call-apply.js:27:14:27:21 | source() | call-apply.js:59:10:59:21 | arguments[1] | +| call-apply.js:27:14:27:21 | source() | call-apply.js:62:10:62:21 | arguments[0] | +| call-apply.js:45:8:45:15 | source() | call-apply.js:55:6:55:13 | foo(obj) | +| call-apply.js:81:17:81:24 | source() | call-apply.js:78:8:78:11 | this | | callbacks.js:4:6:4:13 | source() | callbacks.js:34:27:34:27 | x | | callbacks.js:4:6:4:13 | source() | callbacks.js:35:27:35:27 | x | | callbacks.js:5:6:5:13 | source() | callbacks.js:34:27:34:27 | x | @@ -69,13 +84,42 @@ typeInferenceMismatch | callbacks.js:25:16:25:23 | source() | callbacks.js:47:26:47:26 | x | | callbacks.js:25:16:25:23 | source() | callbacks.js:48:26:48:26 | x | | callbacks.js:37:17:37:24 | source() | callbacks.js:37:37:37:37 | x | +| callbacks.js:37:17:37:24 | source() | callbacks.js:38:35:38:35 | x | +| callbacks.js:37:17:37:24 | source() | callbacks.js:41:10:41:10 | x | +| callbacks.js:44:17:44:24 | source() | callbacks.js:37:37:37:37 | x | +| callbacks.js:44:17:44:24 | source() | callbacks.js:38:35:38:35 | x | | callbacks.js:44:17:44:24 | source() | callbacks.js:41:10:41:10 | x | | callbacks.js:50:18:50:25 | source() | callbacks.js:30:29:30:29 | y | | callbacks.js:51:18:51:25 | source() | callbacks.js:30:29:30:29 | y | | callbacks.js:53:23:53:30 | source() | callbacks.js:58:10:58:10 | x | +| callbacks.js:73:17:73:24 | source() | callbacks.js:73:37:73:37 | x | | capture-flow.js:9:11:9:18 | source() | capture-flow.js:14:10:14:16 | outer() | | capture-flow.js:9:11:9:18 | source() | capture-flow.js:19:6:19:16 | outerMost() | | capture-flow.js:31:14:31:21 | source() | capture-flow.js:31:6:31:22 | confuse(source()) | +| capture-flow.js:45:12:45:19 | source() | capture-flow.js:45:6:45:20 | test3(source()) | +| capture-flow.js:60:13:60:20 | source() | capture-flow.js:60:6:60:21 | test3a(source()) | +| capture-flow.js:76:13:76:20 | source() | capture-flow.js:76:6:76:21 | test3b(source()) | +| capture-flow.js:89:13:89:20 | source() | capture-flow.js:89:6:89:21 | test3c(source()) | +| capture-flow.js:93:13:93:20 | source() | capture-flow.js:96:6:96:14 | test4()() | +| capture-flow.js:101:12:101:19 | source() | capture-flow.js:101:6:101:22 | test5(source())() | +| capture-flow.js:110:12:110:19 | source() | capture-flow.js:106:14:106:14 | x | +| capture-flow.js:118:37:118:44 | source() | capture-flow.js:114:14:114:14 | x | +| capture-flow.js:126:25:126:32 | source() | capture-flow.js:123:14:123:26 | orderingTaint | +| capture-flow.js:126:25:126:32 | source() | capture-flow.js:129:14:129:26 | orderingTaint | +| capture-flow.js:177:26:177:33 | source() | capture-flow.js:173:14:173:14 | x | +| capture-flow.js:187:34:187:41 | source() | capture-flow.js:183:14:183:14 | x | +| capture-flow.js:195:24:195:31 | source() | capture-flow.js:191:14:191:14 | x | +| capture-flow.js:205:24:205:31 | source() | capture-flow.js:200:18:200:18 | x | +| capture-flow.js:225:13:225:20 | source() | capture-flow.js:220:51:220:59 | fileOrDir | +| capture-flow.js:230:9:230:16 | source() | capture-flow.js:233:14:233:14 | x | +| capture-flow.js:259:23:259:30 | source() | capture-flow.js:243:18:243:40 | objectW ... s.field | +| capture-flow.js:259:23:259:30 | source() | capture-flow.js:247:18:247:40 | objectW ... s.field | +| capture-flow.js:259:23:259:30 | source() | capture-flow.js:248:18:248:27 | this.field | +| capture-flow.js:259:23:259:30 | source() | capture-flow.js:252:14:252:36 | objectW ... s.field | +| capture-flow.js:259:23:259:30 | source() | capture-flow.js:253:14:253:23 | this.field | +| capture-flow.js:262:16:262:23 | source() | capture-flow.js:264:14:264:21 | this.foo | +| capture-flow.js:283:34:283:41 | source() | capture-flow.js:283:6:283:46 | new Cap ... ()).foo | +| capture-flow.js:283:34:283:41 | source() | capture-flow.js:284:6:284:44 | new Cap ... e').foo | | captured-sanitizer.js:25:3:25:10 | source() | captured-sanitizer.js:15:10:15:10 | x | | case.js:2:16:2:23 | source() | case.js:5:8:5:35 | changeC ... source) | | case.js:2:16:2:23 | source() | case.js:8:8:8:24 | camelCase(source) | @@ -88,12 +132,15 @@ typeInferenceMismatch | closure.js:6:15:6:22 | source() | closure.js:8:8:8:31 | string. ... (taint) | | closure.js:6:15:6:22 | source() | closure.js:9:8:9:25 | string.trim(taint) | | closure.js:6:15:6:22 | source() | closure.js:10:8:10:33 | string. ... nt, 50) | -| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:18:8:18:14 | c.taint | -| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:22:8:22:19 | c_safe.taint | -| constructor-calls.js:10:16:10:23 | source() | constructor-calls.js:26:8:26:14 | d.taint | -| constructor-calls.js:10:16:10:23 | source() | constructor-calls.js:30:8:30:19 | d_safe.taint | -| constructor-calls.js:14:15:14:22 | source() | constructor-calls.js:17:8:17:14 | c.param | -| constructor-calls.js:14:15:14:22 | source() | constructor-calls.js:25:8:25:14 | d.param | +| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:24:8:24:14 | c.taint | +| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:28:8:28:19 | c_safe.taint | +| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:40:8:40:14 | e.taint | +| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:44:8:44:19 | f_safe.taint | +| constructor-calls.js:10:16:10:23 | source() | constructor-calls.js:32:8:32:14 | d.taint | +| constructor-calls.js:10:16:10:23 | source() | constructor-calls.js:36:8:36:19 | d_safe.taint | +| constructor-calls.js:20:15:20:22 | source() | constructor-calls.js:23:8:23:14 | c.param | +| constructor-calls.js:20:15:20:22 | source() | constructor-calls.js:31:8:31:14 | d.param | +| constructor-calls.js:20:15:20:22 | source() | constructor-calls.js:39:8:39:14 | e.param | | destruct.js:20:7:20:14 | source() | destruct.js:5:10:5:10 | z | | destruct.js:20:7:20:14 | source() | destruct.js:8:10:8:10 | w | | destruct.js:20:7:20:14 | source() | destruct.js:11:10:11:10 | q | @@ -104,6 +151,7 @@ typeInferenceMismatch | exceptions.js:21:17:21:24 | source() | exceptions.js:24:10:24:21 | e.toString() | | exceptions.js:21:17:21:24 | source() | exceptions.js:25:10:25:18 | e.message | | exceptions.js:21:17:21:24 | source() | exceptions.js:26:10:26:19 | e.fileName | +| exceptions.js:53:14:53:21 | source() | exceptions.js:54:10:54:10 | e | | exceptions.js:59:24:59:31 | source() | exceptions.js:61:12:61:12 | e | | exceptions.js:88:6:88:13 | source() | exceptions.js:11:10:11:10 | e | | exceptions.js:88:6:88:13 | source() | exceptions.js:32:10:32:10 | e | @@ -125,12 +173,14 @@ typeInferenceMismatch | getters-and-setters.js:6:20:6:27 | source() | getters-and-setters.js:13:18:13:20 | c.x | | getters-and-setters.js:27:15:27:22 | source() | getters-and-setters.js:23:18:23:18 | v | | getters-and-setters.js:47:23:47:30 | source() | getters-and-setters.js:45:14:45:16 | c.x | +| getters-and-setters.js:53:21:53:28 | source() | getters-and-setters.js:53:10:53:30 | getX(ne ... rce())) | | getters-and-setters.js:60:20:60:27 | source() | getters-and-setters.js:66:10:66:14 | obj.x | | getters-and-setters.js:67:13:67:20 | source() | getters-and-setters.js:63:18:63:22 | value | | getters-and-setters.js:79:20:79:27 | source() | getters-and-setters.js:88:10:88:18 | new C().x | | getters-and-setters.js:79:20:79:27 | source() | getters-and-setters.js:92:14:92:16 | c.x | | getters-and-setters.js:79:20:79:27 | source() | getters-and-setters.js:100:10:100:22 | getX(new C()) | | getters-and-setters.js:89:17:89:24 | source() | getters-and-setters.js:82:18:82:22 | value | +| implied-receiver.js:4:16:4:23 | source() | implied-receiver.js:7:18:7:25 | this.foo | | importedReactComponent.jsx:4:40:4:47 | source() | exportedReactComponent.jsx:2:10:2:19 | props.text | | indexOf.js:4:11:4:18 | source() | indexOf.js:9:10:9:10 | x | | json-stringify.js:2:16:2:23 | source() | json-stringify.js:5:8:5:29 | JSON.st ... source) | @@ -157,12 +207,13 @@ typeInferenceMismatch | logical-and.js:2:17:2:24 | source() | logical-and.js:4:10:4:24 | "safe" && taint | | nested-props.js:4:13:4:20 | source() | nested-props.js:5:10:5:14 | obj.x | | nested-props.js:9:18:9:25 | source() | nested-props.js:10:10:10:16 | obj.x.y | +| nested-props.js:14:15:14:22 | source() | nested-props.js:15:10:15:16 | obj.x.y | +| nested-props.js:27:18:27:25 | source() | nested-props.js:28:10:28:14 | obj.x | | nested-props.js:35:13:35:20 | source() | nested-props.js:36:10:36:20 | doLoad(obj) | | nested-props.js:43:13:43:20 | source() | nested-props.js:44:10:44:18 | id(obj).x | +| nested-props.js:51:22:51:29 | source() | nested-props.js:52:10:52:16 | obj.x.y | | nested-props.js:67:31:67:38 | source() | nested-props.js:68:10:68:10 | x | | nested-props.js:77:36:77:43 | source() | nested-props.js:78:10:78:10 | x | -| object-bypass-sanitizer.js:35:29:35:36 | source() | object-bypass-sanitizer.js:23:14:23:20 | obj.foo | -| object-bypass-sanitizer.js:35:29:35:36 | source() | object-bypass-sanitizer.js:28:10:28:30 | sanitiz ... bj).foo | | partialCalls.js:4:17:4:24 | source() | partialCalls.js:17:14:17:14 | x | | partialCalls.js:4:17:4:24 | source() | partialCalls.js:20:14:20:14 | y | | partialCalls.js:4:17:4:24 | source() | partialCalls.js:30:14:30:20 | x.value | @@ -171,7 +222,9 @@ typeInferenceMismatch | promise.js:4:24:4:31 | source() | promise.js:4:8:4:32 | Promise ... urce()) | | promise.js:5:25:5:32 | source() | promise.js:5:8:5:33 | bluebir ... urce()) | | promise.js:10:24:10:31 | source() | promise.js:10:8:10:32 | Promise ... urce()) | -| promise.js:12:20:12:27 | source() | promise.js:13:8:13:23 | resolver.promise | +| promise.js:18:22:18:29 | source() | promise.js:24:10:24:10 | e | +| promise.js:33:21:33:28 | source() | promise.js:38:10:38:10 | e | +| promise.js:43:20:43:27 | source() | promise.js:43:8:43:28 | Promise ... urce()) | | rxjs.js:3:1:3:8 | source() | rxjs.js:10:14:10:17 | data | | rxjs.js:13:1:13:8 | source() | rxjs.js:17:23:17:23 | x | | rxjs.js:13:1:13:8 | source() | rxjs.js:18:23:18:23 | x | @@ -186,6 +239,7 @@ typeInferenceMismatch | sanitizer-guards.js:13:14:13:21 | source() | sanitizer-guards.js:26:9:26:14 | this.x | | sanitizer-guards.js:43:11:43:18 | source() | sanitizer-guards.js:45:8:45:8 | x | | sanitizer-guards.js:43:11:43:18 | source() | sanitizer-guards.js:48:10:48:10 | x | +| sanitizer-guards.js:57:11:57:18 | source() | sanitizer-guards.js:64:8:64:8 | x | | sanitizer-guards.js:68:11:68:18 | source() | sanitizer-guards.js:75:8:75:8 | x | | sanitizer-guards.js:79:11:79:18 | source() | sanitizer-guards.js:81:8:81:8 | x | | sanitizer-guards.js:79:11:79:18 | source() | sanitizer-guards.js:84:10:84:10 | x | diff --git a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.ql b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.ql index cfbd3a530db1..d76cd7b8fb90 100644 --- a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.ql +++ b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.ql @@ -1,5 +1,6 @@ import javascript import semmle.javascript.dataflow.InferredTypes +import testUtilities.ConsistencyChecking DataFlow::CallNode getACall(string name) { result.getCalleeName() = name @@ -7,53 +8,53 @@ DataFlow::CallNode getACall(string name) { result.getCalleeNode().getALocalSource() = DataFlow::globalVarRef(name) } -class Sink extends DataFlow::Node { - Sink() { this = getACall("sink").getAnArgument() } -} +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node = getACall("source") } + + predicate isSink(DataFlow::Node node) { node = getACall("sink").getAnArgument() } -/** - * A node that shouldn't be taintable according to the type inference, - * as it claims to be neither an object nor a string. - */ -class UntaintableNode extends DataFlow::Node { - UntaintableNode() { - not this.analyze().getAType() = TTObject() and - not this.analyze().getAType() = TTString() + predicate isBarrier(DataFlow::Node node) { + node.(DataFlow::InvokeNode).getCalleeName().matches("sanitizer_%") or + node = DataFlow::MakeBarrierGuard::getABarrierNode() or + node = TaintTracking::AdHocWhitelistCheckSanitizer::getABarrierNode() } } -class BasicConfig extends TaintTracking::Configuration { - BasicConfig() { this = "BasicConfig" } +module TestFlow = TaintTracking::Global; - override predicate isSource(DataFlow::Node node) { node = getACall("source") } +class LegacyConfig extends TaintTracking::Configuration { + LegacyConfig() { this = "LegacyConfig" } - override predicate isSink(DataFlow::Node node) { - node instanceof Sink - or - node instanceof UntaintableNode - } + override predicate isSource(DataFlow::Node node) { TestConfig::isSource(node) } + + override predicate isSink(DataFlow::Node node) { TestConfig::isSink(node) } override predicate isSanitizer(DataFlow::Node node) { node.(DataFlow::InvokeNode).getCalleeName().matches("sanitizer_%") } override predicate isSanitizerGuard(TaintTracking::SanitizerGuardNode node) { - node instanceof BasicSanitizerGuard + node instanceof BasicSanitizerGuard or + node instanceof TaintTracking::AdHocWhitelistCheckSanitizer } } +import testUtilities.LegacyDataFlowDiff::DataFlowDiff + class BasicSanitizerGuard extends TaintTracking::SanitizerGuardNode, DataFlow::CallNode { BasicSanitizerGuard() { this = getACall("isSafe") } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate sanitizes(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + + predicate blocksExpr(boolean outcome, Expr e) { outcome = true and e = this.getArgument(0).asExpr() } } -query predicate typeInferenceMismatch(DataFlow::Node source, UntaintableNode sink) { - any(BasicConfig cfg).hasFlow(source, sink) -} +query predicate flow = TestFlow::flow/2; -from BasicConfig cfg, DataFlow::Node src, Sink sink -where cfg.hasFlow(src, sink) -select src, sink +class Consistency extends ConsistencyConfiguration { + Consistency() { this = "Consistency" } + + override DataFlow::Node getAnAlert() { TestFlow::flowTo(result) } +} diff --git a/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected b/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected index 33a27661ecd1..de977a8ff92e 100644 --- a/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected +++ b/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.expected @@ -1,9 +1,35 @@ +legacyDataFlowDifference +| arrays-init.js:2:16:2:23 | source() | arrays-init.js:38:8:38:13 | arr[5] | only flow with NEW data flow library | +| bound-function.js:27:8:27:15 | source() | bound-function.js:30:10:30:10 | y | only flow with OLD data flow library | +| call-apply.js:27:14:27:21 | source() | call-apply.js:34:6:34:29 | foo1_ap ... e, ""]) | only flow with NEW data flow library | +| call-apply.js:45:8:45:15 | source() | call-apply.js:55:6:55:13 | foo(obj) | only flow with NEW data flow library | +| callbacks.js:37:17:37:24 | source() | callbacks.js:38:35:38:35 | x | only flow with NEW data flow library | +| callbacks.js:37:17:37:24 | source() | callbacks.js:41:10:41:10 | x | only flow with NEW data flow library | +| callbacks.js:44:17:44:24 | source() | callbacks.js:37:37:37:37 | x | only flow with NEW data flow library | +| callbacks.js:44:17:44:24 | source() | callbacks.js:38:35:38:35 | x | only flow with NEW data flow library | +| capture-flow.js:89:13:89:20 | source() | capture-flow.js:89:6:89:21 | test3c(source()) | only flow with NEW data flow library | +| capture-flow.js:101:12:101:19 | source() | capture-flow.js:102:6:102:20 | test5("safe")() | only flow with OLD data flow library | +| capture-flow.js:274:33:274:40 | source() | capture-flow.js:272:10:272:17 | this.foo | only flow with OLD data flow library | +| capture-flow.js:274:33:274:40 | source() | capture-flow.js:274:6:274:45 | new Cap ... ()).foo | only flow with OLD data flow library | +| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:40:8:40:14 | e.taint | only flow with NEW data flow library | +| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:44:8:44:19 | f_safe.taint | only flow with NEW data flow library | +| constructor-calls.js:20:15:20:22 | source() | constructor-calls.js:39:8:39:14 | e.param | only flow with NEW data flow library | +| exceptions.js:53:14:53:21 | source() | exceptions.js:54:10:54:10 | e | only flow with NEW data flow library | +| getters-and-setters.js:53:21:53:28 | source() | getters-and-setters.js:53:10:53:30 | getX(ne ... rce())) | only flow with NEW data flow library | +| nested-props.js:14:15:14:22 | source() | nested-props.js:15:10:15:16 | obj.x.y | only flow with NEW data flow library | +| nested-props.js:27:18:27:25 | source() | nested-props.js:28:10:28:14 | obj.x | only flow with NEW data flow library | +| nested-props.js:51:22:51:29 | source() | nested-props.js:52:10:52:16 | obj.x.y | only flow with NEW data flow library | +| sanitizer-guards.js:57:11:57:18 | source() | sanitizer-guards.js:64:8:64:8 | x | only flow with NEW data flow library | +| tst.js:2:13:2:20 | source() | tst.js:35:14:35:16 | ary | only flow with NEW data flow library | +| tst.js:2:13:2:20 | source() | tst.js:41:14:41:16 | ary | only flow with NEW data flow library | +flow | access-path-sanitizer.js:2:18:2:25 | source() | access-path-sanitizer.js:4:8:4:12 | obj.x | | advanced-callgraph.js:2:13:2:20 | source() | advanced-callgraph.js:6:22:6:22 | v | | arrays-init.js:2:16:2:23 | source() | arrays-init.js:17:8:17:13 | arr[1] | | arrays-init.js:2:16:2:23 | source() | arrays-init.js:22:8:22:13 | arr[6] | | arrays-init.js:2:16:2:23 | source() | arrays-init.js:28:8:28:13 | arr[1] | | arrays-init.js:2:16:2:23 | source() | arrays-init.js:34:8:34:13 | arr[1] | +| arrays-init.js:2:16:2:23 | source() | arrays-init.js:38:8:38:13 | arr[5] | | arrays-init.js:2:16:2:23 | source() | arrays-init.js:43:10:43:15 | arr[i] | | arrays-init.js:2:16:2:23 | source() | arrays-init.js:55:10:55:15 | arr[i] | | arrays-init.js:2:16:2:23 | source() | arrays-init.js:61:10:61:13 | item | @@ -13,18 +39,19 @@ | booleanOps.js:2:11:2:18 | source() | booleanOps.js:13:10:13:10 | x | | booleanOps.js:2:11:2:18 | source() | booleanOps.js:19:10:19:10 | x | | booleanOps.js:2:11:2:18 | source() | booleanOps.js:22:10:22:10 | x | -| bound-function.js:12:12:12:19 | source() | bound-function.js:4:10:4:10 | y | -| bound-function.js:14:6:14:13 | source() | bound-function.js:4:10:4:10 | y | -| bound-function.js:22:8:22:15 | source() | bound-function.js:25:10:25:10 | y | -| bound-function.js:45:10:45:17 | source() | bound-function.js:45:6:45:18 | id3(source()) | -| bound-function.js:49:12:49:19 | source() | bound-function.js:54:6:54:14 | source0() | -| bound-function.js:49:12:49:19 | source() | bound-function.js:55:6:55:14 | source1() | +| bound-function.js:17:21:17:28 | source() | bound-function.js:5:10:5:16 | y.test2 | +| bound-function.js:19:15:19:22 | source() | bound-function.js:6:10:6:16 | y.test3 | +| bound-function.js:50:10:50:17 | source() | bound-function.js:50:6:50:18 | id3(source()) | +| bound-function.js:54:12:54:19 | source() | bound-function.js:59:6:59:14 | source0() | +| bound-function.js:54:12:54:19 | source() | bound-function.js:60:6:60:14 | source1() | | call-apply.js:27:14:27:21 | source() | call-apply.js:24:8:24:11 | arg1 | | call-apply.js:27:14:27:21 | source() | call-apply.js:29:6:29:32 | foo1.ca ... ce, "") | | call-apply.js:27:14:27:21 | source() | call-apply.js:32:6:32:35 | foo1.ap ... e, ""]) | -| call-apply.js:27:14:27:21 | source() | call-apply.js:46:6:46:28 | foo1_ca ... e, ""]) | -| call-apply.js:27:14:27:21 | source() | call-apply.js:68:10:68:21 | arguments[0] | -| call-apply.js:87:17:87:24 | source() | call-apply.js:84:8:84:11 | this | +| call-apply.js:27:14:27:21 | source() | call-apply.js:34:6:34:29 | foo1_ap ... e, ""]) | +| call-apply.js:27:14:27:21 | source() | call-apply.js:40:6:40:28 | foo1_ca ... e, ""]) | +| call-apply.js:27:14:27:21 | source() | call-apply.js:62:10:62:21 | arguments[0] | +| call-apply.js:45:8:45:15 | source() | call-apply.js:55:6:55:13 | foo(obj) | +| call-apply.js:81:17:81:24 | source() | call-apply.js:78:8:78:11 | this | | callbacks.js:4:6:4:13 | source() | callbacks.js:34:27:34:27 | x | | callbacks.js:4:6:4:13 | source() | callbacks.js:35:27:35:27 | x | | callbacks.js:5:6:5:13 | source() | callbacks.js:34:27:34:27 | x | @@ -32,21 +59,53 @@ | callbacks.js:25:16:25:23 | source() | callbacks.js:47:26:47:26 | x | | callbacks.js:25:16:25:23 | source() | callbacks.js:48:26:48:26 | x | | callbacks.js:37:17:37:24 | source() | callbacks.js:37:37:37:37 | x | +| callbacks.js:37:17:37:24 | source() | callbacks.js:38:35:38:35 | x | +| callbacks.js:37:17:37:24 | source() | callbacks.js:41:10:41:10 | x | +| callbacks.js:44:17:44:24 | source() | callbacks.js:37:37:37:37 | x | +| callbacks.js:44:17:44:24 | source() | callbacks.js:38:35:38:35 | x | | callbacks.js:44:17:44:24 | source() | callbacks.js:41:10:41:10 | x | | callbacks.js:50:18:50:25 | source() | callbacks.js:30:29:30:29 | y | | callbacks.js:51:18:51:25 | source() | callbacks.js:30:29:30:29 | y | | callbacks.js:53:23:53:30 | source() | callbacks.js:58:10:58:10 | x | +| callbacks.js:73:17:73:24 | source() | callbacks.js:73:37:73:37 | x | | capture-flow.js:9:11:9:18 | source() | capture-flow.js:14:10:14:16 | outer() | | capture-flow.js:9:11:9:18 | source() | capture-flow.js:19:6:19:16 | outerMost() | | capture-flow.js:31:14:31:21 | source() | capture-flow.js:31:6:31:22 | confuse(source()) | +| capture-flow.js:45:12:45:19 | source() | capture-flow.js:45:6:45:20 | test3(source()) | +| capture-flow.js:60:13:60:20 | source() | capture-flow.js:60:6:60:21 | test3a(source()) | +| capture-flow.js:76:13:76:20 | source() | capture-flow.js:76:6:76:21 | test3b(source()) | +| capture-flow.js:89:13:89:20 | source() | capture-flow.js:89:6:89:21 | test3c(source()) | +| capture-flow.js:93:13:93:20 | source() | capture-flow.js:96:6:96:14 | test4()() | +| capture-flow.js:101:12:101:19 | source() | capture-flow.js:101:6:101:22 | test5(source())() | +| capture-flow.js:110:12:110:19 | source() | capture-flow.js:106:14:106:14 | x | +| capture-flow.js:118:37:118:44 | source() | capture-flow.js:114:14:114:14 | x | +| capture-flow.js:126:25:126:32 | source() | capture-flow.js:123:14:123:26 | orderingTaint | +| capture-flow.js:126:25:126:32 | source() | capture-flow.js:129:14:129:26 | orderingTaint | +| capture-flow.js:177:26:177:33 | source() | capture-flow.js:173:14:173:14 | x | +| capture-flow.js:187:34:187:41 | source() | capture-flow.js:183:14:183:14 | x | +| capture-flow.js:195:24:195:31 | source() | capture-flow.js:191:14:191:14 | x | +| capture-flow.js:205:24:205:31 | source() | capture-flow.js:200:18:200:18 | x | +| capture-flow.js:225:13:225:20 | source() | capture-flow.js:220:51:220:59 | fileOrDir | +| capture-flow.js:230:9:230:16 | source() | capture-flow.js:233:14:233:14 | x | +| capture-flow.js:259:23:259:30 | source() | capture-flow.js:243:18:243:40 | objectW ... s.field | +| capture-flow.js:259:23:259:30 | source() | capture-flow.js:247:18:247:40 | objectW ... s.field | +| capture-flow.js:259:23:259:30 | source() | capture-flow.js:248:18:248:27 | this.field | +| capture-flow.js:259:23:259:30 | source() | capture-flow.js:252:14:252:36 | objectW ... s.field | +| capture-flow.js:259:23:259:30 | source() | capture-flow.js:253:14:253:23 | this.field | +| capture-flow.js:262:16:262:23 | source() | capture-flow.js:264:14:264:21 | this.foo | +| capture-flow.js:283:34:283:41 | source() | capture-flow.js:283:6:283:46 | new Cap ... ()).foo | | captured-sanitizer.js:25:3:25:10 | source() | captured-sanitizer.js:15:10:15:10 | x | -| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:18:8:18:14 | c.taint | -| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:22:8:22:19 | c_safe.taint | -| constructor-calls.js:10:16:10:23 | source() | constructor-calls.js:26:8:26:14 | d.taint | -| constructor-calls.js:10:16:10:23 | source() | constructor-calls.js:30:8:30:19 | d_safe.taint | -| constructor-calls.js:14:15:14:22 | source() | constructor-calls.js:17:8:17:14 | c.param | -| constructor-calls.js:14:15:14:22 | source() | constructor-calls.js:25:8:25:14 | d.param | +| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:24:8:24:14 | c.taint | +| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:28:8:28:19 | c_safe.taint | +| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:40:8:40:14 | e.taint | +| constructor-calls.js:4:18:4:25 | source() | constructor-calls.js:44:8:44:19 | f_safe.taint | +| constructor-calls.js:10:16:10:23 | source() | constructor-calls.js:32:8:32:14 | d.taint | +| constructor-calls.js:10:16:10:23 | source() | constructor-calls.js:36:8:36:19 | d_safe.taint | +| constructor-calls.js:20:15:20:22 | source() | constructor-calls.js:23:8:23:14 | c.param | +| constructor-calls.js:20:15:20:22 | source() | constructor-calls.js:31:8:31:14 | d.param | +| constructor-calls.js:20:15:20:22 | source() | constructor-calls.js:39:8:39:14 | e.param | | exceptions.js:3:15:3:22 | source() | exceptions.js:5:10:5:10 | e | +| exceptions.js:53:14:53:21 | source() | exceptions.js:54:10:54:10 | e | | exceptions.js:59:24:59:31 | source() | exceptions.js:61:12:61:12 | e | | exceptions.js:88:6:88:13 | source() | exceptions.js:11:10:11:10 | e | | exceptions.js:93:11:93:18 | source() | exceptions.js:95:10:95:10 | e | @@ -64,20 +123,25 @@ | getters-and-setters.js:6:20:6:27 | source() | getters-and-setters.js:13:18:13:20 | c.x | | getters-and-setters.js:27:15:27:22 | source() | getters-and-setters.js:23:18:23:18 | v | | getters-and-setters.js:47:23:47:30 | source() | getters-and-setters.js:45:14:45:16 | c.x | +| getters-and-setters.js:53:21:53:28 | source() | getters-and-setters.js:53:10:53:30 | getX(ne ... rce())) | | getters-and-setters.js:60:20:60:27 | source() | getters-and-setters.js:66:10:66:14 | obj.x | | getters-and-setters.js:67:13:67:20 | source() | getters-and-setters.js:63:18:63:22 | value | | getters-and-setters.js:79:20:79:27 | source() | getters-and-setters.js:88:10:88:18 | new C().x | | getters-and-setters.js:79:20:79:27 | source() | getters-and-setters.js:92:14:92:16 | c.x | | getters-and-setters.js:79:20:79:27 | source() | getters-and-setters.js:100:10:100:22 | getX(new C()) | | getters-and-setters.js:89:17:89:24 | source() | getters-and-setters.js:82:18:82:22 | value | +| implied-receiver.js:4:16:4:23 | source() | implied-receiver.js:7:18:7:25 | this.foo | | importedReactComponent.jsx:4:40:4:47 | source() | exportedReactComponent.jsx:2:10:2:19 | props.text | | indexOf.js:4:11:4:18 | source() | indexOf.js:9:10:9:10 | x | | indexOf.js:4:11:4:18 | source() | indexOf.js:13:10:13:10 | x | | logical-and.js:2:17:2:24 | source() | logical-and.js:4:10:4:24 | "safe" && taint | | nested-props.js:4:13:4:20 | source() | nested-props.js:5:10:5:14 | obj.x | | nested-props.js:9:18:9:25 | source() | nested-props.js:10:10:10:16 | obj.x.y | +| nested-props.js:14:15:14:22 | source() | nested-props.js:15:10:15:16 | obj.x.y | +| nested-props.js:27:18:27:25 | source() | nested-props.js:28:10:28:14 | obj.x | | nested-props.js:35:13:35:20 | source() | nested-props.js:36:10:36:20 | doLoad(obj) | | nested-props.js:43:13:43:20 | source() | nested-props.js:44:10:44:18 | id(obj).x | +| nested-props.js:51:22:51:29 | source() | nested-props.js:52:10:52:16 | obj.x.y | | nested-props.js:67:31:67:38 | source() | nested-props.js:68:10:68:10 | x | | object-bypass-sanitizer.js:32:21:32:28 | source() | object-bypass-sanitizer.js:15:10:15:24 | sanitizer_id(x) | | object-bypass-sanitizer.js:35:29:35:36 | source() | object-bypass-sanitizer.js:27:10:27:30 | sanitiz ... bj.foo) | @@ -99,10 +163,11 @@ | sanitizer-guards.js:43:11:43:18 | source() | sanitizer-guards.js:45:8:45:8 | x | | sanitizer-guards.js:43:11:43:18 | source() | sanitizer-guards.js:48:10:48:10 | x | | sanitizer-guards.js:43:11:43:18 | source() | sanitizer-guards.js:52:10:52:10 | x | +| sanitizer-guards.js:57:11:57:18 | source() | sanitizer-guards.js:64:8:64:8 | x | | sanitizer-guards.js:68:11:68:18 | source() | sanitizer-guards.js:75:8:75:8 | x | | sanitizer-guards.js:79:11:79:18 | source() | sanitizer-guards.js:81:8:81:8 | x | | sanitizer-guards.js:79:11:79:18 | source() | sanitizer-guards.js:84:10:84:10 | x | -| sanitizer-guards.js:79:11:79:18 | source() | sanitizer-guards.js:86:7:86:7 | x | +| sanitizer-guards.js:79:11:79:18 | source() | sanitizer-guards.js:86:9:86:9 | x | | sanitizer-guards.js:91:11:91:18 | source() | sanitizer-guards.js:93:8:93:8 | x | | sanitizer-guards.js:91:11:91:18 | source() | sanitizer-guards.js:96:10:96:10 | x | | sanitizer-guards.js:91:11:91:18 | source() | sanitizer-guards.js:98:7:98:7 | x | @@ -111,4 +176,6 @@ | thisAssignments.js:4:17:4:24 | source() | thisAssignments.js:5:10:5:18 | obj.field | | thisAssignments.js:7:19:7:26 | source() | thisAssignments.js:8:10:8:20 | this.field2 | | tst.js:2:13:2:20 | source() | tst.js:4:10:4:10 | x | +| tst.js:2:13:2:20 | source() | tst.js:35:14:35:16 | ary | +| tst.js:2:13:2:20 | source() | tst.js:41:14:41:16 | ary | | tst.js:2:13:2:20 | source() | tst.js:54:14:54:19 | unsafe | diff --git a/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.ql b/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.ql index 6799b0ffd78a..62abcda81a54 100644 --- a/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.ql +++ b/javascript/ql/test/library-tests/TaintTracking/DataFlowTracking.ql @@ -2,26 +2,44 @@ import javascript DataFlow::CallNode getACall(string name) { result.getCalleeName() = name } -class BasicConfig extends DataFlow::Configuration { - BasicConfig() { this = "BasicConfig" } +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node = getACall("source") } - override predicate isSource(DataFlow::Node node) { node = getACall("source") } + predicate isSink(DataFlow::Node node) { node = getACall("sink").getAnArgument() } - override predicate isSink(DataFlow::Node node) { node = getACall("sink").getAnArgument() } - - override predicate isBarrierGuard(DataFlow::BarrierGuardNode node) { + additional predicate isBarrierGuard(DataFlow::BarrierGuardNode node) { node instanceof BasicBarrierGuard } + + predicate isBarrier(DataFlow::Node node) { + node = DataFlow::MakeLegacyBarrierGuard::getABarrierNode() + } } +module TestFlow = DataFlow::Global; + class BasicBarrierGuard extends DataFlow::BarrierGuardNode, DataFlow::CallNode { BasicBarrierGuard() { this = getACall("isSafe") } - override predicate blocks(boolean outcome, Expr e) { + override predicate blocks(boolean outcome, Expr e) { this.blocksExpr(outcome, e) } + + predicate blocksExpr(boolean outcome, Expr e) { outcome = true and e = this.getArgument(0).asExpr() } } -from BasicConfig cfg, DataFlow::Node src, DataFlow::Node sink -where cfg.hasFlow(src, sink) -select src, sink +class LegacyConfig extends DataFlow::Configuration { + LegacyConfig() { this = "LegacyConfig" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } + + override predicate isBarrierGuard(DataFlow::BarrierGuardNode node) { + TestConfig::isBarrierGuard(node) + } +} + +import testUtilities.LegacyDataFlowDiff::DataFlowDiff + +query predicate flow = TestFlow::flow/2; diff --git a/javascript/ql/test/library-tests/TaintTracking/arrays-init.js b/javascript/ql/test/library-tests/TaintTracking/arrays-init.js index 74faa5934786..a0f3839d275c 100644 --- a/javascript/ql/test/library-tests/TaintTracking/arrays-init.js +++ b/javascript/ql/test/library-tests/TaintTracking/arrays-init.js @@ -1,7 +1,7 @@ (function () { let source = source(); - var str = "FALSE"; + var str = "FALSE"; console.log("=== access by index (init by ctor) ==="); var arr = new Array(2); @@ -24,18 +24,18 @@ console.log("=== access by index (init by [...]) ==="); var arr = [str, source]; - sink(arr[0]); // OK + sink(arr[0]); // OK [INCONSISTENCY] sink(arr[1]); // NOT OK sink(str); // OK console.log("=== access by index (init by [...], array.lenght > 5) ==="); var arr = [str, source, 'b', 'c', 'd', source]; - sink(arr[0]); // OK + sink(arr[0]); // OK [INCONSISTENCY] sink(arr[1]); // NOT OK - sink(arr[2]); // OK - sink(arr[3]); // OK - sink(arr[4]); // OK - sink(arr[5]); // NOT OK - but not flagged [INCONSISTENCY] + sink(arr[2]); // OK [INCONSISTENCY] + sink(arr[3]); // OK [INCONSISTENCY] + sink(arr[4]); // OK [INCONSISTENCY] + sink(arr[5]); // NOT OK console.log("=== access in for (init by [...]) ==="); var arr = [str, source]; @@ -58,6 +58,6 @@ console.log("=== access in forof (init by [...]) ==="); var arr = [str, source]; for (const item of arr) { - sink(item); // NOT OK + sink(item); // NOT OK } -}()); \ No newline at end of file +}()); diff --git a/javascript/ql/test/library-tests/TaintTracking/booleanOps.js b/javascript/ql/test/library-tests/TaintTracking/booleanOps.js index 876d43bbc391..6cb0d6cea338 100644 --- a/javascript/ql/test/library-tests/TaintTracking/booleanOps.js +++ b/javascript/ql/test/library-tests/TaintTracking/booleanOps.js @@ -1,23 +1,23 @@ function test() { let x = source(); - + sink(x); // NOT OK - + if (x === 'a') sink(x); // OK - + if (x === 'a' || x === 'b') sink(x); // OK - + if (x === 'a' || 1 === 1) sink(x); // NOT OK if (isSafe(x)) sink(x); // OK - + if (isSafe(x, y) || isSafe(x, z)) - sink(x); // OK - + sink(x); // OK [INCONSISTENCY] + if (isSafe(x) || 1 === 1) sink(x); // NOT OK } diff --git a/javascript/ql/test/library-tests/TaintTracking/bound-function.js b/javascript/ql/test/library-tests/TaintTracking/bound-function.js index b38dee1c922a..bc74312ea618 100644 --- a/javascript/ql/test/library-tests/TaintTracking/bound-function.js +++ b/javascript/ql/test/library-tests/TaintTracking/bound-function.js @@ -1,28 +1,33 @@ import * as dummy from 'dummy'; function foo(x, y) { - sink(y); + sink(y.test1); // OK + sink(y.test2); // NOT OK + sink(y.test3); // NOT OK + sink(y.test4); // OK + sink(y.test5); // OK + sink(y.test6); // OK } let foo0 = foo.bind(null); let foo1 = foo.bind(null, null); let foo2 = foo.bind(null, null, null); -foo0(source(), null); // OK -foo0(null, source()); // NOT OK +foo0({ test1: source() }, null); +foo0(null, { test2: source() }); -foo1(source()); // NOT OK -foo1(null, source()); // OK +foo1({ test3: source() }); +foo1(null, { test4: source() }); -foo2(source()); // OK -foo2(null, source()); // OK +foo2({ test5: source() }); +foo2(null, { test6: source() }); function takesCallback(cb) { - cb(source()); // NOT OK + cb(source()); } function callback(x, y) { - sink(y); + sink(y); // NOT OK [INCONSISTENCY] - lambda flow in dataflow2 does not handle partial invocations yet } takesCallback(callback.bind(null, null)); @@ -33,7 +38,7 @@ function id(x) { let sourceGetter = id.bind(null, source()); let constGetter = id.bind(null, 'safe'); -sink(sourceGetter()); // NOT OK - but not flagged +sink(sourceGetter()); // NOT OK [INCONSISTENCY] sink(constGetter()); // OK function id2(x, y) { diff --git a/javascript/ql/test/library-tests/TaintTracking/call-apply.js b/javascript/ql/test/library-tests/TaintTracking/call-apply.js index e26e3aa3835d..0782ad71babe 100644 --- a/javascript/ql/test/library-tests/TaintTracking/call-apply.js +++ b/javascript/ql/test/library-tests/TaintTracking/call-apply.js @@ -30,21 +30,15 @@ sink(foo1.call(null, source, "")); // NOT OK sink(foo2.call(null, source, "")); // OK sink(foo1.apply(null, [source, ""])); // NOT OK -sink(foo2.apply(null, [source, ""])); // OK - -// doesn't work due to fundamental limitations of our dataflow analysis. -// exactly (and I mean exactly) the same thing happens in the below `obj.foo` example. -// in general we don't track flow that first goes through a call, and then a return, unless we can summarize it. -// in the other examples we can summarize the flow, because it's quite simple, but here we can't. -// (try to read the QLDoc in the top of `Configuration.qll`, that might help). -sink(foo1_apply([source, ""])); // NOT OK - but not flagged [INCONSISTENCY] +sink(foo2.apply(null, [source, ""])); // OK [INCONSISTENCY] +sink(foo1_apply([source, ""])); // NOT OK foo1_apply_sink([source, ""]); // This works, because we don't need a return after a call (the sink is inside the called function). sink(foo1_apply.apply(["", source])); // OK sink(foo1_call([source, ""])); // NOT OK -sink(foo1_call(["", source])); // OK +sink(foo1_call(["", source])); // OK [INCONSISTENCY] var obj = { @@ -58,21 +52,21 @@ function foo(x) { function bar(x) { return x.foo; } -sink(foo(obj)); // NOT OK - but not flagged [INCONSISTENCY] +sink(foo(obj)); // NOT OK function argumentsObject() { function sinkArguments1() { - sink(arguments[1]); // OK + sink(arguments[1]); // OK [INCONSISTENCY] } function sinkArguments0() { sink(arguments[0]); // NOT OK } - + function fowardArguments() { sinkArguments1.apply(this, arguments); sinkArguments0.apply(this, arguments); } - + fowardArguments.apply(this, [source, ""]); } @@ -84,4 +78,4 @@ function sinksThis2() { sink(this); // NOT OK } -sinksThis.apply(source(), []); \ No newline at end of file +sinksThis.apply(source(), []); diff --git a/javascript/ql/test/library-tests/TaintTracking/callbacks.js b/javascript/ql/test/library-tests/TaintTracking/callbacks.js index e317514f88ff..2c0bb776a6a0 100644 --- a/javascript/ql/test/library-tests/TaintTracking/callbacks.js +++ b/javascript/ql/test/library-tests/TaintTracking/callbacks.js @@ -35,8 +35,8 @@ function test() { provideTaint2(x => sink(x)); // NOT OK forwardTaint2(source(), x => sink(x)); // NOT OK - forwardTaint2("safe", x => sink(x)); // OK - + forwardTaint2("safe", x => sink(x)); // OK [INCONSISTENCY] + function helper1(x) { sink(x); // NOT OK return x; @@ -58,3 +58,18 @@ function test() { sink(x); // NOT OK }); } + +function forwardTaint3(x, cb) { + cb(x); // Same as 'forwardTaint' but copied to avoid interference between tests + cb(x); +} + +function forwardTaint4(x, cb) { + forwardTaint3(x, cb); // Same as 'forwardTaint2' but copied to avoid interference between tests + forwardTaint3(x, cb); +} + +function test2() { + forwardTaint4(source(), x => sink(x)); // NOT OK + forwardTaint4("safe", x => sink(x)); // OK +} diff --git a/javascript/ql/test/library-tests/TaintTracking/capture-flow.js b/javascript/ql/test/library-tests/TaintTracking/capture-flow.js index af50e7523a9b..baa6c6c95d29 100644 --- a/javascript/ql/test/library-tests/TaintTracking/capture-flow.js +++ b/javascript/ql/test/library-tests/TaintTracking/capture-flow.js @@ -29,3 +29,256 @@ function confuse(x) { sink(confuse('safe')); // OK sink(confuse(source())); // NOT OK + +function test3(param) { + var x; + function one() { + x = param; + } + function two() { + one(); + return x; + } + return two(); +} + +sink(test3(source())); // NOT OK +sink(test3("safe")); // OK + +function test3a(param) { + var x; + function one() { + x = param; + } + one(); + function two() { + return x; + } + return two(); +} + +sink(test3a(source())); // NOT OK +sink(test3a("safe")); // OK + +function test3b(param) { + var x; + function one() { + x = param; + } + one(); + function two() { + one(); + return x; + } + return two(); +} + +sink(test3b(source())); // NOT OK +sink(test3b("safe")); // OK + +function test3c(param) { + function one() { + return param; + } + function two() { + return one(); + } + return two(); +} + +sink(test3c(source())); // NOT OK +sink(test3c("safe")); // OK + +function test4() { + var x = source(); + return () => x; +} +sink(test4()()); // NOT OK + +function test5(x) { + return () => x; +} +sink(test5(source())()); // NOT OK +sink(test5("safe")()); // OK + +function testEscape(x) { + function escapingFunction() { + sink(x); // NOT OK + } + global.doEscape(escapingFunction); +} +testEscape(source()); + +function testEscapeViaReturn(x) { + function escapingFunction() { + sink(x); // NOT OK + } + return escapingFunction; +} +global.doEscape(testEscapeViaReturn(source())); + +function ordering() { + var orderingTaint; + global.addEventListener('click', () => { + sink(orderingTaint); // NOT OK + }); + global.addEventListener('load', () => { + orderingTaint = source(); + }); + global.addEventListener('click', () => { + sink(orderingTaint); // NOT OK + }); +} +ordering(); + +function makeSafe(x) { + console.log(x); + return "safe"; +} +function flowSensitiveParamUpdate(x) { + x = makeSafe(x); + function captureX() { + console.log(x); + } + captureX(); + sink(x); // OK +} +flowSensitiveParamUpdate(source()); + +function flowSensitiveLocalUpdate() { + let x = source(); + x = makeSafe(x); + function captureX() { + console.log(x); + } + captureX(); + sink(x); // OK +} +flowSensitiveLocalUpdate(); + +function flowSensitiveLocalIncrement() { + let x = source(); + ++x; + function captureX() { + console.log(x); + } + captureX(); + sink(x); // OK +} +flowSensitiveLocalIncrement(); + +function destructuredVarDecl(param) { + let { x } = param; + function inner() { + sink(x); // NOT OK + } + inner(); +} +destructuredVarDecl({ x: source() }); + +function destructuredLocalAssignment(param) { + let x; + ({ x } = param); + function inner() { + sink(x); // NOT OK + } + inner(); +} +destructuredLocalAssignment({ x: source() }); + +function destructuredParam({ x }) { + function inner() { + sink(x); // NOT OK + } + inner(); +} +destructuredParam({ x: source() }); + +function destructuredLoop(data) { + for (let { x } of data) { + function inner() { + sink(x); // NOT OK + } + inner(); + } +} +destructuredLoop([{ x: source() }]); + + +function testPromise(arg) { + function transform(x) { + return { prop: x }; + } + class Foo { + updatePrVisibility(y) { + const { prop: variable } = transform(y); + this.exists(variable).then(() => { + transform(variable); + }); + } + exists(fileOrDir) { + return new Promise(resolve => fs.sink(fileOrDir, err => resolve(!err))); // NOT OK + } + } + new Foo().updatePrVisibility(arg); +} +testPromise(source()); + +function sinkInner() { + var x = "safe"; + console.log(x); + x = source(); + console.log(x); + function inner() { + sink(x); // NOT OK + } + inner(); +} +sinkInner(); + +function testObjectWithMethods(taint) { + const objectWithMethods = { + field: taint, + arrowFunction: () => { + sink(objectWithMethods.field); // NOT OK + sink(this.field); // OK - refers to outer 'this' + }, + regularFunction() { + sink(objectWithMethods.field); // NOT OK + sink(this.field); // NOT OK + }, + }; + objectWithMethods.functionAddedLater = function() { + sink(objectWithMethods.field); // NOT OK + sink(this.field); // NOT OK + }; + objectWithMethods.arrowFunction(); + objectWithMethods.regularFunction(); + objectWithMethods.functionAddedLater(); +} +testObjectWithMethods(source()); + +function captureThis() { + this.foo = source(); + window.addEventListener('click', () => { + sink(this.foo); // NOT OK + }); +} + +function CaptureThisWithoutJump(x) { + [1].forEach(() => { + this.foo = x; + }); + sink(this.foo); // NOT OK [INCONSISTENCY] +} +sink(new CaptureThisWithoutJump(source()).foo); // NOT OK [INCONSISTENCY] +sink(new CaptureThisWithoutJump('safe').foo); // OK + +function CaptureThisWithoutJump2(x) { + this.foo = x; + let y; + [1].forEach(() => y = this.foo); + return y; +} +sink(new CaptureThisWithoutJump2(source()).foo); // NOT OK +sink(new CaptureThisWithoutJump2('safe').foo); // OK [INCONSISTENCY] diff --git a/javascript/ql/test/library-tests/TaintTracking/constructor-calls.js b/javascript/ql/test/library-tests/TaintTracking/constructor-calls.js index c59915527874..049bf486e5c5 100644 --- a/javascript/ql/test/library-tests/TaintTracking/constructor-calls.js +++ b/javascript/ql/test/library-tests/TaintTracking/constructor-calls.js @@ -10,22 +10,36 @@ function JsClass(param) { this.taint = source(); } +class SubClass extends EcmaClass { + constructor(param) { + super(param); + } +} + function test() { let taint = source(); let c = new EcmaClass(taint); sink(c.param); // NOT OK sink(c.taint); // NOT OK - + let c_safe = new EcmaClass("safe"); sink(c_safe.param); // OK sink(c_safe.taint); // NOT OK - + let d = new JsClass(taint); sink(d.param); // NOT OK sink(d.taint); // NOT OK - + let d_safe = new JsClass("safe"); sink(d_safe.param); // OK sink(d_safe.taint); // NOT OK + + let e = new SubClass(taint); + sink(e.param); // NOT OK + sink(e.taint); // NOT OK + + let f_safe = new SubClass("safe"); + sink(f_safe.param); // OK + sink(f_safe.taint); // NOT OK } diff --git a/javascript/ql/test/library-tests/TaintTracking/exceptions.js b/javascript/ql/test/library-tests/TaintTracking/exceptions.js index 72d822be9ada..6ada4f4fb50d 100644 --- a/javascript/ql/test/library-tests/TaintTracking/exceptions.js +++ b/javascript/ql/test/library-tests/TaintTracking/exceptions.js @@ -23,7 +23,7 @@ function test(unsafe, safe) { sink(e); // NOT OK sink(e.toString()); // NOT OK sink(e.message); // NOT OK - sink(e.fileName); // OK - but flagged anyway + sink(e.fileName); // OK - but flagged anyway [INCONSISTENCY] } try { @@ -32,16 +32,16 @@ function test(unsafe, safe) { sink(e); // NOT OK sink(e.toString()); // NOT OK sink(e.message); // NOT OK - sink(e.fileName); // OK - but flagged anyway + sink(e.fileName); // OK - but flagged anyway [INCONSISTENCY] } try { throwError2(safe); } catch (e) { - sink(e); // NOT OK - sink(e.toString()); // NOT OK - sink(e.message); // NOT OK - sink(e.fileName); // OK - but flagged anyway + sink(e); // OK + sink(e.toString()); // OK + sink(e.message); // OK + sink(e.fileName); // OK } try { @@ -51,14 +51,14 @@ function test(unsafe, safe) { } throwAsync(source()).catch(e => { - sink(e); // NOT OK - but not flagged + sink(e); // NOT OK }); async function asyncTester() { try { await throwAsync(source()); } catch (e) { - sink(e); // NOT OK - but not flagged + sink(e); // NOT OK } } } diff --git a/javascript/ql/test/library-tests/TaintTracking/getters-and-setters.js b/javascript/ql/test/library-tests/TaintTracking/getters-and-setters.js index 4fae44d083ca..677110e003aa 100644 --- a/javascript/ql/test/library-tests/TaintTracking/getters-and-setters.js +++ b/javascript/ql/test/library-tests/TaintTracking/getters-and-setters.js @@ -50,7 +50,7 @@ function testFlowThroughGetter() { function getX(c) { return c.x; } - sink(getX(new C(source()))); // NOT OK - but not flagged + sink(getX(new C(source()))); // NOT OK getX(null); } @@ -67,7 +67,7 @@ function testFlowThroughObjectLiteralAccessors() { obj.y = source(); function indirection(c) { - sink(c.x); // NOT OK - but not currently flagged + sink(c.x); // NOT OK - but not currently flagged [INCONSISTENCY] } indirection(obj); indirection(null); diff --git a/javascript/ql/test/library-tests/TaintTracking/implied-receiver.js b/javascript/ql/test/library-tests/TaintTracking/implied-receiver.js new file mode 100644 index 000000000000..5fb230ee7b61 --- /dev/null +++ b/javascript/ql/test/library-tests/TaintTracking/implied-receiver.js @@ -0,0 +1,11 @@ +import 'dummy'; + +function Foo() { + this.foo = source(); + var obj = { + bar: function() { + sink(this.foo); // NOT OK + } + }; + Object.assign(this, obj); +} diff --git a/javascript/ql/test/library-tests/TaintTracking/nested-props.js b/javascript/ql/test/library-tests/TaintTracking/nested-props.js index a5ea3cc248be..e3878b1a1854 100644 --- a/javascript/ql/test/library-tests/TaintTracking/nested-props.js +++ b/javascript/ql/test/library-tests/TaintTracking/nested-props.js @@ -57,7 +57,7 @@ function doLoadLoad(obj) { } function storeBackloadCallLoadLoadReturn(obj) { obj.x.y = source(); - sink(doLoadStore(obj)); // NOT OK - but not found + sink(doLoadStore(obj)); // NOT OK - but not found [INCONSISTENCY] } function doStoreReturn(val) { diff --git a/javascript/ql/test/library-tests/TaintTracking/object-bypass-sanitizer.js b/javascript/ql/test/library-tests/TaintTracking/object-bypass-sanitizer.js index 129b3ed7b329..bc12c0162b62 100644 --- a/javascript/ql/test/library-tests/TaintTracking/object-bypass-sanitizer.js +++ b/javascript/ql/test/library-tests/TaintTracking/object-bypass-sanitizer.js @@ -20,12 +20,12 @@ function useTaintedValue(x) { function useTaintedObject(obj) { if (isSafe(obj)) { sink(obj); // OK - sink(obj.foo); // NOT OK + sink(obj.foo); // NOT OK [INCONSISTENCY] - FN caused by barriers blocking content flow } sink(sanitizer_id(obj)); // OK sink(sanitizer_id(obj.foo)); // OK - sink(sanitizer_id(obj).foo); // NOT OK + sink(sanitizer_id(obj).foo); // NOT OK [INCONSISTENCY] - FN caused by barriers blocking content flow } function test() { diff --git a/javascript/ql/test/library-tests/TaintTracking/partialCalls.js b/javascript/ql/test/library-tests/TaintTracking/partialCalls.js index e673538005c7..1fc61e96ffdf 100644 --- a/javascript/ql/test/library-tests/TaintTracking/partialCalls.js +++ b/javascript/ql/test/library-tests/TaintTracking/partialCalls.js @@ -42,7 +42,7 @@ function test() { let taintGetter = id.bind(null, taint); sink(taintGetter); // OK - this is a function object - sink(taintGetter()); // NOT OK - but not currently detected + sink(taintGetter()); // NOT OK - but not currently detected [INCONSISTENCY] function safearray(x) { sink(x); // OK diff --git a/javascript/ql/test/library-tests/TaintTracking/promise.js b/javascript/ql/test/library-tests/TaintTracking/promise.js index 9714d258df5d..6401cd971a2c 100644 --- a/javascript/ql/test/library-tests/TaintTracking/promise.js +++ b/javascript/ql/test/library-tests/TaintTracking/promise.js @@ -10,5 +10,35 @@ function closure() { sink(Promise.resolve(source())); // NOT OK let resolver = Promise.withResolver(); resolver.resolve(source()); - sink(resolver.promise); // NOT OK -} \ No newline at end of file + sink(resolver.promise); // NOT OK [INCONSISTENCY] - flow summary for withResolver() currently not working +} + +function exceptionThroughThen() { + return new Promise((resolve, reject) => { + reject(new Error(source())); + }) + .then(x => "safe") + .then(x => "safe") + .then(x => "safe") + .catch(e => { + sink(e); // NOT OK + }) +} + +function exceptionThroughThen2() { + return new Promise((resolve, reject) => { + resolve("safe") + }) + .then(x => { + throw new Error(source()) + }) + .then(x => "safe") + .then(x => "safe") + .catch(e => { + sink(e); // NOT OK + }) +} + +function promiseAllTaint() { + sink(Promise.all(source())); // NOT OK +} diff --git a/javascript/ql/test/library-tests/TaintTracking/sanitizer-guards.js b/javascript/ql/test/library-tests/TaintTracking/sanitizer-guards.js index 8aaa9fd24e27..14f4139ca083 100644 --- a/javascript/ql/test/library-tests/TaintTracking/sanitizer-guards.js +++ b/javascript/ql/test/library-tests/TaintTracking/sanitizer-guards.js @@ -1,8 +1,8 @@ function test() { let x = source(); - + sink(x); // NOT OK - + if (isSafe(x)) { sink(x); // OK } @@ -18,7 +18,7 @@ class C { sink(this.x); // OK addEventListener('hey', () => { - sink(this.x); // OK - but still flagged + sink(this.x); // OK - but still flagged [INCONSISTENCY] }); } @@ -61,7 +61,7 @@ function phi() { } else { x = null; } - sink(x); // OK + sink(x); // OK [INCONSISTENCY] - dataflow2 cannot block the phi edge } function phi2() { @@ -77,13 +77,13 @@ function phi2() { function falsy() { let x = source(); - + sink(x); // NOT OK - + if (x) { - sink(x); // OK (for taint-tracking) + sink(x); // NOT OK (for taint-tracking) } else { - sink(x); // NOT OK + sink(x); // OK } } diff --git a/javascript/ql/test/library-tests/TaintTracking/stringification-read-steps.js b/javascript/ql/test/library-tests/TaintTracking/stringification-read-steps.js new file mode 100644 index 000000000000..a17bd43aa69e --- /dev/null +++ b/javascript/ql/test/library-tests/TaintTracking/stringification-read-steps.js @@ -0,0 +1,31 @@ +import 'dummy'; + +function makeObject() { + return { + foo: { + bar: { + baz: source() + } + } + }; +} + +function test() { + const object = makeObject(); + + sink(object); // OK + sink(JSON.stringify(object)); // NOT OK + sink(object); // OK +} + +function testCapture() { + const object = makeObject(); + + sink(object); // OK + sink(JSON.stringify(object)); // NOT OK + sink(object); // OK - use-use flow should not see the effects of the implicit read in JSON.stringify + + function capture() { + object; + } +} diff --git a/javascript/ql/test/library-tests/TypeScript/ImportEquals/tests.expected b/javascript/ql/test/library-tests/TypeScript/ImportEquals/tests.expected index 4299e997ca85..d891fe49179e 100644 --- a/javascript/ql/test/library-tests/TypeScript/ImportEquals/tests.expected +++ b/javascript/ql/test/library-tests/TypeScript/ImportEquals/tests.expected @@ -1,3 +1,4 @@ +legacyDataFlowDifference dataFlowModuleImports | ./esDefaultExport | tst.ts:1:26:1:53 | require ... xport') | | ./esNamedExports | tst.ts:2:18:2:44 | require ... ports') | @@ -29,4 +30,4 @@ resolution | tst.ts:10:1:10:20 | new NodeFullExport() | nodeFullExport.ts:3:18:3:40 | class N ... port {} | tst.ts | NodeFullExport | nodeFullExport.ts | | tst.ts:11:1:11:31 | new nod ... xport() | nodeNamedExport.ts:3:27:3:50 | class N ... port {} | tst.ts | NodeNamedExport | nodeNamedExport.ts | taint -| test taint config | taintSource.ts:3:27:3:47 | externa ... ource() | tst.ts:18:19:18:42 | taintSo ... edValue | +| taintSource.ts:3:27:3:47 | externa ... ource() | tst.ts:18:19:18:42 | taintSo ... edValue | diff --git a/javascript/ql/test/library-tests/TypeScript/ImportEquals/tests.ql b/javascript/ql/test/library-tests/TypeScript/ImportEquals/tests.ql index c7bc19292092..caa919ffe8d4 100644 --- a/javascript/ql/test/library-tests/TypeScript/ImportEquals/tests.ql +++ b/javascript/ql/test/library-tests/TypeScript/ImportEquals/tests.ql @@ -38,18 +38,26 @@ query predicate resolution( klassFile = klass.getFile().getBaseName() } -class TaintConfig extends TaintTracking::Configuration { - TaintConfig() { this = "test taint config" } - - override predicate isSource(DataFlow::Node node) { +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node = DataFlow::moduleImport("externalTaintSource").getACall() } - override predicate isSink(DataFlow::Node node) { + predicate isSink(DataFlow::Node node) { node = DataFlow::moduleImport("externalTaintSink").getACall().getArgument(0) } } -query predicate taint(TaintConfig cfg, DataFlow::Node source, DataFlow::Node sink) { - cfg.hasFlow(source, sink) +module TestFlow = TaintTracking::Global; + +query predicate taint = TestFlow::flow/2; + +class LegacyConfig extends TaintTracking::Configuration { + LegacyConfig() { this = "LegacyConfig" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } } + +import testUtilities.LegacyDataFlowDiff::DataFlowDiff diff --git a/javascript/ql/test/library-tests/frameworks/Angular2/test.expected b/javascript/ql/test/library-tests/frameworks/Angular2/test.expected index f09f0aed3b45..acf97ab947e5 100644 --- a/javascript/ql/test/library-tests/frameworks/Angular2/test.expected +++ b/javascript/ql/test/library-tests/frameworks/Angular2/test.expected @@ -1,3 +1,4 @@ +legacyDataFlowDifference pipeRef | source.component.html:3:22:3:32 | unknownPipe | | source.component.html:4:22:4:32 | unknownPipe | diff --git a/javascript/ql/test/library-tests/frameworks/Angular2/test.ql b/javascript/ql/test/library-tests/frameworks/Angular2/test.ql index 5ff996111211..ee5dc370eee8 100644 --- a/javascript/ql/test/library-tests/frameworks/Angular2/test.ql +++ b/javascript/ql/test/library-tests/frameworks/Angular2/test.ql @@ -14,21 +14,31 @@ query Angular2::PipeClass pipeClass() { any() } query DataFlow::Node pipeClassRef(Angular2::PipeClass cls) { result = cls.getAPipeRef() } -class TaintConfig extends TaintTracking::Configuration { - TaintConfig() { this = "TaintConfig" } - - override predicate isSource(DataFlow::Node source) { +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.(DataFlow::CallNode).getCalleeName() = "source" } - override predicate isSink(DataFlow::Node sink) { sink instanceof DomBasedXss::Sink } + predicate isSink(DataFlow::Node sink) { sink instanceof DomBasedXss::Sink } } +module TestFlow = TaintTracking::Global; + query predicate taintFlow(DataFlow::Node source, DataFlow::Node sink) { - any(TaintConfig c).hasFlow(source, sink) + TestFlow::flow(source, sink) } query predicate testAttrSourceLocation(HTML::Attribute attrib, Angular2::TemplateTopLevel top) { attrib.getName() = "[testAttr]" and top = attrib.getCodeInAttribute() } + +class LegacyConfig extends TaintTracking::Configuration { + LegacyConfig() { this = "LegacyConfig" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } +} + +import testUtilities.LegacyDataFlowDiff::DataFlowDiff diff --git a/javascript/ql/test/library-tests/frameworks/AsyncPackage/AsyncTaintTracking.expected b/javascript/ql/test/library-tests/frameworks/AsyncPackage/AsyncTaintTracking.expected index 2c2b8fec2ccf..50e18f938a56 100644 --- a/javascript/ql/test/library-tests/frameworks/AsyncPackage/AsyncTaintTracking.expected +++ b/javascript/ql/test/library-tests/frameworks/AsyncPackage/AsyncTaintTracking.expected @@ -1,3 +1,5 @@ +legacyDataFlowDifference +#select | each.js:11:9:11:16 | source() | each.js:13:12:13:15 | item | | map.js:10:13:10:20 | source() | map.js:12:14:12:17 | item | | map.js:20:19:20:26 | source() | map.js:23:27:23:32 | result | diff --git a/javascript/ql/test/library-tests/frameworks/AsyncPackage/AsyncTaintTracking.ql b/javascript/ql/test/library-tests/frameworks/AsyncPackage/AsyncTaintTracking.ql index 7d591e1b48bd..f3afe84d75a0 100644 --- a/javascript/ql/test/library-tests/frameworks/AsyncPackage/AsyncTaintTracking.ql +++ b/javascript/ql/test/library-tests/frameworks/AsyncPackage/AsyncTaintTracking.ql @@ -2,14 +2,24 @@ import javascript DataFlow::CallNode getACall(string name) { result.getCalleeName() = name } -class BasicConfig extends TaintTracking::Configuration { - BasicConfig() { this = "BasicConfig" } +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node = getACall("source") } - override predicate isSource(DataFlow::Node node) { node = getACall("source") } + predicate isSink(DataFlow::Node node) { node = getACall("sink").getAnArgument() } +} + +module TestFlow = TaintTracking::Global; + +class LegacyConfig extends TaintTracking::Configuration { + LegacyConfig() { this = "LegacyConfig" } - override predicate isSink(DataFlow::Node node) { node = getACall("sink").getAnArgument() } + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } } -from BasicConfig cfg, DataFlow::Node src, DataFlow::Node sink -where cfg.hasFlow(src, sink) +import testUtilities.LegacyDataFlowDiff::DataFlowDiff + +from DataFlow::Node src, DataFlow::Node sink +where TestFlow::flow(src, sink) select src, sink diff --git a/javascript/ql/test/library-tests/frameworks/Collections/test.expected b/javascript/ql/test/library-tests/frameworks/Collections/test.expected index 9baf749a831c..db33c8d3f86a 100644 --- a/javascript/ql/test/library-tests/frameworks/Collections/test.expected +++ b/javascript/ql/test/library-tests/frameworks/Collections/test.expected @@ -1,19 +1,4 @@ -dataFlow -| tst.js:2:16:2:23 | source() | tst.js:7:7:7:7 | e | -| tst.js:2:16:2:23 | source() | tst.js:11:10:11:10 | e | -| tst.js:2:16:2:23 | source() | tst.js:17:10:17:10 | v | -| tst.js:2:16:2:23 | source() | tst.js:21:10:21:14 | value | -| tst.js:2:16:2:23 | source() | tst.js:26:10:26:14 | value | -| tst.js:2:16:2:23 | source() | tst.js:30:7:30:7 | e | -| tst.js:2:16:2:23 | source() | tst.js:34:7:34:7 | e | -| tst.js:2:16:2:23 | source() | tst.js:38:7:38:7 | e | -| tst.js:2:16:2:23 | source() | tst.js:42:7:42:7 | e | -| tst.js:2:16:2:23 | source() | tst.js:46:7:46:7 | e | -| tst.js:2:16:2:23 | source() | tst.js:50:10:50:10 | e | -| tst.js:2:16:2:23 | source() | tst.js:53:8:53:21 | map.get("key") | -| tst.js:2:16:2:23 | source() | tst.js:59:8:59:22 | map2.get("foo") | -| tst.js:2:16:2:23 | source() | tst.js:64:8:64:26 | map3.get(unknown()) | -| tst.js:2:16:2:23 | source() | tst.js:69:8:69:26 | map3.get(unknown()) | +legacyDataFlowDifference typeTracking | tst.js:2:16:2:23 | source() | tst.js:2:16:2:23 | source() | | tst.js:2:16:2:23 | source() | tst.js:6:14:6:14 | e | @@ -31,3 +16,19 @@ typeTracking | tst.js:2:16:2:23 | source() | tst.js:59:8:59:22 | map2.get("foo") | | tst.js:2:16:2:23 | source() | tst.js:64:8:64:26 | map3.get(unknown()) | | tst.js:2:16:2:23 | source() | tst.js:69:8:69:26 | map3.get(unknown()) | +dataFlow +| tst.js:2:16:2:23 | source() | tst.js:7:7:7:7 | e | +| tst.js:2:16:2:23 | source() | tst.js:11:10:11:10 | e | +| tst.js:2:16:2:23 | source() | tst.js:17:10:17:10 | v | +| tst.js:2:16:2:23 | source() | tst.js:21:10:21:14 | value | +| tst.js:2:16:2:23 | source() | tst.js:26:10:26:14 | value | +| tst.js:2:16:2:23 | source() | tst.js:30:7:30:7 | e | +| tst.js:2:16:2:23 | source() | tst.js:34:7:34:7 | e | +| tst.js:2:16:2:23 | source() | tst.js:38:7:38:7 | e | +| tst.js:2:16:2:23 | source() | tst.js:42:7:42:7 | e | +| tst.js:2:16:2:23 | source() | tst.js:46:7:46:7 | e | +| tst.js:2:16:2:23 | source() | tst.js:50:10:50:10 | e | +| tst.js:2:16:2:23 | source() | tst.js:53:8:53:21 | map.get("key") | +| tst.js:2:16:2:23 | source() | tst.js:59:8:59:22 | map2.get("foo") | +| tst.js:2:16:2:23 | source() | tst.js:64:8:64:26 | map3.get(unknown()) | +| tst.js:2:16:2:23 | source() | tst.js:69:8:69:26 | map3.get(unknown()) | diff --git a/javascript/ql/test/library-tests/frameworks/Collections/test.ql b/javascript/ql/test/library-tests/frameworks/Collections/test.ql index 9e3561fa844f..f55cce9e0353 100644 --- a/javascript/ql/test/library-tests/frameworks/Collections/test.ql +++ b/javascript/ql/test/library-tests/frameworks/Collections/test.ql @@ -1,21 +1,29 @@ import javascript -class Config extends DataFlow::Configuration { - Config() { this = "Config" } - - override predicate isSource(DataFlow::Node source) { +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.(DataFlow::CallNode).getCalleeName() = "source" } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { exists(DataFlow::CallNode call | call.getCalleeName() = "sink" | call.getAnArgument() = sink) } } -query predicate dataFlow(DataFlow::Node pred, DataFlow::Node succ) { - any(Config c).hasFlow(pred, succ) +module TestFlow = DataFlow::Global; + +query predicate dataFlow = TestFlow::flow/2; + +class LegacyConfig extends DataFlow::Configuration { + LegacyConfig() { this = "Config" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } } +import testUtilities.LegacyDataFlowDiff::DataFlowDiff + DataFlow::SourceNode trackSource(DataFlow::TypeTracker t, DataFlow::SourceNode start) { t.start() and result.(DataFlow::CallNode).getCalleeName() = "source" and diff --git a/javascript/ql/test/library-tests/frameworks/ComposedFunctions/compose.expected b/javascript/ql/test/library-tests/frameworks/ComposedFunctions/compose.expected index 932f4ea6d43a..2550bfedb055 100644 --- a/javascript/ql/test/library-tests/frameworks/ComposedFunctions/compose.expected +++ b/javascript/ql/test/library-tests/frameworks/ComposedFunctions/compose.expected @@ -1,3 +1,5 @@ +legacyDataFlowDifference +#select | tst.js:10:10:10:15 | source | | tst.js:15:10:15:13 | f1() | | tst.js:20:10:20:24 | lcompose1(f2)() | diff --git a/javascript/ql/test/library-tests/frameworks/ComposedFunctions/compose.ql b/javascript/ql/test/library-tests/frameworks/ComposedFunctions/compose.ql index d303fba17c95..dba04b72ef18 100644 --- a/javascript/ql/test/library-tests/frameworks/ComposedFunctions/compose.ql +++ b/javascript/ql/test/library-tests/frameworks/ComposedFunctions/compose.ql @@ -1,13 +1,11 @@ import javascript -class ExampleConfiguration extends TaintTracking::Configuration { - ExampleConfiguration() { this = "ExampleConfiguration" } - - override predicate isSource(DataFlow::Node source) { +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.asExpr().(CallExpr).getCalleeName() = "SOURCE" } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { exists(CallExpr callExpr | callExpr.getCalleeName() = "SINK" and DataFlow::valueNode(callExpr.getArgument(0)) = sink @@ -15,6 +13,18 @@ class ExampleConfiguration extends TaintTracking::Configuration { } } -from ExampleConfiguration cfg, DataFlow::Node source, DataFlow::Node sink -where cfg.hasFlow(source, sink) +module TestFlow = TaintTracking::Global; + +class LegacyConfig extends TaintTracking::Configuration { + LegacyConfig() { this = "LegacyConfig" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } +} + +import testUtilities.LegacyDataFlowDiff::DataFlowDiff + +from DataFlow::Node source, DataFlow::Node sink +where TestFlow::flow(source, sink) select sink diff --git a/javascript/ql/test/library-tests/frameworks/Immutable/tests.expected b/javascript/ql/test/library-tests/frameworks/Immutable/tests.expected index 6edc4ee1a963..e071504bfcfd 100644 --- a/javascript/ql/test/library-tests/frameworks/Immutable/tests.expected +++ b/javascript/ql/test/library-tests/frameworks/Immutable/tests.expected @@ -1,3 +1,5 @@ +legacyDataFlowDifference +dataFlow | immutable.js:1:16:1:26 | source("a") | immutable.js:2:6:2:13 | obj["a"] | | immutable.js:1:16:1:26 | source("a") | immutable.js:11:6:11:18 | map1.get("a") | | immutable.js:1:16:1:26 | source("a") | immutable.js:12:6:12:18 | map2.get("a") | diff --git a/javascript/ql/test/library-tests/frameworks/Immutable/tests.ql b/javascript/ql/test/library-tests/frameworks/Immutable/tests.ql index 58d12ea774f3..d530e770093d 100644 --- a/javascript/ql/test/library-tests/frameworks/Immutable/tests.ql +++ b/javascript/ql/test/library-tests/frameworks/Immutable/tests.ql @@ -1,18 +1,26 @@ import javascript private import semmle.javascript.dataflow.internal.StepSummary -class Config extends DataFlow::Configuration { - Config() { this = "Config" } - - override predicate isSource(DataFlow::Node source) { +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.(DataFlow::CallNode).getCalleeName() = "source" } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { exists(DataFlow::CallNode call | call.getCalleeName() = "sink" | call.getAnArgument() = sink) } } -query predicate dataFlow(DataFlow::Node pred, DataFlow::Node succ) { - any(Config c).hasFlow(pred, succ) +module TestFlow = DataFlow::Global; + +class LegacyConfig extends DataFlow::Configuration { + LegacyConfig() { this = "Config" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } } + +query predicate dataFlow = TestFlow::flow/2; + +import testUtilities.LegacyDataFlowDiff::DataFlowDiff diff --git a/javascript/ql/test/library-tests/frameworks/Next/tests.expected b/javascript/ql/test/library-tests/frameworks/Next/tests.expected index ced2e1f3fe1c..9e9f6878b53e 100644 --- a/javascript/ql/test/library-tests/frameworks/Next/tests.expected +++ b/javascript/ql/test/library-tests/frameworks/Next/tests.expected @@ -1,3 +1,4 @@ +legacyDataFlowDifference remoteFlow | pages/[my-fallback-id].jsx:9:40:9:45 | params | | pages/secondpage.jsx:5:17:5:27 | ctx.req.url | diff --git a/javascript/ql/test/library-tests/frameworks/Next/tests.ql b/javascript/ql/test/library-tests/frameworks/Next/tests.ql index 134efa0faf1e..98f4185b9ecc 100644 --- a/javascript/ql/test/library-tests/frameworks/Next/tests.ql +++ b/javascript/ql/test/library-tests/frameworks/Next/tests.ql @@ -2,18 +2,26 @@ import javascript query RemoteFlowSource remoteFlow() { any() } -class Config extends DataFlow::Configuration { - Config() { this = "Config" } - - override predicate isSource(DataFlow::Node source) { +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.(DataFlow::CallNode).getCalleeName() = "source" } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { exists(DataFlow::CallNode call | call.getCalleeName() = "sink" | call.getAnArgument() = sink) } } -query predicate dataFlow(DataFlow::Node pred, DataFlow::Node succ) { - any(Config c).hasFlow(pred, succ) +module TestFlow = DataFlow::Global; + +class LegacyConfig extends DataFlow::Configuration { + LegacyConfig() { this = "Config" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } } + +import testUtilities.LegacyDataFlowDiff::DataFlowDiff + +query predicate dataFlow = TestFlow::flow/2; diff --git a/javascript/ql/test/library-tests/frameworks/PropertyProjection/PropertyInjectionTaint.expected b/javascript/ql/test/library-tests/frameworks/PropertyProjection/PropertyInjectionTaint.expected index 9244a0a94910..f7bcb9f8abcc 100644 --- a/javascript/ql/test/library-tests/frameworks/PropertyProjection/PropertyInjectionTaint.expected +++ b/javascript/ql/test/library-tests/frameworks/PropertyProjection/PropertyInjectionTaint.expected @@ -1,3 +1,5 @@ +legacyDataFlowDifference +#select | tst.js:25:10:25:15 | source | | tst.js:32:10:32:27 | _.pick(tainted, s) | | tst.js:33:10:33:26 | _.get(tainted, s) | diff --git a/javascript/ql/test/library-tests/frameworks/PropertyProjection/PropertyInjectionTaint.ql b/javascript/ql/test/library-tests/frameworks/PropertyProjection/PropertyInjectionTaint.ql index d303fba17c95..dba04b72ef18 100644 --- a/javascript/ql/test/library-tests/frameworks/PropertyProjection/PropertyInjectionTaint.ql +++ b/javascript/ql/test/library-tests/frameworks/PropertyProjection/PropertyInjectionTaint.ql @@ -1,13 +1,11 @@ import javascript -class ExampleConfiguration extends TaintTracking::Configuration { - ExampleConfiguration() { this = "ExampleConfiguration" } - - override predicate isSource(DataFlow::Node source) { +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.asExpr().(CallExpr).getCalleeName() = "SOURCE" } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { exists(CallExpr callExpr | callExpr.getCalleeName() = "SINK" and DataFlow::valueNode(callExpr.getArgument(0)) = sink @@ -15,6 +13,18 @@ class ExampleConfiguration extends TaintTracking::Configuration { } } -from ExampleConfiguration cfg, DataFlow::Node source, DataFlow::Node sink -where cfg.hasFlow(source, sink) +module TestFlow = TaintTracking::Global; + +class LegacyConfig extends TaintTracking::Configuration { + LegacyConfig() { this = "LegacyConfig" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } +} + +import testUtilities.LegacyDataFlowDiff::DataFlowDiff + +from DataFlow::Node source, DataFlow::Node sink +where TestFlow::flow(source, sink) select sink diff --git a/javascript/ql/test/library-tests/frameworks/ReactJS/tests.expected b/javascript/ql/test/library-tests/frameworks/ReactJS/tests.expected index 491c75275988..e3b226f74f90 100644 --- a/javascript/ql/test/library-tests/frameworks/ReactJS/tests.expected +++ b/javascript/ql/test/library-tests/frameworks/ReactJS/tests.expected @@ -100,6 +100,7 @@ test_ReactComponent_ref | es5.js:18:33:22:1 | {\\n ren ... ;\\n }\\n} | es5.js:18:33:22:1 | {\\n ren ... ;\\n }\\n} | | es5.js:18:33:22:1 | {\\n ren ... ;\\n }\\n} | es5.js:19:11:19:10 | this | | es5.js:18:33:22:1 | {\\n ren ... ;\\n }\\n} | es5.js:20:24:20:27 | this | +| es6.js:1:1:8:1 | class H ... ;\\n }\\n} | es6.js:1:37:1:36 | implicit 'this' argument of super(...args) | | es6.js:1:1:8:1 | class H ... ;\\n }\\n} | es6.js:1:37:1:36 | this | | es6.js:1:1:8:1 | class H ... ;\\n }\\n} | es6.js:2:9:2:8 | this | | es6.js:1:1:8:1 | class H ... ;\\n }\\n} | es6.js:3:24:3:27 | this | @@ -110,24 +111,31 @@ test_ReactComponent_ref | es6.js:14:1:20:1 | class H ... }\\n} | es6.js:18:9:18:12 | this | | exportedComponent.jsx:1:8:3:1 | functio ... r}}/>\\n} | exportedComponent.jsx:1:8:1:7 | this | | importedComponent.jsx:3:8:5:1 | functio ... or}/>\\n} | importedComponent.jsx:3:8:3:7 | this | +| namedImport.js:3:1:3:28 | class C ... nent {} | namedImport.js:3:27:3:26 | implicit 'this' argument of super(...args) | | namedImport.js:3:1:3:28 | class C ... nent {} | namedImport.js:3:27:3:26 | this | +| namedImport.js:5:1:5:20 | class D extends C {} | namedImport.js:5:19:5:18 | implicit 'this' argument of super(...args) | | namedImport.js:5:1:5:20 | class D extends C {} | namedImport.js:5:19:5:18 | this | | plainfn.js:1:1:3:1 | functio ... div>;\\n} | plainfn.js:1:1:1:0 | this | | plainfn.js:5:1:7:1 | functio ... iv");\\n} | plainfn.js:5:1:5:0 | this | | plainfn.js:9:1:12:1 | functio ... rn x;\\n} | plainfn.js:9:1:9:0 | this | | plainfn.js:20:1:24:1 | functio ... n 42;\\n} | plainfn.js:20:1:20:0 | this | +| preact.js:1:1:7:1 | class H ... }\\n} | preact.js:1:38:1:37 | implicit 'this' argument of super(...args) | | preact.js:1:1:7:1 | class H ... }\\n} | preact.js:1:38:1:37 | this | | preact.js:1:1:7:1 | class H ... }\\n} | preact.js:2:11:2:10 | this | +| preact.js:9:1:11:1 | class H ... nt {\\n\\n} | preact.js:9:38:9:37 | implicit 'this' argument of super(...args) | | preact.js:9:1:11:1 | class H ... nt {\\n\\n} | preact.js:9:38:9:37 | this | +| probably-a-component.js:1:1:6:1 | class H ... }\\n} | probably-a-component.js:1:31:1:30 | implicit 'this' argument of super(...args) | | probably-a-component.js:1:1:6:1 | class H ... }\\n} | probably-a-component.js:1:31:1:30 | this | | probably-a-component.js:1:1:6:1 | class H ... }\\n} | probably-a-component.js:2:11:2:10 | this | | probably-a-component.js:1:1:6:1 | class H ... }\\n} | probably-a-component.js:3:9:3:12 | this | +| props.js:2:5:3:5 | class C ... {\\n } | props.js:2:37:2:36 | implicit 'this' argument of super(...args) | | props.js:2:5:3:5 | class C ... {\\n } | props.js:2:37:2:36 | this | | props.js:2:5:3:5 | class C ... {\\n } | props.js:9:5:9:55 | new C({ ... ctor"}) | | props.js:13:31:17:5 | {\\n ... }\\n } | props.js:13:31:17:5 | {\\n ... }\\n } | | props.js:13:31:17:5 | {\\n ... }\\n } | props.js:14:24:14:23 | this | | props.js:26:5:28:5 | functio ... ;\\n } | props.js:26:5:26:4 | this | | props.js:26:5:28:5 | functio ... ;\\n } | props.js:34:5:34:55 | new C({ ... ctor"}) | +| rare-lifecycle-methods.js:1:1:11:1 | class C ... }\\n} | rare-lifecycle-methods.js:1:33:1:32 | implicit 'this' argument of super(...args) | | rare-lifecycle-methods.js:1:1:11:1 | class C ... }\\n} | rare-lifecycle-methods.js:1:33:1:32 | this | | rare-lifecycle-methods.js:1:1:11:1 | class C ... }\\n} | rare-lifecycle-methods.js:2:36:2:35 | this | | rare-lifecycle-methods.js:1:1:11:1 | class C ... }\\n} | rare-lifecycle-methods.js:5:26:5:25 | this | diff --git a/javascript/ql/test/library-tests/frameworks/Redux/test.expected b/javascript/ql/test/library-tests/frameworks/Redux/test.expected index 6a3675fea00e..62997826b366 100644 --- a/javascript/ql/test/library-tests/frameworks/Redux/test.expected +++ b/javascript/ql/test/library-tests/frameworks/Redux/test.expected @@ -1,3 +1,5 @@ +legacyDataFlowDifference +| react-redux.jsx:70:30:70:37 | source() | react-redux.jsx:77:10:77:28 | props.propFromAsync | only flow with OLD data flow library | reducerArg | exportedReducer.js:12:12:12:35 | (state, ... > state | | react-redux.jsx:12:33:17:9 | (state, ... } | @@ -111,7 +113,6 @@ taintFlow | react-redux.jsx:69:31:69:38 | source() | react-redux.jsx:74:10:74:35 | props.p ... lAction | | react-redux.jsx:69:31:69:38 | source() | react-redux.jsx:75:10:75:36 | props.p ... Action2 | | react-redux.jsx:69:31:69:38 | source() | react-redux.jsx:76:10:76:36 | props.p ... Action3 | -| react-redux.jsx:70:30:70:37 | source() | react-redux.jsx:77:10:77:28 | props.propFromAsync | reactComponentRef | accessPaths.js:7:1:15:1 | functio ... pan>;\\n} | accessPaths.js:7:1:15:1 | functio ... pan>;\\n} | | react-redux.jsx:64:1:80:1 | functio ... r}}/>\\n} | react-redux.jsx:64:1:80:1 | functio ... r}}/>\\n} | diff --git a/javascript/ql/test/library-tests/frameworks/Redux/test.ql b/javascript/ql/test/library-tests/frameworks/Redux/test.ql index 882aaeb616cf..0cf6c7913ad2 100644 --- a/javascript/ql/test/library-tests/frameworks/Redux/test.ql +++ b/javascript/ql/test/library-tests/frameworks/Redux/test.ql @@ -44,20 +44,28 @@ query predicate reducerToStateStep = Redux::reducerToStateStep/2; query Redux::StoreCreation storeCreation() { any() } -class BasicTaint extends TaintTracking::Configuration { - BasicTaint() { this = "BasicTaint" } +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node.(DataFlow::CallNode).getCalleeName() = "source" } - override predicate isSource(DataFlow::Node node) { - node.(DataFlow::CallNode).getCalleeName() = "source" - } - - override predicate isSink(DataFlow::Node node) { + predicate isSink(DataFlow::Node node) { node = any(DataFlow::CallNode call | call.getCalleeName() = "sink").getAnArgument() } } +module TestFlow = TaintTracking::Global; + +class LegacyConfig extends TaintTracking::Configuration { + LegacyConfig() { this = "LegacyConfig" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } +} + +import testUtilities.LegacyDataFlowDiff::DataFlowDiff + query predicate taintFlow(DataFlow::Node source, DataFlow::Node sink) { - any(BasicTaint cfg).hasFlow(source, sink) + TestFlow::flow(source, sink) } query DataFlow::SourceNode reactComponentRef(ReactComponent component) { diff --git a/javascript/ql/test/library-tests/frameworks/Restify2/tests.ql b/javascript/ql/test/library-tests/frameworks/Restify2/tests.ql index e385b5584586..720f35ba21d5 100644 --- a/javascript/ql/test/library-tests/frameworks/Restify2/tests.ql +++ b/javascript/ql/test/library-tests/frameworks/Restify2/tests.ql @@ -57,9 +57,7 @@ query predicate passingPositiveTests(string res, string expectation, InlineTest exists(ReflectedXss::Sink n | t.inNode(n)) or expectation = "xss" and - exists(XssConfig::Configuration cfg, DataFlow::Node sink | - cfg.hasFlow(_, sink) and t.inNode(sink) - ) + exists(DataFlow::Node sink | XssConfig::ReflectedXssFlow::flowTo(sink) and t.inNode(sink)) or expectation = "cleartextStorageSink" and exists(CleartextStorage::Sink n | t.inNode(n)) @@ -107,9 +105,7 @@ query predicate failingPositiveTests(string res, string expectation, InlineTest not exists(ReflectedXss::Sink n | t.inNode(n)) or expectation = "xss" and - not exists(XssConfig::Configuration cfg, DataFlow::Node sink | - cfg.hasFlow(_, sink) and t.inNode(sink) - ) + not exists(DataFlow::Node sink | XssConfig::ReflectedXssFlow::flowTo(sink) and t.inNode(sink)) or expectation = "cleartextStorageSink" and not exists(CleartextStorage::Sink n | t.inNode(n)) @@ -157,9 +153,7 @@ query predicate passingNegativeTests(string res, string expectation, InlineTest not exists(ReflectedXss::Sink n | t.inNode(n)) or expectation = "!xss" and - not exists(XssConfig::Configuration cfg, DataFlow::Node sink | - cfg.hasFlow(_, sink) and t.inNode(sink) - ) + not exists(DataFlow::Node sink | XssConfig::ReflectedXssFlow::flowTo(sink) and t.inNode(sink)) or expectation = "!cleartextStorageSink" and not exists(CleartextStorage::Sink n | t.inNode(n)) @@ -207,9 +201,7 @@ query predicate failingNegativeTests(string res, string expectation, InlineTest exists(ReflectedXss::Sink n | t.inNode(n)) or expectation = "!xss" and - exists(XssConfig::Configuration cfg, DataFlow::Node sink | - cfg.hasFlow(_, sink) and t.inNode(sink) - ) + exists(DataFlow::Node sink | XssConfig::ReflectedXssFlow::flowTo(sink) and t.inNode(sink)) or expectation = "!cleartextStorageSink" and exists(CleartextStorage::Sink n | t.inNode(n)) diff --git a/javascript/ql/test/library-tests/frameworks/Spife/tests.ql b/javascript/ql/test/library-tests/frameworks/Spife/tests.ql index ef785a2860be..2ea6fc4bd4c3 100644 --- a/javascript/ql/test/library-tests/frameworks/Spife/tests.ql +++ b/javascript/ql/test/library-tests/frameworks/Spife/tests.ql @@ -63,9 +63,7 @@ query predicate passingPositiveTests(string res, string expectation, InlineTest exists(ReflectedXss::Sink n | t.inNode(n)) or expectation = "xss" and - exists(XssConfig::Configuration cfg, DataFlow::Node sink | - cfg.hasFlow(_, sink) and t.inNode(sink) - ) + exists(DataFlow::Node sink | XssConfig::ReflectedXssFlow::flowTo(sink) and t.inNode(sink)) or expectation = "cleartextStorageSink" and exists(CleartextStorage::Sink n | t.inNode(n)) @@ -119,9 +117,7 @@ query predicate failingPositiveTests(string res, string expectation, InlineTest not exists(ReflectedXss::Sink n | t.inNode(n)) or expectation = "xss" and - not exists(XssConfig::Configuration cfg, DataFlow::Node sink | - cfg.hasFlow(_, sink) and t.inNode(sink) - ) + not exists(DataFlow::Node sink | XssConfig::ReflectedXssFlow::flowTo(sink) and t.inNode(sink)) or expectation = "cleartextStorageSink" and not exists(CleartextStorage::Sink n | t.inNode(n)) @@ -175,9 +171,7 @@ query predicate passingNegativeTests(string res, string expectation, InlineTest not exists(ReflectedXss::Sink n | t.inNode(n)) or expectation = "!xss" and - not exists(XssConfig::Configuration cfg, DataFlow::Node sink | - cfg.hasFlow(_, sink) and t.inNode(sink) - ) + not exists(DataFlow::Node sink | XssConfig::ReflectedXssFlow::flowTo(sink) and t.inNode(sink)) or expectation = "!cleartextStorageSink" and not exists(CleartextStorage::Sink n | t.inNode(n)) @@ -231,9 +225,7 @@ query predicate failingNegativeTests(string res, string expectation, InlineTest exists(ReflectedXss::Sink n | t.inNode(n)) or expectation = "!xss" and - exists(XssConfig::Configuration cfg, DataFlow::Node sink | - cfg.hasFlow(_, sink) and t.inNode(sink) - ) + exists(DataFlow::Node sink | XssConfig::ReflectedXssFlow::flowTo(sink) and t.inNode(sink)) or expectation = "!cleartextStorageSink" and exists(CleartextStorage::Sink n | t.inNode(n)) diff --git a/javascript/ql/test/library-tests/frameworks/Templating/CodeInjection.expected b/javascript/ql/test/library-tests/frameworks/Templating/CodeInjection.expected index 48b2111a4a2b..c84c79bbc83e 100644 --- a/javascript/ql/test/library-tests/frameworks/Templating/CodeInjection.expected +++ b/javascript/ql/test/library-tests/frameworks/Templating/CodeInjection.expected @@ -1,140 +1,83 @@ -nodes -| app.js:15:30:15:58 | req.que ... tedCode | -| app.js:15:30:15:58 | req.que ... tedCode | -| app.js:17:25:17:48 | req.que ... shSink1 | -| app.js:17:25:17:48 | req.que ... shSink1 | -| app.js:19:35:19:68 | req.que ... rString | -| app.js:19:35:19:68 | req.que ... rString | -| app.js:34:30:34:58 | req.que ... tedCode | -| app.js:34:30:34:58 | req.que ... tedCode | -| app.js:36:25:36:48 | req.que ... shSink1 | -| app.js:36:25:36:48 | req.que ... shSink1 | -| app.js:38:35:38:68 | req.que ... rString | -| app.js:38:35:38:68 | req.que ... rString | -| app.js:53:30:53:58 | req.que ... tedCode | -| app.js:53:30:53:58 | req.que ... tedCode | -| app.js:54:33:54:64 | req.que ... CodeRaw | -| app.js:54:33:54:64 | req.que ... CodeRaw | -| app.js:56:25:56:48 | req.que ... shSink1 | -| app.js:56:25:56:48 | req.que ... shSink1 | -| app.js:58:35:58:68 | req.que ... rString | -| app.js:58:35:58:68 | req.que ... rString | -| app.js:59:38:59:74 | req.que ... ringRaw | -| app.js:59:38:59:74 | req.que ... ringRaw | -| app.js:65:22:65:42 | req.que ... pedHtml | -| app.js:65:22:65:42 | req.que ... pedHtml | -| app.js:66:18:66:34 | req.query.rawHtml | -| app.js:66:18:66:34 | req.query.rawHtml | -| views/angularjs_include.ejs:2:5:2:22 | <%= escapedHtml %> | -| views/angularjs_include.ejs:2:5:2:22 | <%= escapedHtml %> | -| views/angularjs_include.ejs:2:9:2:19 | escapedHtml | -| views/angularjs_include.ejs:3:5:3:18 | <%- rawHtml %> | -| views/angularjs_include.ejs:3:5:3:18 | <%- rawHtml %> | -| views/angularjs_include.ejs:3:9:3:15 | rawHtml | -| views/angularjs_sinks.ejs:3:9:3:26 | <%= escapedHtml %> | -| views/angularjs_sinks.ejs:3:9:3:26 | <%= escapedHtml %> | -| views/angularjs_sinks.ejs:3:13:3:23 | escapedHtml | -| views/angularjs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | -| views/angularjs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | -| views/angularjs_sinks.ejs:4:13:4:19 | rawHtml | -| views/ejs_sinks.ejs:13:39:13:64 | <%= dataInGeneratedCode %> | -| views/ejs_sinks.ejs:13:39:13:64 | <%= dataInGeneratedCode %> | -| views/ejs_sinks.ejs:13:43:13:61 | dataInGeneratedCode | -| views/ejs_sinks.ejs:16:19:16:39 | <%= backslashSink1 %> | -| views/ejs_sinks.ejs:16:19:16:39 | <%= backslashSink1 %> | -| views/ejs_sinks.ejs:16:23:16:36 | backslashSink1 | -| views/ejs_sinks.ejs:21:39:21:69 | <%= dataInEventHandlerString %> | -| views/ejs_sinks.ejs:21:39:21:69 | <%= dataInEventHandlerString %> | -| views/ejs_sinks.ejs:21:43:21:66 | dataInE ... rString | -| views/hbs_sinks.hbs:25:39:25:63 | {{ dataInGeneratedCode }} | -| views/hbs_sinks.hbs:25:39:25:63 | {{ dataInGeneratedCode }} | -| views/hbs_sinks.hbs:25:42:25:60 | dataInGeneratedCode | -| views/hbs_sinks.hbs:28:19:28:38 | {{ backslashSink1 }} | -| views/hbs_sinks.hbs:28:19:28:38 | {{ backslashSink1 }} | -| views/hbs_sinks.hbs:28:22:28:35 | backslashSink1 | -| views/hbs_sinks.hbs:33:39:33:68 | {{ dataInEventHandlerString }} | -| views/hbs_sinks.hbs:33:39:33:68 | {{ dataInEventHandlerString }} | -| views/hbs_sinks.hbs:33:42:33:65 | dataInE ... rString | -| views/njk_sinks.njk:13:39:13:63 | {{ dataInGeneratedCode }} | -| views/njk_sinks.njk:13:39:13:63 | {{ dataInGeneratedCode }} | -| views/njk_sinks.njk:13:42:13:60 | dataInGeneratedCode | -| views/njk_sinks.njk:14:42:14:76 | {{ dataInGeneratedCodeRaw \| safe }} | -| views/njk_sinks.njk:14:42:14:76 | {{ dataInGeneratedCodeRaw \| safe }} | -| views/njk_sinks.njk:14:45:14:66 | dataInG ... CodeRaw | -| views/njk_sinks.njk:14:45:14:73 | dataInG ... \| safe | -| views/njk_sinks.njk:17:19:17:38 | {{ backslashSink1 }} | -| views/njk_sinks.njk:17:19:17:38 | {{ backslashSink1 }} | -| views/njk_sinks.njk:17:22:17:35 | backslashSink1 | -| views/njk_sinks.njk:22:39:22:68 | {{ dataInEventHandlerString }} | -| views/njk_sinks.njk:22:39:22:68 | {{ dataInEventHandlerString }} | -| views/njk_sinks.njk:22:42:22:65 | dataInE ... rString | -| views/njk_sinks.njk:23:39:23:78 | {{ dataInEventHandlerStringRaw \| safe }} | -| views/njk_sinks.njk:23:39:23:78 | {{ dataInEventHandlerStringRaw \| safe }} | -| views/njk_sinks.njk:23:42:23:68 | dataInE ... ringRaw | -| views/njk_sinks.njk:23:42:23:75 | dataInE ... \| safe | edges -| app.js:15:30:15:58 | req.que ... tedCode | views/ejs_sinks.ejs:13:43:13:61 | dataInGeneratedCode | -| app.js:15:30:15:58 | req.que ... tedCode | views/ejs_sinks.ejs:13:43:13:61 | dataInGeneratedCode | -| app.js:17:25:17:48 | req.que ... shSink1 | views/ejs_sinks.ejs:16:23:16:36 | backslashSink1 | -| app.js:17:25:17:48 | req.que ... shSink1 | views/ejs_sinks.ejs:16:23:16:36 | backslashSink1 | -| app.js:19:35:19:68 | req.que ... rString | views/ejs_sinks.ejs:21:43:21:66 | dataInE ... rString | -| app.js:19:35:19:68 | req.que ... rString | views/ejs_sinks.ejs:21:43:21:66 | dataInE ... rString | -| app.js:34:30:34:58 | req.que ... tedCode | views/hbs_sinks.hbs:25:42:25:60 | dataInGeneratedCode | -| app.js:34:30:34:58 | req.que ... tedCode | views/hbs_sinks.hbs:25:42:25:60 | dataInGeneratedCode | -| app.js:36:25:36:48 | req.que ... shSink1 | views/hbs_sinks.hbs:28:22:28:35 | backslashSink1 | -| app.js:36:25:36:48 | req.que ... shSink1 | views/hbs_sinks.hbs:28:22:28:35 | backslashSink1 | -| app.js:38:35:38:68 | req.que ... rString | views/hbs_sinks.hbs:33:42:33:65 | dataInE ... rString | -| app.js:38:35:38:68 | req.que ... rString | views/hbs_sinks.hbs:33:42:33:65 | dataInE ... rString | -| app.js:53:30:53:58 | req.que ... tedCode | views/njk_sinks.njk:13:42:13:60 | dataInGeneratedCode | -| app.js:53:30:53:58 | req.que ... tedCode | views/njk_sinks.njk:13:42:13:60 | dataInGeneratedCode | -| app.js:54:33:54:64 | req.que ... CodeRaw | views/njk_sinks.njk:14:45:14:66 | dataInG ... CodeRaw | -| app.js:54:33:54:64 | req.que ... CodeRaw | views/njk_sinks.njk:14:45:14:66 | dataInG ... CodeRaw | -| app.js:56:25:56:48 | req.que ... shSink1 | views/njk_sinks.njk:17:22:17:35 | backslashSink1 | -| app.js:56:25:56:48 | req.que ... shSink1 | views/njk_sinks.njk:17:22:17:35 | backslashSink1 | -| app.js:58:35:58:68 | req.que ... rString | views/njk_sinks.njk:22:42:22:65 | dataInE ... rString | -| app.js:58:35:58:68 | req.que ... rString | views/njk_sinks.njk:22:42:22:65 | dataInE ... rString | -| app.js:59:38:59:74 | req.que ... ringRaw | views/njk_sinks.njk:23:42:23:68 | dataInE ... ringRaw | -| app.js:59:38:59:74 | req.que ... ringRaw | views/njk_sinks.njk:23:42:23:68 | dataInE ... ringRaw | -| app.js:65:22:65:42 | req.que ... pedHtml | views/angularjs_include.ejs:2:9:2:19 | escapedHtml | -| app.js:65:22:65:42 | req.que ... pedHtml | views/angularjs_include.ejs:2:9:2:19 | escapedHtml | -| app.js:65:22:65:42 | req.que ... pedHtml | views/angularjs_sinks.ejs:3:13:3:23 | escapedHtml | -| app.js:65:22:65:42 | req.que ... pedHtml | views/angularjs_sinks.ejs:3:13:3:23 | escapedHtml | -| app.js:66:18:66:34 | req.query.rawHtml | views/angularjs_include.ejs:3:9:3:15 | rawHtml | -| app.js:66:18:66:34 | req.query.rawHtml | views/angularjs_include.ejs:3:9:3:15 | rawHtml | -| app.js:66:18:66:34 | req.query.rawHtml | views/angularjs_sinks.ejs:4:13:4:19 | rawHtml | -| app.js:66:18:66:34 | req.query.rawHtml | views/angularjs_sinks.ejs:4:13:4:19 | rawHtml | -| views/angularjs_include.ejs:2:9:2:19 | escapedHtml | views/angularjs_include.ejs:2:5:2:22 | <%= escapedHtml %> | -| views/angularjs_include.ejs:2:9:2:19 | escapedHtml | views/angularjs_include.ejs:2:5:2:22 | <%= escapedHtml %> | -| views/angularjs_include.ejs:3:9:3:15 | rawHtml | views/angularjs_include.ejs:3:5:3:18 | <%- rawHtml %> | -| views/angularjs_include.ejs:3:9:3:15 | rawHtml | views/angularjs_include.ejs:3:5:3:18 | <%- rawHtml %> | -| views/angularjs_sinks.ejs:3:13:3:23 | escapedHtml | views/angularjs_sinks.ejs:3:9:3:26 | <%= escapedHtml %> | -| views/angularjs_sinks.ejs:3:13:3:23 | escapedHtml | views/angularjs_sinks.ejs:3:9:3:26 | <%= escapedHtml %> | -| views/angularjs_sinks.ejs:4:13:4:19 | rawHtml | views/angularjs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | -| views/angularjs_sinks.ejs:4:13:4:19 | rawHtml | views/angularjs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | -| views/ejs_sinks.ejs:13:43:13:61 | dataInGeneratedCode | views/ejs_sinks.ejs:13:39:13:64 | <%= dataInGeneratedCode %> | -| views/ejs_sinks.ejs:13:43:13:61 | dataInGeneratedCode | views/ejs_sinks.ejs:13:39:13:64 | <%= dataInGeneratedCode %> | -| views/ejs_sinks.ejs:16:23:16:36 | backslashSink1 | views/ejs_sinks.ejs:16:19:16:39 | <%= backslashSink1 %> | -| views/ejs_sinks.ejs:16:23:16:36 | backslashSink1 | views/ejs_sinks.ejs:16:19:16:39 | <%= backslashSink1 %> | -| views/ejs_sinks.ejs:21:43:21:66 | dataInE ... rString | views/ejs_sinks.ejs:21:39:21:69 | <%= dataInEventHandlerString %> | -| views/ejs_sinks.ejs:21:43:21:66 | dataInE ... rString | views/ejs_sinks.ejs:21:39:21:69 | <%= dataInEventHandlerString %> | -| views/hbs_sinks.hbs:25:42:25:60 | dataInGeneratedCode | views/hbs_sinks.hbs:25:39:25:63 | {{ dataInGeneratedCode }} | -| views/hbs_sinks.hbs:25:42:25:60 | dataInGeneratedCode | views/hbs_sinks.hbs:25:39:25:63 | {{ dataInGeneratedCode }} | -| views/hbs_sinks.hbs:28:22:28:35 | backslashSink1 | views/hbs_sinks.hbs:28:19:28:38 | {{ backslashSink1 }} | -| views/hbs_sinks.hbs:28:22:28:35 | backslashSink1 | views/hbs_sinks.hbs:28:19:28:38 | {{ backslashSink1 }} | -| views/hbs_sinks.hbs:33:42:33:65 | dataInE ... rString | views/hbs_sinks.hbs:33:39:33:68 | {{ dataInEventHandlerString }} | -| views/hbs_sinks.hbs:33:42:33:65 | dataInE ... rString | views/hbs_sinks.hbs:33:39:33:68 | {{ dataInEventHandlerString }} | -| views/njk_sinks.njk:13:42:13:60 | dataInGeneratedCode | views/njk_sinks.njk:13:39:13:63 | {{ dataInGeneratedCode }} | -| views/njk_sinks.njk:13:42:13:60 | dataInGeneratedCode | views/njk_sinks.njk:13:39:13:63 | {{ dataInGeneratedCode }} | -| views/njk_sinks.njk:14:45:14:66 | dataInG ... CodeRaw | views/njk_sinks.njk:14:45:14:73 | dataInG ... \| safe | -| views/njk_sinks.njk:14:45:14:73 | dataInG ... \| safe | views/njk_sinks.njk:14:42:14:76 | {{ dataInGeneratedCodeRaw \| safe }} | -| views/njk_sinks.njk:14:45:14:73 | dataInG ... \| safe | views/njk_sinks.njk:14:42:14:76 | {{ dataInGeneratedCodeRaw \| safe }} | -| views/njk_sinks.njk:17:22:17:35 | backslashSink1 | views/njk_sinks.njk:17:19:17:38 | {{ backslashSink1 }} | -| views/njk_sinks.njk:17:22:17:35 | backslashSink1 | views/njk_sinks.njk:17:19:17:38 | {{ backslashSink1 }} | -| views/njk_sinks.njk:22:42:22:65 | dataInE ... rString | views/njk_sinks.njk:22:39:22:68 | {{ dataInEventHandlerString }} | -| views/njk_sinks.njk:22:42:22:65 | dataInE ... rString | views/njk_sinks.njk:22:39:22:68 | {{ dataInEventHandlerString }} | -| views/njk_sinks.njk:23:42:23:68 | dataInE ... ringRaw | views/njk_sinks.njk:23:42:23:75 | dataInE ... \| safe | -| views/njk_sinks.njk:23:42:23:75 | dataInE ... \| safe | views/njk_sinks.njk:23:39:23:78 | {{ dataInEventHandlerStringRaw \| safe }} | -| views/njk_sinks.njk:23:42:23:75 | dataInE ... \| safe | views/njk_sinks.njk:23:39:23:78 | {{ dataInEventHandlerStringRaw \| safe }} | +| app.js:15:30:15:58 | req.que ... tedCode | views/ejs_sinks.ejs:13:43:13:61 | dataInGeneratedCode | provenance | | +| app.js:17:25:17:48 | req.que ... shSink1 | views/ejs_sinks.ejs:16:23:16:36 | backslashSink1 | provenance | | +| app.js:19:35:19:68 | req.que ... rString | views/ejs_sinks.ejs:21:43:21:66 | dataInE ... rString | provenance | | +| app.js:34:30:34:58 | req.que ... tedCode | views/hbs_sinks.hbs:25:42:25:60 | dataInGeneratedCode | provenance | | +| app.js:36:25:36:48 | req.que ... shSink1 | views/hbs_sinks.hbs:28:22:28:35 | backslashSink1 | provenance | | +| app.js:38:35:38:68 | req.que ... rString | views/hbs_sinks.hbs:33:42:33:65 | dataInE ... rString | provenance | | +| app.js:53:30:53:58 | req.que ... tedCode | views/njk_sinks.njk:13:42:13:60 | dataInGeneratedCode | provenance | | +| app.js:54:33:54:64 | req.que ... CodeRaw | views/njk_sinks.njk:14:45:14:66 | dataInG ... CodeRaw | provenance | | +| app.js:56:25:56:48 | req.que ... shSink1 | views/njk_sinks.njk:17:22:17:35 | backslashSink1 | provenance | | +| app.js:58:35:58:68 | req.que ... rString | views/njk_sinks.njk:22:42:22:65 | dataInE ... rString | provenance | | +| app.js:59:38:59:74 | req.que ... ringRaw | views/njk_sinks.njk:23:42:23:68 | dataInE ... ringRaw | provenance | | +| app.js:65:22:65:42 | req.que ... pedHtml | views/angularjs_include.ejs:2:9:2:19 | escapedHtml | provenance | | +| app.js:65:22:65:42 | req.que ... pedHtml | views/angularjs_sinks.ejs:3:13:3:23 | escapedHtml | provenance | | +| app.js:66:18:66:34 | req.query.rawHtml | views/angularjs_include.ejs:3:9:3:15 | rawHtml | provenance | | +| app.js:66:18:66:34 | req.query.rawHtml | views/angularjs_sinks.ejs:4:13:4:19 | rawHtml | provenance | | +| views/angularjs_include.ejs:2:9:2:19 | escapedHtml | views/angularjs_include.ejs:2:5:2:22 | <%= escapedHtml %> | provenance | | +| views/angularjs_include.ejs:3:9:3:15 | rawHtml | views/angularjs_include.ejs:3:5:3:18 | <%- rawHtml %> | provenance | | +| views/angularjs_sinks.ejs:3:13:3:23 | escapedHtml | views/angularjs_sinks.ejs:3:9:3:26 | <%= escapedHtml %> | provenance | | +| views/angularjs_sinks.ejs:4:13:4:19 | rawHtml | views/angularjs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | provenance | | +| views/ejs_sinks.ejs:13:43:13:61 | dataInGeneratedCode | views/ejs_sinks.ejs:13:39:13:64 | <%= dataInGeneratedCode %> | provenance | | +| views/ejs_sinks.ejs:16:23:16:36 | backslashSink1 | views/ejs_sinks.ejs:16:19:16:39 | <%= backslashSink1 %> | provenance | | +| views/ejs_sinks.ejs:21:43:21:66 | dataInE ... rString | views/ejs_sinks.ejs:21:39:21:69 | <%= dataInEventHandlerString %> | provenance | | +| views/hbs_sinks.hbs:25:42:25:60 | dataInGeneratedCode | views/hbs_sinks.hbs:25:39:25:63 | {{ dataInGeneratedCode }} | provenance | | +| views/hbs_sinks.hbs:28:22:28:35 | backslashSink1 | views/hbs_sinks.hbs:28:19:28:38 | {{ backslashSink1 }} | provenance | | +| views/hbs_sinks.hbs:33:42:33:65 | dataInE ... rString | views/hbs_sinks.hbs:33:39:33:68 | {{ dataInEventHandlerString }} | provenance | | +| views/njk_sinks.njk:13:42:13:60 | dataInGeneratedCode | views/njk_sinks.njk:13:39:13:63 | {{ dataInGeneratedCode }} | provenance | | +| views/njk_sinks.njk:14:45:14:66 | dataInG ... CodeRaw | views/njk_sinks.njk:14:45:14:73 | dataInG ... \| safe | provenance | | +| views/njk_sinks.njk:14:45:14:73 | dataInG ... \| safe | views/njk_sinks.njk:14:42:14:76 | {{ dataInGeneratedCodeRaw \| safe }} | provenance | | +| views/njk_sinks.njk:17:22:17:35 | backslashSink1 | views/njk_sinks.njk:17:19:17:38 | {{ backslashSink1 }} | provenance | | +| views/njk_sinks.njk:22:42:22:65 | dataInE ... rString | views/njk_sinks.njk:22:39:22:68 | {{ dataInEventHandlerString }} | provenance | | +| views/njk_sinks.njk:23:42:23:68 | dataInE ... ringRaw | views/njk_sinks.njk:23:42:23:75 | dataInE ... \| safe | provenance | | +| views/njk_sinks.njk:23:42:23:75 | dataInE ... \| safe | views/njk_sinks.njk:23:39:23:78 | {{ dataInEventHandlerStringRaw \| safe }} | provenance | | +nodes +| app.js:15:30:15:58 | req.que ... tedCode | semmle.label | req.que ... tedCode | +| app.js:17:25:17:48 | req.que ... shSink1 | semmle.label | req.que ... shSink1 | +| app.js:19:35:19:68 | req.que ... rString | semmle.label | req.que ... rString | +| app.js:34:30:34:58 | req.que ... tedCode | semmle.label | req.que ... tedCode | +| app.js:36:25:36:48 | req.que ... shSink1 | semmle.label | req.que ... shSink1 | +| app.js:38:35:38:68 | req.que ... rString | semmle.label | req.que ... rString | +| app.js:53:30:53:58 | req.que ... tedCode | semmle.label | req.que ... tedCode | +| app.js:54:33:54:64 | req.que ... CodeRaw | semmle.label | req.que ... CodeRaw | +| app.js:56:25:56:48 | req.que ... shSink1 | semmle.label | req.que ... shSink1 | +| app.js:58:35:58:68 | req.que ... rString | semmle.label | req.que ... rString | +| app.js:59:38:59:74 | req.que ... ringRaw | semmle.label | req.que ... ringRaw | +| app.js:65:22:65:42 | req.que ... pedHtml | semmle.label | req.que ... pedHtml | +| app.js:66:18:66:34 | req.query.rawHtml | semmle.label | req.query.rawHtml | +| views/angularjs_include.ejs:2:5:2:22 | <%= escapedHtml %> | semmle.label | <%= escapedHtml %> | +| views/angularjs_include.ejs:2:9:2:19 | escapedHtml | semmle.label | escapedHtml | +| views/angularjs_include.ejs:3:5:3:18 | <%- rawHtml %> | semmle.label | <%- rawHtml %> | +| views/angularjs_include.ejs:3:9:3:15 | rawHtml | semmle.label | rawHtml | +| views/angularjs_sinks.ejs:3:9:3:26 | <%= escapedHtml %> | semmle.label | <%= escapedHtml %> | +| views/angularjs_sinks.ejs:3:13:3:23 | escapedHtml | semmle.label | escapedHtml | +| views/angularjs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | semmle.label | <%- rawHtml %> | +| views/angularjs_sinks.ejs:4:13:4:19 | rawHtml | semmle.label | rawHtml | +| views/ejs_sinks.ejs:13:39:13:64 | <%= dataInGeneratedCode %> | semmle.label | <%= dataInGeneratedCode %> | +| views/ejs_sinks.ejs:13:43:13:61 | dataInGeneratedCode | semmle.label | dataInGeneratedCode | +| views/ejs_sinks.ejs:16:19:16:39 | <%= backslashSink1 %> | semmle.label | <%= backslashSink1 %> | +| views/ejs_sinks.ejs:16:23:16:36 | backslashSink1 | semmle.label | backslashSink1 | +| views/ejs_sinks.ejs:21:39:21:69 | <%= dataInEventHandlerString %> | semmle.label | <%= dataInEventHandlerString %> | +| views/ejs_sinks.ejs:21:43:21:66 | dataInE ... rString | semmle.label | dataInE ... rString | +| views/hbs_sinks.hbs:25:39:25:63 | {{ dataInGeneratedCode }} | semmle.label | {{ dataInGeneratedCode }} | +| views/hbs_sinks.hbs:25:42:25:60 | dataInGeneratedCode | semmle.label | dataInGeneratedCode | +| views/hbs_sinks.hbs:28:19:28:38 | {{ backslashSink1 }} | semmle.label | {{ backslashSink1 }} | +| views/hbs_sinks.hbs:28:22:28:35 | backslashSink1 | semmle.label | backslashSink1 | +| views/hbs_sinks.hbs:33:39:33:68 | {{ dataInEventHandlerString }} | semmle.label | {{ dataInEventHandlerString }} | +| views/hbs_sinks.hbs:33:42:33:65 | dataInE ... rString | semmle.label | dataInE ... rString | +| views/njk_sinks.njk:13:39:13:63 | {{ dataInGeneratedCode }} | semmle.label | {{ dataInGeneratedCode }} | +| views/njk_sinks.njk:13:42:13:60 | dataInGeneratedCode | semmle.label | dataInGeneratedCode | +| views/njk_sinks.njk:14:42:14:76 | {{ dataInGeneratedCodeRaw \| safe }} | semmle.label | {{ dataInGeneratedCodeRaw \| safe }} | +| views/njk_sinks.njk:14:45:14:66 | dataInG ... CodeRaw | semmle.label | dataInG ... CodeRaw | +| views/njk_sinks.njk:14:45:14:73 | dataInG ... \| safe | semmle.label | dataInG ... \| safe | +| views/njk_sinks.njk:17:19:17:38 | {{ backslashSink1 }} | semmle.label | {{ backslashSink1 }} | +| views/njk_sinks.njk:17:22:17:35 | backslashSink1 | semmle.label | backslashSink1 | +| views/njk_sinks.njk:22:39:22:68 | {{ dataInEventHandlerString }} | semmle.label | {{ dataInEventHandlerString }} | +| views/njk_sinks.njk:22:42:22:65 | dataInE ... rString | semmle.label | dataInE ... rString | +| views/njk_sinks.njk:23:39:23:78 | {{ dataInEventHandlerStringRaw \| safe }} | semmle.label | {{ dataInEventHandlerStringRaw \| safe }} | +| views/njk_sinks.njk:23:42:23:68 | dataInE ... ringRaw | semmle.label | dataInE ... ringRaw | +| views/njk_sinks.njk:23:42:23:75 | dataInE ... \| safe | semmle.label | dataInE ... \| safe | +subpaths #select | views/angularjs_include.ejs:2:5:2:22 | <%= escapedHtml %> | app.js:65:22:65:42 | req.que ... pedHtml | views/angularjs_include.ejs:2:5:2:22 | <%= escapedHtml %> | This AngularJS template, which may contain code, depends on a $@. | app.js:65:22:65:42 | req.que ... pedHtml | user-provided value | | views/angularjs_include.ejs:3:5:3:18 | <%- rawHtml %> | app.js:66:18:66:34 | req.query.rawHtml | views/angularjs_include.ejs:3:5:3:18 | <%- rawHtml %> | This AngularJS template, which may contain code, depends on a $@. | app.js:66:18:66:34 | req.query.rawHtml | user-provided value | diff --git a/javascript/ql/test/library-tests/frameworks/Templating/Xss.qlref b/javascript/ql/test/library-tests/frameworks/Templating/Xss.qlref deleted file mode 100644 index 353427de4718..000000000000 --- a/javascript/ql/test/library-tests/frameworks/Templating/Xss.qlref +++ /dev/null @@ -1 +0,0 @@ -Security/CWE-079/Xss.ql diff --git a/javascript/ql/test/library-tests/frameworks/Templating/XssDiff.expected b/javascript/ql/test/library-tests/frameworks/Templating/XssDiff.expected new file mode 100644 index 000000000000..1bed23967d25 --- /dev/null +++ b/javascript/ql/test/library-tests/frameworks/Templating/XssDiff.expected @@ -0,0 +1,41 @@ +legacyDataFlowDifference +flow +| app.js:8:18:8:34 | req.query.rawHtml | views/ejs_include1.ejs:1:1:1:10 | <%- foo %> | +| app.js:8:18:8:34 | req.query.rawHtml | views/ejs_include2.ejs:1:1:1:14 | <%- rawHtml %> | +| app.js:8:18:8:34 | req.query.rawHtml | views/ejs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | +| app.js:11:26:11:46 | req.que ... tmlProp | views/ejs_sinks.ejs:7:9:7:33 | <%- object.rawHtmlProp %> | +| app.js:14:33:14:64 | req.que ... eralRaw | views/ejs_sinks.ejs:11:43:11:71 | <%- dataInStringLiteralRaw %> | +| app.js:16:33:16:64 | req.que ... CodeRaw | views/ejs_sinks.ejs:14:42:14:70 | <%- dataInGeneratedCodeRaw %> | +| app.js:20:38:20:74 | req.que ... ringRaw | views/ejs_sinks.ejs:22:39:22:72 | <%- dataInEventHandlerStringRaw %> | +| app.js:27:18:27:34 | req.query.rawHtml | views/hbs_sinks.hbs:9:9:9:23 | {{{ rawHtml }}} | +| app.js:27:18:27:34 | req.query.rawHtml | views/hbs_sinks.hbs:10:9:10:23 | {{{~rawHtml }}} | +| app.js:27:18:27:34 | req.query.rawHtml | views/hbs_sinks.hbs:11:9:11:23 | {{{ rawHtml~}}} | +| app.js:27:18:27:34 | req.query.rawHtml | views/hbs_sinks.hbs:12:9:12:23 | {{{~rawHtml~}}} | +| app.js:27:18:27:34 | req.query.rawHtml | views/hbs_sinks.hbs:13:9:13:25 | {{{~ rawHtml ~}}} | +| app.js:27:18:27:34 | req.query.rawHtml | views/hbs_sinks.hbs:15:9:15:22 | {{& rawHtml }} | +| app.js:30:26:30:46 | req.que ... tmlProp | views/hbs_sinks.hbs:19:9:19:34 | {{{ object.rawHtmlProp }}} | +| app.js:33:33:33:64 | req.que ... eralRaw | views/hbs_sinks.hbs:23:43:23:72 | {{{ dataInStringLiteralRaw }}} | +| app.js:35:33:35:64 | req.que ... CodeRaw | views/hbs_sinks.hbs:26:42:26:71 | {{{ dataInGeneratedCodeRaw }}} | +| app.js:39:38:39:74 | req.que ... ringRaw | views/hbs_sinks.hbs:34:39:34:73 | {{{ dataInEventHandlerStringRaw }}} | +| app.js:46:18:46:34 | req.query.rawHtml | views/njk_sinks.njk:4:12:4:18 | rawHtml | +| app.js:49:26:49:46 | req.que ... tmlProp | views/njk_sinks.njk:7:12:7:29 | object.rawHtmlProp | +| app.js:52:33:52:64 | req.que ... eralRaw | views/njk_sinks.njk:11:46:11:67 | dataInS ... eralRaw | +| app.js:54:33:54:64 | req.que ... CodeRaw | views/njk_sinks.njk:14:45:14:66 | dataInG ... CodeRaw | +| app.js:55:37:55:72 | req.que ... JsonRaw | views/njk_sinks.njk:15:49:15:81 | dataInG ... \| json | +| app.js:59:38:59:74 | req.que ... ringRaw | views/njk_sinks.njk:23:42:23:68 | dataInE ... ringRaw | +| app.js:66:18:66:34 | req.query.rawHtml | views/angularjs_include.ejs:3:5:3:18 | <%- rawHtml %> | +| app.js:66:18:66:34 | req.query.rawHtml | views/angularjs_sinks.ejs:4:9:4:22 | <%- rawHtml %> | +| app.js:73:18:73:30 | req.query.foo | views/dot_sinks.html.dot:3:9:3:22 | {{! tainted }} | +| projectA/src/index.js:6:38:6:53 | req.query.taintA | projectA/views/main.ejs:5:1:5:26 | <%- taintedInMiddleware %> | +| projectA/src/index.js:12:16:12:30 | req.query.sinkA | projectA/views/main.ejs:2:1:2:12 | <%- sinkA %> | +| projectA/src/index.js:17:16:17:30 | req.query.sinkA | projectA/views/main.ejs:2:1:2:12 | <%- sinkA %> | +| projectA/src/index.js:22:16:22:30 | req.query.sinkA | projectA/views/subfolder/index.ejs:2:1:2:12 | <%- sinkA %> | +| projectA/src/index.js:37:16:37:30 | req.query.sinkA | projectA/views/subfolder/other.ejs:2:1:2:12 | <%- sinkA %> | +| projectA/src/index.js:42:16:42:30 | req.query.sinkA | projectA/views/subfolder/other.ejs:2:1:2:12 | <%- sinkA %> | +| projectA/src/index.js:47:16:47:30 | req.query.sinkA | projectA/views/upward_traversal.ejs:1:1:1:12 | <%- sinkA %> | +| projectB/src/index.js:6:38:6:53 | req.query.taintB | projectB/views/main.ejs:5:1:5:26 | <%- taintedInMiddleware %> | +| projectB/src/index.js:13:16:13:30 | req.query.sinkB | projectB/views/main.ejs:3:1:3:12 | <%- sinkB %> | +| projectB/src/index.js:18:16:18:30 | req.query.sinkB | projectB/views/main.ejs:3:1:3:12 | <%- sinkB %> | +| projectB/src/index.js:23:16:23:30 | req.query.sinkB | projectB/views/subfolder/index.ejs:3:1:3:12 | <%- sinkB %> | +| projectB/src/index.js:38:16:38:30 | req.query.sinkB | projectB/views/subfolder/other.ejs:3:1:3:12 | <%- sinkB %> | +| projectB/src/index.js:43:16:43:30 | req.query.sinkB | projectB/views/subfolder/other.ejs:3:1:3:12 | <%- sinkB %> | diff --git a/javascript/ql/test/library-tests/frameworks/Templating/XssDiff.ql b/javascript/ql/test/library-tests/frameworks/Templating/XssDiff.ql new file mode 100644 index 000000000000..def7b2834408 --- /dev/null +++ b/javascript/ql/test/library-tests/frameworks/Templating/XssDiff.ql @@ -0,0 +1,8 @@ +import javascript +import semmle.javascript.security.dataflow.DomBasedXssQuery +import testUtilities.LegacyDataFlowDiff + +deprecated query predicate legacyDataFlowDifference = + DataFlowDiff::legacyDataFlowDifference/3; + +query predicate flow = DomBasedXssFlow::flow/2; diff --git a/javascript/ql/test/library-tests/frameworks/Vuex/test.expected b/javascript/ql/test/library-tests/frameworks/Vuex/test.expected index e69de29bb2d1..d65d51bc4177 100644 --- a/javascript/ql/test/library-tests/frameworks/Vuex/test.expected +++ b/javascript/ql/test/library-tests/frameworks/Vuex/test.expected @@ -0,0 +1,2 @@ +legacyDataFlowDifference +consistencyIssue diff --git a/javascript/ql/test/library-tests/frameworks/Vuex/test.ql b/javascript/ql/test/library-tests/frameworks/Vuex/test.ql index 55464dcf72cf..ac58a94374e1 100644 --- a/javascript/ql/test/library-tests/frameworks/Vuex/test.ql +++ b/javascript/ql/test/library-tests/frameworks/Vuex/test.ql @@ -1,14 +1,28 @@ import javascript import testUtilities.ConsistencyChecking -class BasicTaint extends TaintTracking::Configuration { - BasicTaint() { this = "BasicTaint" } +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node.(DataFlow::CallNode).getCalleeName() = "source" } - override predicate isSource(DataFlow::Node node) { - node.(DataFlow::CallNode).getCalleeName() = "source" - } - - override predicate isSink(DataFlow::Node node) { + predicate isSink(DataFlow::Node node) { node = any(DataFlow::CallNode call | call.getCalleeName() = "sink").getAnArgument() } } + +module TestFlow = TaintTracking::Global; + +class Consistency extends ConsistencyConfiguration { + Consistency() { this = "Consistency" } + + override DataFlow::Node getAnAlert() { TestFlow::flowTo(result) } +} + +class LegacyConfig extends TaintTracking::Configuration { + LegacyConfig() { this = "LegacyConfig" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } +} + +import testUtilities.LegacyDataFlowDiff::DataFlowDiff diff --git a/javascript/ql/test/library-tests/frameworks/data/test.expected b/javascript/ql/test/library-tests/frameworks/data/test.expected index 39630269a339..70fc4b00eab5 100644 --- a/javascript/ql/test/library-tests/frameworks/data/test.expected +++ b/javascript/ql/test/library-tests/frameworks/data/test.expected @@ -1,3 +1,4 @@ +legacyDataFlowDifference consistencyIssue taintFlow | paramDecorator.ts:6:54:6:54 | x | paramDecorator.ts:7:10:7:10 | x | diff --git a/javascript/ql/test/library-tests/frameworks/data/test.ql b/javascript/ql/test/library-tests/frameworks/data/test.ql index cca38c286429..f0ef2e129e70 100644 --- a/javascript/ql/test/library-tests/frameworks/data/test.ql +++ b/javascript/ql/test/library-tests/frameworks/data/test.ql @@ -11,24 +11,40 @@ class TypeModelFromCodeQL extends ModelInput::TypeModel { } } -class BasicTaintTracking extends TaintTracking::Configuration { - BasicTaintTracking() { this = "BasicTaintTracking" } - - override predicate isSource(DataFlow::Node source) { +module TestConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source.(DataFlow::CallNode).getCalleeName() = "source" or source = ModelOutput::getASourceNode("test-source").asSource() } - override predicate isSink(DataFlow::Node sink) { + predicate isSink(DataFlow::Node sink) { sink = any(DataFlow::CallNode call | call.getCalleeName() = "sink").getAnArgument() or sink = ModelOutput::getASinkNode("test-sink").asSink() } } +module TestFlow = TaintTracking::Global; + +class Consistency extends ConsistencyConfiguration { + Consistency() { this = "Consistency" } + + override DataFlow::Node getAnAlert() { TestFlow::flowTo(result) } +} + +class LegacyConfig extends TaintTracking::Configuration { + LegacyConfig() { this = "LegacyConfig" } + + override predicate isSource(DataFlow::Node source) { TestConfig::isSource(source) } + + override predicate isSink(DataFlow::Node sink) { TestConfig::isSink(sink) } +} + +import testUtilities.LegacyDataFlowDiff::DataFlowDiff + query predicate taintFlow(DataFlow::Node source, DataFlow::Node sink) { - any(BasicTaintTracking tr).hasFlow(source, sink) + TestFlow::flow(source, sink) } query predicate isSink(DataFlow::Node node, string kind) { diff --git a/javascript/ql/test/query-tests/Security/CWE-020/UntrustedDataToExternalAPI/UntrustedDataToExternalAPI.expected b/javascript/ql/test/query-tests/Security/CWE-020/UntrustedDataToExternalAPI/UntrustedDataToExternalAPI.expected index 9d4a6fc4a9ac..d7e0636b5548 100644 --- a/javascript/ql/test/query-tests/Security/CWE-020/UntrustedDataToExternalAPI/UntrustedDataToExternalAPI.expected +++ b/javascript/ql/test/query-tests/Security/CWE-020/UntrustedDataToExternalAPI/UntrustedDataToExternalAPI.expected @@ -1,98 +1,60 @@ -nodes -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | -| tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | -| tst-UntrustedDataToExternalAPI.js:5:13:5:21 | untrusted | -| tst-UntrustedDataToExternalAPI.js:5:13:5:21 | untrusted | -| tst-UntrustedDataToExternalAPI.js:6:17:6:25 | untrusted | -| tst-UntrustedDataToExternalAPI.js:6:17:6:25 | untrusted | -| tst-UntrustedDataToExternalAPI.js:7:16:7:24 | untrusted | -| tst-UntrustedDataToExternalAPI.js:7:16:7:24 | untrusted | -| tst-UntrustedDataToExternalAPI.js:8:31:8:39 | untrusted | -| tst-UntrustedDataToExternalAPI.js:8:31:8:39 | untrusted | -| tst-UntrustedDataToExternalAPI.js:9:18:9:26 | untrusted | -| tst-UntrustedDataToExternalAPI.js:9:18:9:26 | untrusted | -| tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | -| tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | -| tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | -| tst-UntrustedDataToExternalAPI.js:10:19:10:27 | untrusted | -| tst-UntrustedDataToExternalAPI.js:11:20:11:28 | untrusted | -| tst-UntrustedDataToExternalAPI.js:11:20:11:28 | untrusted | -| tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } | -| tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } | -| tst-UntrustedDataToExternalAPI.js:14:12:16:9 | {\\n ... } | -| tst-UntrustedDataToExternalAPI.js:15:16:15:24 | untrusted | -| tst-UntrustedDataToExternalAPI.js:21:12:27:5 | {\\n ... }\\n } | -| tst-UntrustedDataToExternalAPI.js:22:12:26:9 | {\\n ... } | -| tst-UntrustedDataToExternalAPI.js:23:16:25:13 | {\\n ... } | -| tst-UntrustedDataToExternalAPI.js:24:20:24:42 | [JSON.p ... usted)] | -| tst-UntrustedDataToExternalAPI.js:24:20:24:42 | [JSON.p ... usted)] | -| tst-UntrustedDataToExternalAPI.js:24:21:24:41 | JSON.pa ... rusted) | -| tst-UntrustedDataToExternalAPI.js:24:32:24:40 | untrusted | -| tst-UntrustedDataToExternalAPI.js:30:13:30:30 | getDeepUntrusted() | -| tst-UntrustedDataToExternalAPI.js:30:13:30:30 | getDeepUntrusted() | -| tst-UntrustedDataToExternalAPI.js:30:13:30:30 | getDeepUntrusted() | -| tst-UntrustedDataToExternalAPI.js:33:14:33:22 | untrusted | -| tst-UntrustedDataToExternalAPI.js:33:14:33:22 | untrusted | -| tst-UntrustedDataToExternalAPI.js:34:34:34:42 | untrusted | -| tst-UntrustedDataToExternalAPI.js:34:34:34:42 | untrusted | -| tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | -| tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | -| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | -| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | -| tst-UntrustedDataToExternalAPI.js:42:8:42:16 | untrusted | -| tst-UntrustedDataToExternalAPI.js:43:8:43:16 | untrusted | -| tst-UntrustedDataToExternalAPI.js:44:8:44:16 | untrusted | edges -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:5:13:5:21 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:5:13:5:21 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:6:17:6:25 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:6:17:6:25 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:7:16:7:24 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:7:16:7:24 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:8:31:8:39 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:8:31:8:39 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:9:18:9:26 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:9:18:9:26 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:10:19:10:27 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:11:20:11:28 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:11:20:11:28 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:15:16:15:24 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:24:32:24:40 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:30:13:30:30 | getDeepUntrusted() | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:30:13:30:30 | getDeepUntrusted() | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:33:14:33:22 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:33:14:33:22 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:34:34:34:42 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:34:34:34:42 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:42:8:42:16 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:43:8:43:16 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:44:8:44:16 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | -| tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | -| tst-UntrustedDataToExternalAPI.js:10:19:10:27 | untrusted | tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | -| tst-UntrustedDataToExternalAPI.js:10:19:10:27 | untrusted | tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | -| tst-UntrustedDataToExternalAPI.js:10:19:10:27 | untrusted | tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | -| tst-UntrustedDataToExternalAPI.js:14:12:16:9 | {\\n ... } | tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } | -| tst-UntrustedDataToExternalAPI.js:14:12:16:9 | {\\n ... } | tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } | -| tst-UntrustedDataToExternalAPI.js:15:16:15:24 | untrusted | tst-UntrustedDataToExternalAPI.js:14:12:16:9 | {\\n ... } | -| tst-UntrustedDataToExternalAPI.js:21:12:27:5 | {\\n ... }\\n } | tst-UntrustedDataToExternalAPI.js:30:13:30:30 | getDeepUntrusted() | -| tst-UntrustedDataToExternalAPI.js:21:12:27:5 | {\\n ... }\\n } | tst-UntrustedDataToExternalAPI.js:30:13:30:30 | getDeepUntrusted() | -| tst-UntrustedDataToExternalAPI.js:22:12:26:9 | {\\n ... } | tst-UntrustedDataToExternalAPI.js:21:12:27:5 | {\\n ... }\\n } | -| tst-UntrustedDataToExternalAPI.js:23:16:25:13 | {\\n ... } | tst-UntrustedDataToExternalAPI.js:22:12:26:9 | {\\n ... } | -| tst-UntrustedDataToExternalAPI.js:24:20:24:42 | [JSON.p ... usted)] | tst-UntrustedDataToExternalAPI.js:23:16:25:13 | {\\n ... } | -| tst-UntrustedDataToExternalAPI.js:24:20:24:42 | [JSON.p ... usted)] | tst-UntrustedDataToExternalAPI.js:23:16:25:13 | {\\n ... } | -| tst-UntrustedDataToExternalAPI.js:24:21:24:41 | JSON.pa ... rusted) | tst-UntrustedDataToExternalAPI.js:24:20:24:42 | [JSON.p ... usted)] | -| tst-UntrustedDataToExternalAPI.js:24:21:24:41 | JSON.pa ... rusted) | tst-UntrustedDataToExternalAPI.js:24:20:24:42 | [JSON.p ... usted)] | -| tst-UntrustedDataToExternalAPI.js:24:32:24:40 | untrusted | tst-UntrustedDataToExternalAPI.js:24:21:24:41 | JSON.pa ... rusted) | -| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | -| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | -| tst-UntrustedDataToExternalAPI.js:42:8:42:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | -| tst-UntrustedDataToExternalAPI.js:42:8:42:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | -| tst-UntrustedDataToExternalAPI.js:43:8:43:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | -| tst-UntrustedDataToExternalAPI.js:43:8:43:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | -| tst-UntrustedDataToExternalAPI.js:44:8:44:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | -| tst-UntrustedDataToExternalAPI.js:44:8:44:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | +| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:5:13:5:21 | untrusted | provenance | | +| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:6:17:6:25 | untrusted | provenance | | +| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:7:16:7:24 | untrusted | provenance | | +| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:8:31:8:39 | untrusted | provenance | | +| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:9:18:9:26 | untrusted | provenance | | +| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:10:19:10:27 | untrusted | provenance | | +| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:11:20:11:28 | untrusted | provenance | | +| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:15:16:15:24 | untrusted | provenance | | +| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:33:14:33:22 | untrusted | provenance | | +| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:34:34:34:42 | untrusted | provenance | | +| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:42:8:42:16 | untrusted | provenance | | +| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:43:8:43:16 | untrusted | provenance | | +| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | tst-UntrustedDataToExternalAPI.js:44:8:44:16 | untrusted | provenance | | +| tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | provenance | | +| tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] [1] | tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | provenance | | +| tst-UntrustedDataToExternalAPI.js:10:19:10:27 | untrusted | tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | provenance | | +| tst-UntrustedDataToExternalAPI.js:10:19:10:27 | untrusted | tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] [1] | provenance | | +| tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } [y, z] | tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } | provenance | | +| tst-UntrustedDataToExternalAPI.js:14:12:16:9 | {\\n ... } [z] | tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } [y, z] | provenance | | +| tst-UntrustedDataToExternalAPI.js:15:16:15:24 | untrusted | tst-UntrustedDataToExternalAPI.js:14:12:16:9 | {\\n ... } [z] | provenance | | +| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [x] | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | provenance | | +| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [x] | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | provenance | | +| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [y] | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | provenance | | +| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [y] | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | provenance | | +| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [z] | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | provenance | | +| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [z] | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | provenance | | +| tst-UntrustedDataToExternalAPI.js:42:8:42:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [x] | provenance | | +| tst-UntrustedDataToExternalAPI.js:43:8:43:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [y] | provenance | | +| tst-UntrustedDataToExternalAPI.js:44:8:44:16 | untrusted | tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [z] | provenance | | +nodes +| tst-UntrustedDataToExternalAPI.js:3:5:3:27 | untrusted | semmle.label | untrusted | +| tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | semmle.label | window.name | +| tst-UntrustedDataToExternalAPI.js:5:13:5:21 | untrusted | semmle.label | untrusted | +| tst-UntrustedDataToExternalAPI.js:6:17:6:25 | untrusted | semmle.label | untrusted | +| tst-UntrustedDataToExternalAPI.js:7:16:7:24 | untrusted | semmle.label | untrusted | +| tst-UntrustedDataToExternalAPI.js:8:31:8:39 | untrusted | semmle.label | untrusted | +| tst-UntrustedDataToExternalAPI.js:9:18:9:26 | untrusted | semmle.label | untrusted | +| tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | semmle.label | ['x', u ... d, 'y'] | +| tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] [1] | semmle.label | ['x', u ... d, 'y'] [1] | +| tst-UntrustedDataToExternalAPI.js:10:19:10:27 | untrusted | semmle.label | untrusted | +| tst-UntrustedDataToExternalAPI.js:11:20:11:28 | untrusted | semmle.label | untrusted | +| tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } | semmle.label | {\\n ... }\\n } | +| tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } [y, z] | semmle.label | {\\n ... }\\n } [y, z] | +| tst-UntrustedDataToExternalAPI.js:14:12:16:9 | {\\n ... } [z] | semmle.label | {\\n ... } [z] | +| tst-UntrustedDataToExternalAPI.js:15:16:15:24 | untrusted | semmle.label | untrusted | +| tst-UntrustedDataToExternalAPI.js:33:14:33:22 | untrusted | semmle.label | untrusted | +| tst-UntrustedDataToExternalAPI.js:34:34:34:42 | untrusted | semmle.label | untrusted | +| tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | semmle.label | {} | +| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [x] | semmle.label | [post update] {\\n x ... usted\\n} [x] | +| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [y] | semmle.label | [post update] {\\n x ... usted\\n} [y] | +| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | [post update] {\\n x ... usted\\n} [z] | semmle.label | [post update] {\\n x ... usted\\n} [z] | +| tst-UntrustedDataToExternalAPI.js:41:11:45:1 | {\\n x ... usted\\n} | semmle.label | {\\n x ... usted\\n} | +| tst-UntrustedDataToExternalAPI.js:42:8:42:16 | untrusted | semmle.label | untrusted | +| tst-UntrustedDataToExternalAPI.js:43:8:43:16 | untrusted | semmle.label | untrusted | +| tst-UntrustedDataToExternalAPI.js:44:8:44:16 | untrusted | semmle.label | untrusted | +subpaths #select | tst-UntrustedDataToExternalAPI.js:5:13:5:21 | untrusted | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:5:13:5:21 | untrusted | Call to external-lib() [param 0] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | | tst-UntrustedDataToExternalAPI.js:6:17:6:25 | untrusted | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:6:17:6:25 | untrusted | Call to external-lib() [param 0 'x'] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | @@ -102,7 +64,6 @@ edges | tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:10:13:10:33 | ['x', u ... d, 'y'] | Call to external-lib() [param 0] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | | tst-UntrustedDataToExternalAPI.js:11:20:11:28 | untrusted | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:11:20:11:28 | untrusted | Call to external-lib() [param 1] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | | tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:13:8:17:5 | {\\n ... }\\n } | Call to external-lib() [param 0 'x'] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | -| tst-UntrustedDataToExternalAPI.js:30:13:30:30 | getDeepUntrusted() | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:30:13:30:30 | getDeepUntrusted() | Call to external-lib() [param 0] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | | tst-UntrustedDataToExternalAPI.js:33:14:33:22 | untrusted | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:33:14:33:22 | untrusted | Call to external-lib.get.[callback].[param 'res'].send() [param 0] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | | tst-UntrustedDataToExternalAPI.js:34:34:34:42 | untrusted | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:34:34:34:42 | untrusted | Call to external-lib.get.[callback].[param 'req'].app.locals.something.foo() [param 0] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | tst-UntrustedDataToExternalAPI.js:41:7:41:8 | {} | Call to lodash.merge() [param 0] with untrusted data from $@. | tst-UntrustedDataToExternalAPI.js:3:17:3:27 | window.name | window.name | diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/Consistency.ql b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/Consistency.ql index d5230981801c..fae97fdf6d02 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/Consistency.ql +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/Consistency.ql @@ -1,3 +1,9 @@ import javascript import semmle.javascript.security.dataflow.TaintedPathQuery import testUtilities.ConsistencyChecking + +class TaintedPathConsistency extends ConsistencyConfiguration { + TaintedPathConsistency() { this = "TaintedPathConsistency" } + + override DataFlow::Node getAnAlert() { TaintedPathFlow::flowTo(result) } +} diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected index 177d6b266ebf..fcc9e4dd3b2a 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected @@ -1,10471 +1,924 @@ nodes -| TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:20:7:26 | req.url | -| TaintedPath-es6.js:7:20:7:26 | req.url | -| TaintedPath-es6.js:7:20:7:26 | req.url | -| TaintedPath-es6.js:7:20:7:26 | req.url | -| TaintedPath-es6.js:7:20:7:26 | req.url | -| TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:24:9:30 | req.url | -| TaintedPath.js:9:24:9:30 | req.url | -| TaintedPath.js:9:24:9:30 | req.url | -| TaintedPath.js:9:24:9:30 | req.url | -| TaintedPath.js:9:24:9:30 | req.url | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:18:33:18:36 | path | -| TaintedPath.js:18:33:18:36 | path | -| TaintedPath.js:18:33:18:36 | path | -| TaintedPath.js:18:33:18:36 | path | -| TaintedPath.js:18:33:18:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:20:38:26 | req.url | -| TaintedPath.js:38:20:38:26 | req.url | -| TaintedPath.js:38:20:38:26 | req.url | -| TaintedPath.js:38:20:38:26 | req.url | -| TaintedPath.js:38:20:38:26 | req.url | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | -| TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | -| TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | -| TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | -| TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:63:77:69 | req.url | -| TaintedPath.js:77:63:77:69 | req.url | -| TaintedPath.js:77:63:77:69 | req.url | -| TaintedPath.js:77:63:77:69 | req.url | -| TaintedPath.js:77:63:77:69 | req.url | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:61:78:67 | req.url | -| TaintedPath.js:78:61:78:67 | req.url | -| TaintedPath.js:78:61:78:67 | req.url | -| TaintedPath.js:78:61:78:67 | req.url | -| TaintedPath.js:78:61:78:67 | req.url | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:60:79:66 | req.url | -| TaintedPath.js:79:60:79:66 | req.url | -| TaintedPath.js:79:60:79:66 | req.url | -| TaintedPath.js:79:60:79:66 | req.url | -| TaintedPath.js:79:60:79:66 | req.url | -| TaintedPath.js:87:48:87:60 | req.params[0] | -| TaintedPath.js:87:48:87:60 | req.params[0] | -| TaintedPath.js:87:48:87:60 | req.params[0] | -| TaintedPath.js:87:48:87:60 | req.params[0] | -| TaintedPath.js:87:48:87:60 | req.params[0] | -| TaintedPath.js:87:48:87:60 | req.params[0] | -| TaintedPath.js:95:30:95:31 | ev | -| TaintedPath.js:95:30:95:31 | ev | -| TaintedPath.js:95:30:95:31 | ev | -| TaintedPath.js:95:30:95:31 | ev | -| TaintedPath.js:95:30:95:31 | ev | -| TaintedPath.js:96:24:96:25 | ev | -| TaintedPath.js:96:24:96:25 | ev | -| TaintedPath.js:96:24:96:25 | ev | -| TaintedPath.js:96:24:96:25 | ev | -| TaintedPath.js:96:24:96:30 | ev.data | -| TaintedPath.js:96:24:96:30 | ev.data | -| TaintedPath.js:96:24:96:30 | ev.data | -| TaintedPath.js:96:24:96:30 | ev.data | -| TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:23:100:29 | req.url | -| TaintedPath.js:100:23:100:29 | req.url | -| TaintedPath.js:100:23:100:29 | req.url | -| TaintedPath.js:100:23:100:29 | req.url | -| TaintedPath.js:100:23:100:29 | req.url | -| TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:104:32:104:39 | realpath | -| TaintedPath.js:104:32:104:39 | realpath | -| TaintedPath.js:104:32:104:39 | realpath | -| TaintedPath.js:104:32:104:39 | realpath | -| TaintedPath.js:105:45:105:52 | realpath | -| TaintedPath.js:105:45:105:52 | realpath | -| TaintedPath.js:105:45:105:52 | realpath | -| TaintedPath.js:105:45:105:52 | realpath | -| TaintedPath.js:105:45:105:52 | realpath | -| TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:23:136:29 | req.url | -| TaintedPath.js:136:23:136:29 | req.url | -| TaintedPath.js:136:23:136:29 | req.url | -| TaintedPath.js:136:23:136:29 | req.url | -| TaintedPath.js:136:23:136:29 | req.url | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:24:142:30 | req.url | -| TaintedPath.js:142:24:142:30 | req.url | -| TaintedPath.js:142:24:142:30 | req.url | -| TaintedPath.js:142:24:142:30 | req.url | -| TaintedPath.js:142:24:142:30 | req.url | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:146:7:146:29 | split | -| TaintedPath.js:146:7:146:29 | split | -| TaintedPath.js:146:7:146:29 | split | -| TaintedPath.js:146:7:146:29 | split | -| TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:146:15:146:29 | path.split("/") | -| TaintedPath.js:146:15:146:29 | path.split("/") | -| TaintedPath.js:146:15:146:29 | path.split("/") | -| TaintedPath.js:146:15:146:29 | path.split("/") | -| TaintedPath.js:148:19:148:23 | split | -| TaintedPath.js:148:19:148:23 | split | -| TaintedPath.js:148:19:148:23 | split | -| TaintedPath.js:148:19:148:23 | split | -| TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:152:19:152:23 | split | -| TaintedPath.js:152:19:152:23 | split | -| TaintedPath.js:152:19:152:23 | split | -| TaintedPath.js:152:19:152:23 | split | -| TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:28:153:32 | split | -| TaintedPath.js:153:28:153:32 | split | -| TaintedPath.js:153:28:153:32 | split | -| TaintedPath.js:153:28:153:32 | split | -| TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:155:7:155:38 | concatted | -| TaintedPath.js:155:7:155:38 | concatted | -| TaintedPath.js:155:7:155:38 | concatted | -| TaintedPath.js:155:7:155:38 | concatted | -| TaintedPath.js:155:19:155:38 | prefix.concat(split) | -| TaintedPath.js:155:19:155:38 | prefix.concat(split) | -| TaintedPath.js:155:19:155:38 | prefix.concat(split) | -| TaintedPath.js:155:19:155:38 | prefix.concat(split) | -| TaintedPath.js:155:33:155:37 | split | -| TaintedPath.js:155:33:155:37 | split | -| TaintedPath.js:155:33:155:37 | split | -| TaintedPath.js:155:33:155:37 | split | -| TaintedPath.js:156:19:156:27 | concatted | -| TaintedPath.js:156:19:156:27 | concatted | -| TaintedPath.js:156:19:156:27 | concatted | -| TaintedPath.js:156:19:156:27 | concatted | -| TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:158:7:158:39 | concatted2 | -| TaintedPath.js:158:7:158:39 | concatted2 | -| TaintedPath.js:158:7:158:39 | concatted2 | -| TaintedPath.js:158:7:158:39 | concatted2 | -| TaintedPath.js:158:20:158:24 | split | -| TaintedPath.js:158:20:158:24 | split | -| TaintedPath.js:158:20:158:24 | split | -| TaintedPath.js:158:20:158:24 | split | -| TaintedPath.js:158:20:158:39 | split.concat(prefix) | -| TaintedPath.js:158:20:158:39 | split.concat(prefix) | -| TaintedPath.js:158:20:158:39 | split.concat(prefix) | -| TaintedPath.js:158:20:158:39 | split.concat(prefix) | -| TaintedPath.js:159:19:159:28 | concatted2 | -| TaintedPath.js:159:19:159:28 | concatted2 | -| TaintedPath.js:159:19:159:28 | concatted2 | -| TaintedPath.js:159:19:159:28 | concatted2 | -| TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:161:19:161:23 | split | -| TaintedPath.js:161:19:161:23 | split | -| TaintedPath.js:161:19:161:23 | split | -| TaintedPath.js:161:19:161:23 | split | -| TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:24:166:30 | req.url | -| TaintedPath.js:166:24:166:30 | req.url | -| TaintedPath.js:166:24:166:30 | req.url | -| TaintedPath.js:166:24:166:30 | req.url | -| TaintedPath.js:166:24:166:30 | req.url | -| TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:176:29:176:32 | path | -| TaintedPath.js:176:29:176:32 | path | -| TaintedPath.js:176:29:176:32 | path | -| TaintedPath.js:176:29:176:32 | path | -| TaintedPath.js:176:29:176:32 | path | -| TaintedPath.js:176:29:176:32 | path | -| TaintedPath.js:176:29:176:32 | path | -| TaintedPath.js:176:29:176:32 | path | -| TaintedPath.js:176:29:176:52 | path.re ... /g, '') | -| TaintedPath.js:176:29:176:52 | path.re ... /g, '') | -| TaintedPath.js:176:29:176:52 | path.re ... /g, '') | -| TaintedPath.js:176:29:176:52 | path.re ... /g, '') | -| TaintedPath.js:176:29:176:52 | path.re ... /g, '') | -| TaintedPath.js:177:29:177:32 | path | -| TaintedPath.js:177:29:177:32 | path | -| TaintedPath.js:177:29:177:32 | path | -| TaintedPath.js:177:29:177:32 | path | -| TaintedPath.js:177:29:177:32 | path | -| TaintedPath.js:177:29:177:32 | path | -| TaintedPath.js:177:29:177:32 | path | -| TaintedPath.js:177:29:177:32 | path | -| TaintedPath.js:177:29:177:53 | path.re ... /g, '') | -| TaintedPath.js:177:29:177:53 | path.re ... /g, '') | -| TaintedPath.js:177:29:177:53 | path.re ... /g, '') | -| TaintedPath.js:177:29:177:53 | path.re ... /g, '') | -| TaintedPath.js:177:29:177:53 | path.re ... /g, '') | -| TaintedPath.js:178:29:178:32 | path | -| TaintedPath.js:178:29:178:32 | path | -| TaintedPath.js:178:29:178:32 | path | -| TaintedPath.js:178:29:178:32 | path | -| TaintedPath.js:178:29:178:32 | path | -| TaintedPath.js:178:29:178:32 | path | -| TaintedPath.js:178:29:178:32 | path | -| TaintedPath.js:178:29:178:32 | path | -| TaintedPath.js:178:29:178:51 | path.re ... /g, '') | -| TaintedPath.js:178:29:178:51 | path.re ... /g, '') | -| TaintedPath.js:178:29:178:51 | path.re ... /g, '') | -| TaintedPath.js:178:29:178:51 | path.re ... /g, '') | -| TaintedPath.js:178:29:178:51 | path.re ... /g, '') | -| TaintedPath.js:179:29:179:32 | path | -| TaintedPath.js:179:29:179:32 | path | -| TaintedPath.js:179:29:179:32 | path | -| TaintedPath.js:179:29:179:32 | path | -| TaintedPath.js:179:29:179:32 | path | -| TaintedPath.js:179:29:179:32 | path | -| TaintedPath.js:179:29:179:32 | path | -| TaintedPath.js:179:29:179:32 | path | -| TaintedPath.js:179:29:179:57 | path.re ... /g, '') | -| TaintedPath.js:179:29:179:57 | path.re ... /g, '') | -| TaintedPath.js:179:29:179:57 | path.re ... /g, '') | -| TaintedPath.js:179:29:179:57 | path.re ... /g, '') | -| TaintedPath.js:179:29:179:57 | path.re ... /g, '') | -| TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:40:194:43 | path | -| TaintedPath.js:194:40:194:43 | path | -| TaintedPath.js:194:40:194:43 | path | -| TaintedPath.js:194:40:194:43 | path | -| TaintedPath.js:194:40:194:43 | path | -| TaintedPath.js:194:40:194:43 | path | -| TaintedPath.js:194:40:194:43 | path | -| TaintedPath.js:194:40:194:43 | path | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:195:29:195:54 | pathMod ... e(path) | -| TaintedPath.js:195:29:195:54 | pathMod ... e(path) | -| TaintedPath.js:195:29:195:54 | pathMod ... e(path) | -| TaintedPath.js:195:29:195:54 | pathMod ... e(path) | -| TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | -| TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | -| TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | -| TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | -| TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | -| TaintedPath.js:195:50:195:53 | path | -| TaintedPath.js:195:50:195:53 | path | -| TaintedPath.js:195:50:195:53 | path | -| TaintedPath.js:195:50:195:53 | path | -| TaintedPath.js:195:50:195:53 | path | -| TaintedPath.js:195:50:195:53 | path | -| TaintedPath.js:195:50:195:53 | path | -| TaintedPath.js:195:50:195:53 | path | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:38:203:44 | req.url | -| TaintedPath.js:203:38:203:44 | req.url | -| TaintedPath.js:203:38:203:44 | req.url | -| TaintedPath.js:203:38:203:44 | req.url | -| TaintedPath.js:203:38:203:44 | req.url | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | -| TaintedPath.js:204:51:204:57 | req.url | -| TaintedPath.js:204:51:204:57 | req.url | -| TaintedPath.js:204:51:204:57 | req.url | -| TaintedPath.js:204:51:204:57 | req.url | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:44:206:50 | req.url | -| TaintedPath.js:206:44:206:50 | req.url | -| TaintedPath.js:206:44:206:50 | req.url | -| TaintedPath.js:206:44:206:50 | req.url | -| TaintedPath.js:206:44:206:50 | req.url | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:24:211:30 | req.url | -| TaintedPath.js:211:24:211:30 | req.url | -| TaintedPath.js:211:24:211:30 | req.url | -| TaintedPath.js:211:24:211:30 | req.url | -| TaintedPath.js:211:24:211:30 | req.url | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:214:35:214:38 | path | -| examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:28:8:34 | req.url | -| examples/TaintedPath.js:8:28:8:34 | req.url | -| examples/TaintedPath.js:8:28:8:34 | req.url | -| examples/TaintedPath.js:8:28:8:34 | req.url | -| examples/TaintedPath.js:8:28:8:34 | req.url | -| examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | -| express.js:8:20:8:32 | req.query.bar | -| express.js:8:20:8:32 | req.query.bar | -| express.js:8:20:8:32 | req.query.bar | -| express.js:8:20:8:32 | req.query.bar | -| express.js:8:20:8:32 | req.query.bar | -| express.js:8:20:8:32 | req.query.bar | -| handlebars.js:10:51:10:58 | filePath | -| handlebars.js:10:51:10:58 | filePath | -| handlebars.js:10:51:10:58 | filePath | -| handlebars.js:10:51:10:58 | filePath | -| handlebars.js:11:32:11:39 | filePath | -| handlebars.js:11:32:11:39 | filePath | -| handlebars.js:11:32:11:39 | filePath | -| handlebars.js:11:32:11:39 | filePath | -| handlebars.js:11:32:11:39 | filePath | -| handlebars.js:13:73:13:80 | filePath | -| handlebars.js:13:73:13:80 | filePath | -| handlebars.js:13:73:13:80 | filePath | -| handlebars.js:13:73:13:80 | filePath | -| handlebars.js:15:25:15:32 | filePath | -| handlebars.js:15:25:15:32 | filePath | -| handlebars.js:15:25:15:32 | filePath | -| handlebars.js:15:25:15:32 | filePath | -| handlebars.js:15:25:15:32 | filePath | -| handlebars.js:29:46:29:60 | req.params.path | -| handlebars.js:29:46:29:60 | req.params.path | -| handlebars.js:29:46:29:60 | req.params.path | -| handlebars.js:29:46:29:60 | req.params.path | -| handlebars.js:29:46:29:60 | req.params.path | -| handlebars.js:43:15:43:29 | req.params.path | -| handlebars.js:43:15:43:29 | req.params.path | -| handlebars.js:43:15:43:29 | req.params.path | -| handlebars.js:43:15:43:29 | req.params.path | -| handlebars.js:43:15:43:29 | req.params.path | -| normalizedPaths.js:11:7:11:27 | path | -| normalizedPaths.js:11:7:11:27 | path | -| normalizedPaths.js:11:7:11:27 | path | -| normalizedPaths.js:11:7:11:27 | path | -| normalizedPaths.js:11:14:11:27 | req.query.path | -| normalizedPaths.js:11:14:11:27 | req.query.path | -| normalizedPaths.js:11:14:11:27 | req.query.path | -| normalizedPaths.js:11:14:11:27 | req.query.path | -| normalizedPaths.js:11:14:11:27 | req.query.path | -| normalizedPaths.js:13:19:13:22 | path | -| normalizedPaths.js:13:19:13:22 | path | -| normalizedPaths.js:13:19:13:22 | path | -| normalizedPaths.js:13:19:13:22 | path | -| normalizedPaths.js:13:19:13:22 | path | -| normalizedPaths.js:14:19:14:29 | './' + path | -| normalizedPaths.js:14:19:14:29 | './' + path | -| normalizedPaths.js:14:19:14:29 | './' + path | -| normalizedPaths.js:14:19:14:29 | './' + path | -| normalizedPaths.js:14:26:14:29 | path | -| normalizedPaths.js:14:26:14:29 | path | -| normalizedPaths.js:14:26:14:29 | path | -| normalizedPaths.js:15:19:15:22 | path | -| normalizedPaths.js:15:19:15:22 | path | -| normalizedPaths.js:15:19:15:22 | path | -| normalizedPaths.js:15:19:15:22 | path | -| normalizedPaths.js:15:19:15:38 | path + '/index.html' | -| normalizedPaths.js:15:19:15:38 | path + '/index.html' | -| normalizedPaths.js:15:19:15:38 | path + '/index.html' | -| normalizedPaths.js:15:19:15:38 | path + '/index.html' | -| normalizedPaths.js:15:19:15:38 | path + '/index.html' | -| normalizedPaths.js:16:19:16:53 | pathMod ... .html') | -| normalizedPaths.js:16:19:16:53 | pathMod ... .html') | -| normalizedPaths.js:16:19:16:53 | pathMod ... .html') | -| normalizedPaths.js:16:19:16:53 | pathMod ... .html') | -| normalizedPaths.js:16:19:16:53 | pathMod ... .html') | -| normalizedPaths.js:16:35:16:38 | path | -| normalizedPaths.js:16:35:16:38 | path | -| normalizedPaths.js:16:35:16:38 | path | -| normalizedPaths.js:16:35:16:38 | path | -| normalizedPaths.js:17:19:17:57 | pathMod ... , path) | -| normalizedPaths.js:17:19:17:57 | pathMod ... , path) | -| normalizedPaths.js:17:19:17:57 | pathMod ... , path) | -| normalizedPaths.js:17:19:17:57 | pathMod ... , path) | -| normalizedPaths.js:17:53:17:56 | path | -| normalizedPaths.js:17:53:17:56 | path | -| normalizedPaths.js:17:53:17:56 | path | -| normalizedPaths.js:21:7:21:49 | path | -| normalizedPaths.js:21:7:21:49 | path | -| normalizedPaths.js:21:7:21:49 | path | -| normalizedPaths.js:21:7:21:49 | path | -| normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | -| normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | -| normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | -| normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | -| normalizedPaths.js:21:35:21:48 | req.query.path | -| normalizedPaths.js:21:35:21:48 | req.query.path | -| normalizedPaths.js:21:35:21:48 | req.query.path | -| normalizedPaths.js:21:35:21:48 | req.query.path | -| normalizedPaths.js:21:35:21:48 | req.query.path | -| normalizedPaths.js:23:19:23:22 | path | -| normalizedPaths.js:23:19:23:22 | path | -| normalizedPaths.js:23:19:23:22 | path | -| normalizedPaths.js:23:19:23:22 | path | -| normalizedPaths.js:23:19:23:22 | path | -| normalizedPaths.js:24:19:24:29 | './' + path | -| normalizedPaths.js:24:19:24:29 | './' + path | -| normalizedPaths.js:24:19:24:29 | './' + path | -| normalizedPaths.js:24:26:24:29 | path | -| normalizedPaths.js:24:26:24:29 | path | -| normalizedPaths.js:25:19:25:22 | path | -| normalizedPaths.js:25:19:25:22 | path | -| normalizedPaths.js:25:19:25:22 | path | -| normalizedPaths.js:25:19:25:22 | path | -| normalizedPaths.js:25:19:25:38 | path + '/index.html' | -| normalizedPaths.js:25:19:25:38 | path + '/index.html' | -| normalizedPaths.js:25:19:25:38 | path + '/index.html' | -| normalizedPaths.js:25:19:25:38 | path + '/index.html' | -| normalizedPaths.js:25:19:25:38 | path + '/index.html' | -| normalizedPaths.js:26:19:26:53 | pathMod ... .html') | -| normalizedPaths.js:26:19:26:53 | pathMod ... .html') | -| normalizedPaths.js:26:19:26:53 | pathMod ... .html') | -| normalizedPaths.js:26:19:26:53 | pathMod ... .html') | -| normalizedPaths.js:26:19:26:53 | pathMod ... .html') | -| normalizedPaths.js:26:35:26:38 | path | -| normalizedPaths.js:26:35:26:38 | path | -| normalizedPaths.js:26:35:26:38 | path | -| normalizedPaths.js:26:35:26:38 | path | -| normalizedPaths.js:27:19:27:57 | pathMod ... , path) | -| normalizedPaths.js:27:19:27:57 | pathMod ... , path) | -| normalizedPaths.js:27:19:27:57 | pathMod ... , path) | -| normalizedPaths.js:27:53:27:56 | path | -| normalizedPaths.js:27:53:27:56 | path | -| normalizedPaths.js:31:7:31:49 | path | -| normalizedPaths.js:31:7:31:49 | path | -| normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | -| normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | -| normalizedPaths.js:31:35:31:48 | req.query.path | -| normalizedPaths.js:31:35:31:48 | req.query.path | -| normalizedPaths.js:31:35:31:48 | req.query.path | -| normalizedPaths.js:36:19:36:22 | path | -| normalizedPaths.js:36:19:36:22 | path | -| normalizedPaths.js:36:19:36:22 | path | -| normalizedPaths.js:41:21:41:24 | path | -| normalizedPaths.js:41:21:41:24 | path | -| normalizedPaths.js:41:21:41:24 | path | -| normalizedPaths.js:54:7:54:49 | path | -| normalizedPaths.js:54:7:54:49 | path | -| normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | -| normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | -| normalizedPaths.js:54:35:54:48 | req.query.path | -| normalizedPaths.js:54:35:54:48 | req.query.path | -| normalizedPaths.js:54:35:54:48 | req.query.path | -| normalizedPaths.js:59:19:59:22 | path | -| normalizedPaths.js:59:19:59:22 | path | -| normalizedPaths.js:59:19:59:22 | path | -| normalizedPaths.js:63:19:63:22 | path | -| normalizedPaths.js:63:19:63:22 | path | -| normalizedPaths.js:63:19:63:38 | path + "/index.html" | -| normalizedPaths.js:63:19:63:38 | path + "/index.html" | -| normalizedPaths.js:63:19:63:38 | path + "/index.html" | -| normalizedPaths.js:68:21:68:24 | path | -| normalizedPaths.js:68:21:68:24 | path | -| normalizedPaths.js:68:21:68:24 | path | -| normalizedPaths.js:73:7:73:56 | path | -| normalizedPaths.js:73:7:73:56 | path | -| normalizedPaths.js:73:7:73:56 | path | -| normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | -| normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | -| normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | -| normalizedPaths.js:73:35:73:55 | './' + ... ry.path | -| normalizedPaths.js:73:35:73:55 | './' + ... ry.path | -| normalizedPaths.js:73:35:73:55 | './' + ... ry.path | -| normalizedPaths.js:73:42:73:55 | req.query.path | -| normalizedPaths.js:73:42:73:55 | req.query.path | -| normalizedPaths.js:73:42:73:55 | req.query.path | -| normalizedPaths.js:73:42:73:55 | req.query.path | -| normalizedPaths.js:78:22:78:25 | path | -| normalizedPaths.js:78:22:78:25 | path | -| normalizedPaths.js:78:22:78:25 | path | -| normalizedPaths.js:78:22:78:25 | path | -| normalizedPaths.js:82:7:82:27 | path | -| normalizedPaths.js:82:7:82:27 | path | -| normalizedPaths.js:82:14:82:27 | req.query.path | -| normalizedPaths.js:82:14:82:27 | req.query.path | -| normalizedPaths.js:82:14:82:27 | req.query.path | -| normalizedPaths.js:87:29:87:32 | path | -| normalizedPaths.js:87:29:87:32 | path | -| normalizedPaths.js:87:29:87:32 | path | -| normalizedPaths.js:90:31:90:34 | path | -| normalizedPaths.js:90:31:90:34 | path | -| normalizedPaths.js:94:7:94:49 | path | -| normalizedPaths.js:94:7:94:49 | path | -| normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | -| normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | -| normalizedPaths.js:94:35:94:48 | req.query.path | -| normalizedPaths.js:94:35:94:48 | req.query.path | -| normalizedPaths.js:94:35:94:48 | req.query.path | -| normalizedPaths.js:99:29:99:32 | path | -| normalizedPaths.js:99:29:99:32 | path | -| normalizedPaths.js:99:29:99:32 | path | -| normalizedPaths.js:117:7:117:44 | path | -| normalizedPaths.js:117:7:117:44 | path | -| normalizedPaths.js:117:7:117:44 | path | -| normalizedPaths.js:117:7:117:44 | path | -| normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | -| normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | -| normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | -| normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | -| normalizedPaths.js:117:30:117:43 | req.query.path | -| normalizedPaths.js:117:30:117:43 | req.query.path | -| normalizedPaths.js:117:30:117:43 | req.query.path | -| normalizedPaths.js:117:30:117:43 | req.query.path | -| normalizedPaths.js:117:30:117:43 | req.query.path | -| normalizedPaths.js:119:19:119:22 | path | -| normalizedPaths.js:119:19:119:22 | path | -| normalizedPaths.js:119:19:119:22 | path | -| normalizedPaths.js:119:19:119:22 | path | -| normalizedPaths.js:119:19:119:22 | path | -| normalizedPaths.js:120:19:120:53 | pathMod ... .html') | -| normalizedPaths.js:120:19:120:53 | pathMod ... .html') | -| normalizedPaths.js:120:19:120:53 | pathMod ... .html') | -| normalizedPaths.js:120:19:120:53 | pathMod ... .html') | -| normalizedPaths.js:120:19:120:53 | pathMod ... .html') | -| normalizedPaths.js:120:35:120:38 | path | -| normalizedPaths.js:120:35:120:38 | path | -| normalizedPaths.js:120:35:120:38 | path | -| normalizedPaths.js:120:35:120:38 | path | -| normalizedPaths.js:130:7:130:49 | path | -| normalizedPaths.js:130:7:130:49 | path | -| normalizedPaths.js:130:7:130:49 | path | -| normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | -| normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | -| normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | -| normalizedPaths.js:130:35:130:48 | req.query.path | -| normalizedPaths.js:130:35:130:48 | req.query.path | -| normalizedPaths.js:130:35:130:48 | req.query.path | -| normalizedPaths.js:130:35:130:48 | req.query.path | -| normalizedPaths.js:135:21:135:24 | path | -| normalizedPaths.js:135:21:135:24 | path | -| normalizedPaths.js:135:21:135:24 | path | -| normalizedPaths.js:135:21:135:24 | path | -| normalizedPaths.js:139:7:139:62 | path | -| normalizedPaths.js:139:7:139:62 | path | -| normalizedPaths.js:139:7:139:62 | path | -| normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | -| normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | -| normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | -| normalizedPaths.js:139:48:139:61 | req.query.path | -| normalizedPaths.js:139:48:139:61 | req.query.path | -| normalizedPaths.js:139:48:139:61 | req.query.path | -| normalizedPaths.js:139:48:139:61 | req.query.path | -| normalizedPaths.js:144:21:144:24 | path | -| normalizedPaths.js:144:21:144:24 | path | -| normalizedPaths.js:144:21:144:24 | path | -| normalizedPaths.js:144:21:144:24 | path | -| normalizedPaths.js:148:7:148:58 | path | -| normalizedPaths.js:148:7:148:58 | path | -| normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | -| normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | -| normalizedPaths.js:148:23:148:58 | pathMod ... y.path) | -| normalizedPaths.js:148:23:148:58 | pathMod ... y.path) | -| normalizedPaths.js:148:44:148:57 | req.query.path | -| normalizedPaths.js:148:44:148:57 | req.query.path | -| normalizedPaths.js:148:44:148:57 | req.query.path | -| normalizedPaths.js:151:21:151:24 | path | -| normalizedPaths.js:151:21:151:24 | path | -| normalizedPaths.js:151:21:151:24 | path | -| normalizedPaths.js:153:21:153:24 | path | -| normalizedPaths.js:153:21:153:24 | path | -| normalizedPaths.js:153:21:153:24 | path | -| normalizedPaths.js:160:7:160:49 | path | -| normalizedPaths.js:160:7:160:49 | path | -| normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | -| normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | -| normalizedPaths.js:160:35:160:48 | req.query.path | -| normalizedPaths.js:160:35:160:48 | req.query.path | -| normalizedPaths.js:160:35:160:48 | req.query.path | -| normalizedPaths.js:165:19:165:22 | path | -| normalizedPaths.js:165:19:165:22 | path | -| normalizedPaths.js:165:19:165:22 | path | -| normalizedPaths.js:170:21:170:24 | path | -| normalizedPaths.js:170:21:170:24 | path | -| normalizedPaths.js:170:21:170:24 | path | -| normalizedPaths.js:174:7:174:27 | path | -| normalizedPaths.js:174:7:174:27 | path | -| normalizedPaths.js:174:7:174:27 | path | -| normalizedPaths.js:174:7:174:27 | path | -| normalizedPaths.js:174:14:174:27 | req.query.path | -| normalizedPaths.js:174:14:174:27 | req.query.path | -| normalizedPaths.js:174:14:174:27 | req.query.path | -| normalizedPaths.js:174:14:174:27 | req.query.path | -| normalizedPaths.js:174:14:174:27 | req.query.path | -| normalizedPaths.js:184:19:184:22 | path | -| normalizedPaths.js:184:19:184:22 | path | -| normalizedPaths.js:184:19:184:22 | path | -| normalizedPaths.js:184:19:184:22 | path | -| normalizedPaths.js:184:19:184:22 | path | -| normalizedPaths.js:187:21:187:24 | path | -| normalizedPaths.js:187:21:187:24 | path | -| normalizedPaths.js:187:21:187:24 | path | -| normalizedPaths.js:189:21:189:24 | path | -| normalizedPaths.js:189:21:189:24 | path | -| normalizedPaths.js:189:21:189:24 | path | -| normalizedPaths.js:192:21:192:24 | path | -| normalizedPaths.js:192:21:192:24 | path | -| normalizedPaths.js:192:21:192:24 | path | -| normalizedPaths.js:192:21:192:24 | path | -| normalizedPaths.js:192:21:192:24 | path | -| normalizedPaths.js:194:21:194:24 | path | -| normalizedPaths.js:194:21:194:24 | path | -| normalizedPaths.js:199:21:199:24 | path | -| normalizedPaths.js:199:21:199:24 | path | -| normalizedPaths.js:199:21:199:24 | path | -| normalizedPaths.js:199:21:199:24 | path | -| normalizedPaths.js:199:21:199:24 | path | -| normalizedPaths.js:201:7:201:49 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | -| normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | -| normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | -| normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | -| normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | -| normalizedPaths.js:201:45:201:48 | path | -| normalizedPaths.js:201:45:201:48 | path | -| normalizedPaths.js:201:45:201:48 | path | -| normalizedPaths.js:201:45:201:48 | path | -| normalizedPaths.js:205:21:205:34 | normalizedPath | -| normalizedPaths.js:205:21:205:34 | normalizedPath | -| normalizedPaths.js:205:21:205:34 | normalizedPath | -| normalizedPaths.js:205:21:205:34 | normalizedPath | -| normalizedPaths.js:205:21:205:34 | normalizedPath | -| normalizedPaths.js:208:21:208:34 | normalizedPath | -| normalizedPaths.js:208:21:208:34 | normalizedPath | -| normalizedPaths.js:208:21:208:34 | normalizedPath | -| normalizedPaths.js:208:21:208:34 | normalizedPath | -| normalizedPaths.js:208:21:208:34 | normalizedPath | -| normalizedPaths.js:210:21:210:34 | normalizedPath | -| normalizedPaths.js:210:21:210:34 | normalizedPath | -| normalizedPaths.js:210:21:210:34 | normalizedPath | -| normalizedPaths.js:210:21:210:34 | normalizedPath | -| normalizedPaths.js:210:21:210:34 | normalizedPath | -| normalizedPaths.js:214:7:214:49 | path | -| normalizedPaths.js:214:7:214:49 | path | -| normalizedPaths.js:214:7:214:49 | path | -| normalizedPaths.js:214:7:214:49 | path | -| normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | -| normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | -| normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | -| normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | -| normalizedPaths.js:214:35:214:48 | req.query.path | -| normalizedPaths.js:214:35:214:48 | req.query.path | -| normalizedPaths.js:214:35:214:48 | req.query.path | -| normalizedPaths.js:214:35:214:48 | req.query.path | -| normalizedPaths.js:214:35:214:48 | req.query.path | -| normalizedPaths.js:219:3:219:33 | path | -| normalizedPaths.js:219:3:219:33 | path | -| normalizedPaths.js:219:3:219:33 | path | -| normalizedPaths.js:219:3:219:33 | path | -| normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | -| normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | -| normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | -| normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | -| normalizedPaths.js:219:29:219:32 | path | -| normalizedPaths.js:219:29:219:32 | path | -| normalizedPaths.js:219:29:219:32 | path | -| normalizedPaths.js:219:29:219:32 | path | -| normalizedPaths.js:222:21:222:24 | path | -| normalizedPaths.js:222:21:222:24 | path | -| normalizedPaths.js:222:21:222:24 | path | -| normalizedPaths.js:222:21:222:24 | path | -| normalizedPaths.js:222:21:222:24 | path | -| normalizedPaths.js:226:7:226:70 | path | -| normalizedPaths.js:226:7:226:70 | path | -| normalizedPaths.js:226:14:226:49 | pathMod ... y.path) | -| normalizedPaths.js:226:14:226:49 | pathMod ... y.path) | -| normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | -| normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | -| normalizedPaths.js:226:35:226:48 | req.query.path | -| normalizedPaths.js:226:35:226:48 | req.query.path | -| normalizedPaths.js:226:35:226:48 | req.query.path | -| normalizedPaths.js:228:21:228:24 | path | -| normalizedPaths.js:228:21:228:24 | path | -| normalizedPaths.js:228:21:228:24 | path | -| normalizedPaths.js:236:7:236:47 | path | -| normalizedPaths.js:236:7:236:47 | path | -| normalizedPaths.js:236:7:236:47 | path | -| normalizedPaths.js:236:7:236:47 | path | -| normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | -| normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | -| normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | -| normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | -| normalizedPaths.js:236:33:236:46 | req.query.path | -| normalizedPaths.js:236:33:236:46 | req.query.path | -| normalizedPaths.js:236:33:236:46 | req.query.path | -| normalizedPaths.js:236:33:236:46 | req.query.path | -| normalizedPaths.js:236:33:236:46 | req.query.path | -| normalizedPaths.js:238:19:238:22 | path | -| normalizedPaths.js:238:19:238:22 | path | -| normalizedPaths.js:238:19:238:22 | path | -| normalizedPaths.js:238:19:238:22 | path | -| normalizedPaths.js:238:19:238:22 | path | -| normalizedPaths.js:245:21:245:24 | path | -| normalizedPaths.js:245:21:245:24 | path | -| normalizedPaths.js:245:21:245:24 | path | -| normalizedPaths.js:245:21:245:24 | path | -| normalizedPaths.js:245:21:245:24 | path | -| normalizedPaths.js:250:21:250:24 | path | -| normalizedPaths.js:250:21:250:24 | path | -| normalizedPaths.js:250:21:250:24 | path | -| normalizedPaths.js:250:21:250:24 | path | -| normalizedPaths.js:250:21:250:24 | path | -| normalizedPaths.js:254:7:254:47 | path | -| normalizedPaths.js:254:7:254:47 | path | -| normalizedPaths.js:254:7:254:47 | path | -| normalizedPaths.js:254:7:254:47 | path | -| normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | -| normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | -| normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | -| normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | -| normalizedPaths.js:254:33:254:46 | req.query.path | -| normalizedPaths.js:254:33:254:46 | req.query.path | -| normalizedPaths.js:254:33:254:46 | req.query.path | -| normalizedPaths.js:254:33:254:46 | req.query.path | -| normalizedPaths.js:254:33:254:46 | req.query.path | -| normalizedPaths.js:256:19:256:22 | path | -| normalizedPaths.js:256:19:256:22 | path | -| normalizedPaths.js:256:19:256:22 | path | -| normalizedPaths.js:256:19:256:22 | path | -| normalizedPaths.js:256:19:256:22 | path | -| normalizedPaths.js:262:21:262:24 | path | -| normalizedPaths.js:262:21:262:24 | path | -| normalizedPaths.js:262:21:262:24 | path | -| normalizedPaths.js:262:21:262:24 | path | -| normalizedPaths.js:262:21:262:24 | path | -| normalizedPaths.js:267:7:267:42 | newpath | -| normalizedPaths.js:267:7:267:42 | newpath | -| normalizedPaths.js:267:7:267:42 | newpath | -| normalizedPaths.js:267:7:267:42 | newpath | -| normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | -| normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | -| normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | -| normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | -| normalizedPaths.js:267:38:267:41 | path | -| normalizedPaths.js:267:38:267:41 | path | -| normalizedPaths.js:267:38:267:41 | path | -| normalizedPaths.js:267:38:267:41 | path | -| normalizedPaths.js:270:21:270:27 | newpath | -| normalizedPaths.js:270:21:270:27 | newpath | -| normalizedPaths.js:270:21:270:27 | newpath | -| normalizedPaths.js:270:21:270:27 | newpath | -| normalizedPaths.js:270:21:270:27 | newpath | -| normalizedPaths.js:275:7:275:42 | newpath | -| normalizedPaths.js:275:7:275:42 | newpath | -| normalizedPaths.js:275:7:275:42 | newpath | -| normalizedPaths.js:275:7:275:42 | newpath | -| normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | -| normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | -| normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | -| normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | -| normalizedPaths.js:275:38:275:41 | path | -| normalizedPaths.js:275:38:275:41 | path | -| normalizedPaths.js:275:38:275:41 | path | -| normalizedPaths.js:275:38:275:41 | path | -| normalizedPaths.js:278:21:278:27 | newpath | -| normalizedPaths.js:278:21:278:27 | newpath | -| normalizedPaths.js:278:21:278:27 | newpath | -| normalizedPaths.js:278:21:278:27 | newpath | -| normalizedPaths.js:278:21:278:27 | newpath | -| normalizedPaths.js:283:7:283:42 | newpath | -| normalizedPaths.js:283:7:283:42 | newpath | -| normalizedPaths.js:283:7:283:42 | newpath | -| normalizedPaths.js:283:7:283:42 | newpath | -| normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | -| normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | -| normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | -| normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | -| normalizedPaths.js:283:38:283:41 | path | -| normalizedPaths.js:283:38:283:41 | path | -| normalizedPaths.js:283:38:283:41 | path | -| normalizedPaths.js:283:38:283:41 | path | -| normalizedPaths.js:286:21:286:27 | newpath | -| normalizedPaths.js:286:21:286:27 | newpath | -| normalizedPaths.js:286:21:286:27 | newpath | -| normalizedPaths.js:286:21:286:27 | newpath | -| normalizedPaths.js:286:21:286:27 | newpath | -| normalizedPaths.js:291:7:291:42 | newpath | -| normalizedPaths.js:291:7:291:42 | newpath | -| normalizedPaths.js:291:7:291:42 | newpath | -| normalizedPaths.js:291:7:291:42 | newpath | -| normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | -| normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | -| normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | -| normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | -| normalizedPaths.js:291:38:291:41 | path | -| normalizedPaths.js:291:38:291:41 | path | -| normalizedPaths.js:291:38:291:41 | path | -| normalizedPaths.js:291:38:291:41 | path | -| normalizedPaths.js:296:21:296:27 | newpath | -| normalizedPaths.js:296:21:296:27 | newpath | -| normalizedPaths.js:296:21:296:27 | newpath | -| normalizedPaths.js:296:21:296:27 | newpath | -| normalizedPaths.js:296:21:296:27 | newpath | -| normalizedPaths.js:303:6:303:26 | path | -| normalizedPaths.js:303:6:303:26 | path | -| normalizedPaths.js:303:6:303:26 | path | -| normalizedPaths.js:303:6:303:26 | path | -| normalizedPaths.js:303:13:303:26 | req.query.path | -| normalizedPaths.js:303:13:303:26 | req.query.path | -| normalizedPaths.js:303:13:303:26 | req.query.path | -| normalizedPaths.js:303:13:303:26 | req.query.path | -| normalizedPaths.js:303:13:303:26 | req.query.path | -| normalizedPaths.js:304:18:304:21 | path | -| normalizedPaths.js:304:18:304:21 | path | -| normalizedPaths.js:304:18:304:21 | path | -| normalizedPaths.js:304:18:304:21 | path | -| normalizedPaths.js:304:18:304:21 | path | -| normalizedPaths.js:309:19:309:22 | path | -| normalizedPaths.js:309:19:309:22 | path | -| normalizedPaths.js:309:19:309:22 | path | -| normalizedPaths.js:309:19:309:22 | path | -| normalizedPaths.js:309:19:309:22 | path | -| normalizedPaths.js:313:19:313:22 | path | -| normalizedPaths.js:313:19:313:22 | path | -| normalizedPaths.js:313:19:313:22 | path | -| normalizedPaths.js:313:19:313:22 | path | -| normalizedPaths.js:316:19:316:22 | path | -| normalizedPaths.js:316:19:316:22 | path | -| normalizedPaths.js:316:19:316:22 | path | -| normalizedPaths.js:316:19:316:22 | path | -| normalizedPaths.js:316:19:316:22 | path | -| normalizedPaths.js:320:6:320:49 | normalizedPath | -| normalizedPaths.js:320:6:320:49 | normalizedPath | -| normalizedPaths.js:320:6:320:49 | normalizedPath | -| normalizedPaths.js:320:23:320:49 | pathMod ... , path) | -| normalizedPaths.js:320:23:320:49 | pathMod ... , path) | -| normalizedPaths.js:320:23:320:49 | pathMod ... , path) | -| normalizedPaths.js:320:45:320:48 | path | -| normalizedPaths.js:320:45:320:48 | path | -| normalizedPaths.js:320:45:320:48 | path | -| normalizedPaths.js:325:19:325:32 | normalizedPath | -| normalizedPaths.js:325:19:325:32 | normalizedPath | -| normalizedPaths.js:325:19:325:32 | normalizedPath | -| normalizedPaths.js:325:19:325:32 | normalizedPath | -| normalizedPaths.js:332:19:332:32 | normalizedPath | -| normalizedPaths.js:332:19:332:32 | normalizedPath | -| normalizedPaths.js:332:19:332:32 | normalizedPath | -| normalizedPaths.js:332:19:332:32 | normalizedPath | -| normalizedPaths.js:339:6:339:46 | path | -| normalizedPaths.js:339:6:339:46 | path | -| normalizedPaths.js:339:6:339:46 | path | -| normalizedPaths.js:339:6:339:46 | path | -| normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | -| normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | -| normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | -| normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | -| normalizedPaths.js:339:32:339:45 | req.query.path | -| normalizedPaths.js:339:32:339:45 | req.query.path | -| normalizedPaths.js:339:32:339:45 | req.query.path | -| normalizedPaths.js:339:32:339:45 | req.query.path | -| normalizedPaths.js:339:32:339:45 | req.query.path | -| normalizedPaths.js:341:18:341:21 | path | -| normalizedPaths.js:341:18:341:21 | path | -| normalizedPaths.js:341:18:341:21 | path | -| normalizedPaths.js:341:18:341:21 | path | -| normalizedPaths.js:341:18:341:21 | path | -| normalizedPaths.js:346:19:346:22 | path | -| normalizedPaths.js:346:19:346:22 | path | -| normalizedPaths.js:346:19:346:22 | path | -| normalizedPaths.js:346:19:346:22 | path | -| normalizedPaths.js:346:19:346:22 | path | -| normalizedPaths.js:354:7:354:27 | path | -| normalizedPaths.js:354:7:354:27 | path | -| normalizedPaths.js:354:7:354:27 | path | -| normalizedPaths.js:354:7:354:27 | path | -| normalizedPaths.js:354:14:354:27 | req.query.path | -| normalizedPaths.js:354:14:354:27 | req.query.path | -| normalizedPaths.js:354:14:354:27 | req.query.path | -| normalizedPaths.js:354:14:354:27 | req.query.path | -| normalizedPaths.js:354:14:354:27 | req.query.path | -| normalizedPaths.js:356:19:356:22 | path | -| normalizedPaths.js:356:19:356:22 | path | -| normalizedPaths.js:356:19:356:22 | path | -| normalizedPaths.js:356:19:356:22 | path | -| normalizedPaths.js:356:19:356:22 | path | -| normalizedPaths.js:358:7:358:51 | requestPath | -| normalizedPaths.js:358:7:358:51 | requestPath | -| normalizedPaths.js:358:7:358:51 | requestPath | -| normalizedPaths.js:358:21:358:51 | pathMod ... , path) | -| normalizedPaths.js:358:21:358:51 | pathMod ... , path) | -| normalizedPaths.js:358:21:358:51 | pathMod ... , path) | -| normalizedPaths.js:358:47:358:50 | path | -| normalizedPaths.js:358:47:358:50 | path | -| normalizedPaths.js:358:47:358:50 | path | -| normalizedPaths.js:363:21:363:31 | requestPath | -| normalizedPaths.js:363:21:363:31 | requestPath | -| normalizedPaths.js:363:21:363:31 | requestPath | -| normalizedPaths.js:363:21:363:31 | requestPath | -| normalizedPaths.js:377:7:377:27 | path | -| normalizedPaths.js:377:7:377:27 | path | -| normalizedPaths.js:377:7:377:27 | path | -| normalizedPaths.js:377:7:377:27 | path | -| normalizedPaths.js:377:14:377:27 | req.query.path | -| normalizedPaths.js:377:14:377:27 | req.query.path | -| normalizedPaths.js:377:14:377:27 | req.query.path | -| normalizedPaths.js:377:14:377:27 | req.query.path | -| normalizedPaths.js:377:14:377:27 | req.query.path | -| normalizedPaths.js:379:19:379:22 | path | -| normalizedPaths.js:379:19:379:22 | path | -| normalizedPaths.js:379:19:379:22 | path | -| normalizedPaths.js:379:19:379:22 | path | -| normalizedPaths.js:379:19:379:22 | path | -| normalizedPaths.js:381:19:381:29 | slash(path) | -| normalizedPaths.js:381:19:381:29 | slash(path) | -| normalizedPaths.js:381:19:381:29 | slash(path) | -| normalizedPaths.js:381:19:381:29 | slash(path) | -| normalizedPaths.js:381:19:381:29 | slash(path) | -| normalizedPaths.js:381:25:381:28 | path | -| normalizedPaths.js:381:25:381:28 | path | -| normalizedPaths.js:381:25:381:28 | path | -| normalizedPaths.js:381:25:381:28 | path | -| normalizedPaths.js:385:7:385:46 | path | -| normalizedPaths.js:385:7:385:46 | path | -| normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | -| normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | -| normalizedPaths.js:385:35:385:45 | req.query.x | -| normalizedPaths.js:385:35:385:45 | req.query.x | -| normalizedPaths.js:385:35:385:45 | req.query.x | -| normalizedPaths.js:388:19:388:22 | path | -| normalizedPaths.js:388:19:388:22 | path | -| normalizedPaths.js:388:19:388:22 | path | -| normalizedPaths.js:399:21:399:24 | path | -| normalizedPaths.js:399:21:399:24 | path | -| normalizedPaths.js:399:21:399:24 | path | -| normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | -| normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | -| normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | -| normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | -| normalizedPaths.js:407:45:407:55 | req.query.x | -| normalizedPaths.js:407:45:407:55 | req.query.x | -| normalizedPaths.js:407:45:407:55 | req.query.x | -| normalizedPaths.js:407:45:407:55 | req.query.x | -| normalizedPaths.js:407:45:407:66 | req.que ... it('/') | -| normalizedPaths.js:407:45:407:66 | req.que ... it('/') | -| normalizedPaths.js:407:45:407:66 | req.que ... it('/') | -| normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | -| normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | -| normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | -| normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | -| normalizedPaths.js:408:38:408:48 | req.query.x | -| normalizedPaths.js:408:38:408:48 | req.query.x | -| normalizedPaths.js:408:38:408:48 | req.query.x | -| normalizedPaths.js:408:38:408:48 | req.query.x | -| normalizedPaths.js:408:38:408:59 | req.que ... it('/') | -| normalizedPaths.js:408:38:408:59 | req.que ... it('/') | -| normalizedPaths.js:408:38:408:59 | req.que ... it('/') | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:24:9:30 | req.url | -| other-fs-libraries.js:9:24:9:30 | req.url | -| other-fs-libraries.js:9:24:9:30 | req.url | -| other-fs-libraries.js:9:24:9:30 | req.url | -| other-fs-libraries.js:9:24:9:30 | req.url | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:24:38:30 | req.url | -| other-fs-libraries.js:38:24:38:30 | req.url | -| other-fs-libraries.js:38:24:38:30 | req.url | -| other-fs-libraries.js:38:24:38:30 | req.url | -| other-fs-libraries.js:38:24:38:30 | req.url | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:24:49:30 | req.url | -| other-fs-libraries.js:49:24:49:30 | req.url | -| other-fs-libraries.js:49:24:49:30 | req.url | -| other-fs-libraries.js:49:24:49:30 | req.url | -| other-fs-libraries.js:49:24:49:30 | req.url | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:24:68:30 | req.url | -| other-fs-libraries.js:68:24:68:30 | req.url | -| other-fs-libraries.js:68:24:68:30 | req.url | -| other-fs-libraries.js:68:24:68:30 | req.url | -| other-fs-libraries.js:68:24:68:30 | req.url | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:24:77:30 | req.url | -| other-fs-libraries.js:77:24:77:30 | req.url | -| other-fs-libraries.js:77:24:77:30 | req.url | -| other-fs-libraries.js:77:24:77:30 | req.url | -| other-fs-libraries.js:77:24:77:30 | req.url | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:79:16:79:19 | path | -| prettier.js:6:11:6:28 | p | -| prettier.js:6:11:6:28 | p | -| prettier.js:6:11:6:28 | p | -| prettier.js:6:11:6:28 | p | -| prettier.js:6:13:6:13 | p | -| prettier.js:6:13:6:13 | p | -| prettier.js:6:13:6:13 | p | -| prettier.js:6:13:6:13 | p | -| prettier.js:6:13:6:13 | p | -| prettier.js:7:28:7:28 | p | -| prettier.js:7:28:7:28 | p | -| prettier.js:7:28:7:28 | p | -| prettier.js:7:28:7:28 | p | -| prettier.js:7:28:7:28 | p | -| prettier.js:11:44:11:44 | p | -| prettier.js:11:44:11:44 | p | -| prettier.js:11:44:11:44 | p | -| prettier.js:11:44:11:44 | p | -| prettier.js:11:44:11:44 | p | -| pupeteer.js:5:9:5:71 | tainted | -| pupeteer.js:5:9:5:71 | tainted | -| pupeteer.js:5:9:5:71 | tainted | -| pupeteer.js:5:19:5:71 | "dir/" ... t.data" | -| pupeteer.js:5:19:5:71 | "dir/" ... t.data" | -| pupeteer.js:5:19:5:71 | "dir/" ... t.data" | -| pupeteer.js:5:28:5:53 | parseTo ... t).name | -| pupeteer.js:5:28:5:53 | parseTo ... t).name | -| pupeteer.js:5:28:5:53 | parseTo ... t).name | -| pupeteer.js:5:28:5:53 | parseTo ... t).name | -| pupeteer.js:9:28:9:34 | tainted | -| pupeteer.js:9:28:9:34 | tainted | -| pupeteer.js:9:28:9:34 | tainted | -| pupeteer.js:9:28:9:34 | tainted | -| pupeteer.js:13:37:13:43 | tainted | -| pupeteer.js:13:37:13:43 | tainted | -| pupeteer.js:13:37:13:43 | tainted | -| pupeteer.js:13:37:13:43 | tainted | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:24:6:30 | req.url | -| tainted-access-paths.js:6:24:6:30 | req.url | -| tainted-access-paths.js:6:24:6:30 | req.url | -| tainted-access-paths.js:6:24:6:30 | req.url | -| tainted-access-paths.js:6:24:6:30 | req.url | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:24:39:30 | req.url | -| tainted-access-paths.js:39:24:39:30 | req.url | -| tainted-access-paths.js:39:24:39:30 | req.url | -| tainted-access-paths.js:39:24:39:30 | req.url | -| tainted-access-paths.js:39:24:39:30 | req.url | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:24:48:30 | req.url | -| tainted-access-paths.js:48:24:48:30 | req.url | -| tainted-access-paths.js:48:24:48:30 | req.url | -| tainted-access-paths.js:48:24:48:30 | req.url | -| tainted-access-paths.js:48:24:48:30 | req.url | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:49:10:49:13 | path | -| tainted-require.js:7:19:7:37 | req.param("module") | -| tainted-require.js:7:19:7:37 | req.param("module") | -| tainted-require.js:7:19:7:37 | req.param("module") | -| tainted-require.js:7:19:7:37 | req.param("module") | -| tainted-require.js:7:19:7:37 | req.param("module") | -| tainted-require.js:7:19:7:37 | req.param("module") | -| tainted-require.js:12:29:12:47 | req.param("module") | -| tainted-require.js:12:29:12:47 | req.param("module") | -| tainted-require.js:12:29:12:47 | req.param("module") | -| tainted-require.js:12:29:12:47 | req.param("module") | -| tainted-require.js:12:29:12:47 | req.param("module") | -| tainted-require.js:12:29:12:47 | req.param("module") | -| tainted-require.js:14:11:14:29 | req.param("module") | -| tainted-require.js:14:11:14:29 | req.param("module") | -| tainted-require.js:14:11:14:29 | req.param("module") | -| tainted-require.js:14:11:14:29 | req.param("module") | -| tainted-require.js:14:11:14:29 | req.param("module") | -| tainted-require.js:14:11:14:29 | req.param("module") | -| tainted-sendFile.js:8:16:8:33 | req.param("gimme") | -| tainted-sendFile.js:8:16:8:33 | req.param("gimme") | -| tainted-sendFile.js:8:16:8:33 | req.param("gimme") | -| tainted-sendFile.js:8:16:8:33 | req.param("gimme") | -| tainted-sendFile.js:10:16:10:33 | req.param("gimme") | -| tainted-sendFile.js:10:16:10:33 | req.param("gimme") | -| tainted-sendFile.js:10:16:10:33 | req.param("gimme") | -| tainted-sendFile.js:10:16:10:33 | req.param("gimme") | -| tainted-sendFile.js:18:43:18:58 | req.param("dir") | -| tainted-sendFile.js:18:43:18:58 | req.param("dir") | -| tainted-sendFile.js:18:43:18:58 | req.param("dir") | -| tainted-sendFile.js:18:43:18:58 | req.param("dir") | -| tainted-sendFile.js:18:43:18:58 | req.param("dir") | -| tainted-sendFile.js:18:43:18:58 | req.param("dir") | -| tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:37:24:48 | req.params.x | -| tainted-sendFile.js:24:37:24:48 | req.params.x | -| tainted-sendFile.js:24:37:24:48 | req.params.x | -| tainted-sendFile.js:24:37:24:48 | req.params.x | -| tainted-sendFile.js:24:37:24:48 | req.params.x | -| tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | -| tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | -| tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | -| tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | -| tainted-sendFile.js:25:34:25:45 | req.params.x | -| tainted-sendFile.js:25:34:25:45 | req.params.x | -| tainted-sendFile.js:25:34:25:45 | req.params.x | -| tainted-sendFile.js:25:34:25:45 | req.params.x | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:24:6:30 | req.url | -| tainted-string-steps.js:6:24:6:30 | req.url | -| tainted-string-steps.js:6:24:6:30 | req.url | -| tainted-string-steps.js:6:24:6:30 | req.url | -| tainted-string-steps.js:6:24:6:30 | req.url | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| torrents.js:5:6:5:38 | name | -| torrents.js:5:6:5:38 | name | -| torrents.js:5:6:5:38 | name | -| torrents.js:5:13:5:38 | parseTo ... t).name | -| torrents.js:5:13:5:38 | parseTo ... t).name | -| torrents.js:5:13:5:38 | parseTo ... t).name | -| torrents.js:5:13:5:38 | parseTo ... t).name | -| torrents.js:6:6:6:45 | loc | -| torrents.js:6:6:6:45 | loc | -| torrents.js:6:6:6:45 | loc | -| torrents.js:6:12:6:45 | dir + " ... t.data" | -| torrents.js:6:12:6:45 | dir + " ... t.data" | -| torrents.js:6:12:6:45 | dir + " ... t.data" | -| torrents.js:6:24:6:27 | name | -| torrents.js:6:24:6:27 | name | -| torrents.js:6:24:6:27 | name | -| torrents.js:7:25:7:27 | loc | -| torrents.js:7:25:7:27 | loc | -| torrents.js:7:25:7:27 | loc | -| torrents.js:7:25:7:27 | loc | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:7:9:48 | path | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:24:9:30 | req.url | -| typescript.ts:9:24:9:30 | req.url | -| typescript.ts:9:24:9:30 | req.url | -| typescript.ts:9:24:9:30 | req.url | -| typescript.ts:9:24:9:30 | req.url | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:12:29:12:32 | path | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:20:15:20:18 | path | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:21:39:21:43 | path3 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:23:15:23:18 | path | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:24:39:24:43 | path4 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:30:15:30:18 | path | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| typescript.ts:32:29:32:33 | path6 | -| views.js:1:43:1:55 | req.params[0] | -| views.js:1:43:1:55 | req.params[0] | -| views.js:1:43:1:55 | req.params[0] | -| views.js:1:43:1:55 | req.params[0] | -| views.js:1:43:1:55 | req.params[0] | -| views.js:1:43:1:55 | req.params[0] | +| TaintedPath-es6.js:7:7:7:44 | path | semmle.label | path | +| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | semmle.label | parse(req.url, true) | +| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | semmle.label | parse(r ... ).query | +| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | semmle.label | parse(r ... ry.path | +| TaintedPath-es6.js:7:20:7:26 | req.url | semmle.label | req.url | +| TaintedPath-es6.js:10:26:10:45 | join("public", path) | semmle.label | join("public", path) | +| TaintedPath-es6.js:10:41:10:44 | path | semmle.label | path | +| TaintedPath.js:9:7:9:48 | path | semmle.label | path | +| TaintedPath.js:9:14:9:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| TaintedPath.js:9:14:9:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| TaintedPath.js:9:14:9:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| TaintedPath.js:9:24:9:30 | req.url | semmle.label | req.url | +| TaintedPath.js:12:29:12:32 | path | semmle.label | path | +| TaintedPath.js:15:29:15:48 | "/home/user/" + path | semmle.label | "/home/user/" + path | +| TaintedPath.js:15:45:15:48 | path | semmle.label | path | +| TaintedPath.js:18:33:18:36 | path | semmle.label | path | +| TaintedPath.js:21:33:21:36 | path | semmle.label | path | +| TaintedPath.js:24:33:24:36 | path | semmle.label | path | +| TaintedPath.js:33:31:33:34 | path | semmle.label | path | +| TaintedPath.js:38:3:38:44 | path | semmle.label | path | +| TaintedPath.js:38:10:38:33 | url.par ... , true) | semmle.label | url.par ... , true) | +| TaintedPath.js:38:10:38:39 | url.par ... ).query | semmle.label | url.par ... ).query | +| TaintedPath.js:38:10:38:44 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| TaintedPath.js:38:20:38:26 | req.url | semmle.label | req.url | +| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | semmle.label | pathMod ... e(path) | +| TaintedPath.js:42:48:42:51 | path | semmle.label | path | +| TaintedPath.js:46:29:46:49 | pathMod ... n(path) | semmle.label | pathMod ... n(path) | +| TaintedPath.js:46:45:46:48 | path | semmle.label | path | +| TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | semmle.label | pathMod ... ath, z) | +| TaintedPath.js:48:51:48:54 | path | semmle.label | path | +| TaintedPath.js:50:29:50:54 | pathMod ... e(path) | semmle.label | pathMod ... e(path) | +| TaintedPath.js:50:50:50:53 | path | semmle.label | path | +| TaintedPath.js:52:29:52:56 | pathMod ... , path) | semmle.label | pathMod ... , path) | +| TaintedPath.js:52:52:52:55 | path | semmle.label | path | +| TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | semmle.label | pathMod ... ath, x) | +| TaintedPath.js:54:49:54:52 | path | semmle.label | path | +| TaintedPath.js:56:29:56:52 | pathMod ... e(path) | semmle.label | pathMod ... e(path) | +| TaintedPath.js:56:48:56:51 | path | semmle.label | path | +| TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | semmle.label | pathMod ... ath, z) | +| TaintedPath.js:58:54:58:57 | path | semmle.label | path | +| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | semmle.label | pathMod ... h(path) | +| TaintedPath.js:60:57:60:60 | path | semmle.label | path | +| TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | semmle.label | Cookie.get("unsafe") | +| TaintedPath.js:77:31:77:70 | require ... eq.url) | semmle.label | require ... eq.url) | +| TaintedPath.js:77:31:77:76 | require ... ).query | semmle.label | require ... ).query | +| TaintedPath.js:77:63:77:69 | req.url | semmle.label | req.url | +| TaintedPath.js:78:31:78:68 | require ... eq.url) | semmle.label | require ... eq.url) | +| TaintedPath.js:78:31:78:74 | require ... ).query | semmle.label | require ... ).query | +| TaintedPath.js:78:61:78:67 | req.url | semmle.label | req.url | +| TaintedPath.js:79:31:79:67 | require ... eq.url) | semmle.label | require ... eq.url) | +| TaintedPath.js:79:31:79:73 | require ... ).query | semmle.label | require ... ).query | +| TaintedPath.js:79:60:79:66 | req.url | semmle.label | req.url | +| TaintedPath.js:87:48:87:60 | req.params[0] | semmle.label | req.params[0] | +| TaintedPath.js:95:30:95:31 | ev | semmle.label | ev | +| TaintedPath.js:96:24:96:25 | ev | semmle.label | ev | +| TaintedPath.js:96:24:96:30 | ev.data | semmle.label | ev.data | +| TaintedPath.js:100:6:100:47 | path | semmle.label | path | +| TaintedPath.js:100:13:100:36 | url.par ... , true) | semmle.label | url.par ... , true) | +| TaintedPath.js:100:13:100:42 | url.par ... ).query | semmle.label | url.par ... ).query | +| TaintedPath.js:100:13:100:47 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| TaintedPath.js:100:23:100:29 | req.url | semmle.label | req.url | +| TaintedPath.js:102:28:102:48 | fs.real ... c(path) | semmle.label | fs.real ... c(path) | +| TaintedPath.js:102:44:102:47 | path | semmle.label | path | +| TaintedPath.js:103:14:103:17 | path | semmle.label | path | +| TaintedPath.js:104:32:104:39 | realpath | semmle.label | realpath | +| TaintedPath.js:105:45:105:52 | realpath | semmle.label | realpath | +| TaintedPath.js:136:6:136:47 | path | semmle.label | path | +| TaintedPath.js:136:13:136:36 | url.par ... , true) | semmle.label | url.par ... , true) | +| TaintedPath.js:136:13:136:42 | url.par ... ).query | semmle.label | url.par ... ).query | +| TaintedPath.js:136:13:136:47 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| TaintedPath.js:136:23:136:29 | req.url | semmle.label | req.url | +| TaintedPath.js:138:23:138:26 | path | semmle.label | path | +| TaintedPath.js:142:7:142:48 | path | semmle.label | path | +| TaintedPath.js:142:14:142:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| TaintedPath.js:142:14:142:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| TaintedPath.js:142:14:142:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| TaintedPath.js:142:24:142:30 | req.url | semmle.label | req.url | +| TaintedPath.js:144:19:144:22 | path | semmle.label | path | +| TaintedPath.js:146:7:146:29 | split | semmle.label | split | +| TaintedPath.js:146:15:146:18 | path | semmle.label | path | +| TaintedPath.js:146:15:146:29 | path.split("/") | semmle.label | path.split("/") | +| TaintedPath.js:148:19:148:23 | split | semmle.label | split | +| TaintedPath.js:148:19:148:33 | split.join("/") | semmle.label | split.join("/") | +| TaintedPath.js:152:19:152:23 | split | semmle.label | split | +| TaintedPath.js:152:19:152:26 | split[x] | semmle.label | split[x] | +| TaintedPath.js:153:19:153:35 | prefix + split[x] | semmle.label | prefix + split[x] | +| TaintedPath.js:153:28:153:32 | split | semmle.label | split | +| TaintedPath.js:153:28:153:35 | split[x] | semmle.label | split[x] | +| TaintedPath.js:155:7:155:38 | concatted | semmle.label | concatted | +| TaintedPath.js:155:19:155:38 | prefix.concat(split) | semmle.label | prefix.concat(split) | +| TaintedPath.js:155:33:155:37 | split | semmle.label | split | +| TaintedPath.js:156:19:156:27 | concatted | semmle.label | concatted | +| TaintedPath.js:156:19:156:37 | concatted.join("/") | semmle.label | concatted.join("/") | +| TaintedPath.js:158:7:158:39 | concatted2 | semmle.label | concatted2 | +| TaintedPath.js:158:20:158:24 | split | semmle.label | split | +| TaintedPath.js:158:20:158:39 | split.concat(prefix) | semmle.label | split.concat(prefix) | +| TaintedPath.js:159:19:159:28 | concatted2 | semmle.label | concatted2 | +| TaintedPath.js:159:19:159:38 | concatted2.join("/") | semmle.label | concatted2.join("/") | +| TaintedPath.js:161:19:161:23 | split | semmle.label | split | +| TaintedPath.js:161:19:161:29 | split.pop() | semmle.label | split.pop() | +| TaintedPath.js:166:7:166:48 | path | semmle.label | path | +| TaintedPath.js:166:14:166:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| TaintedPath.js:166:14:166:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| TaintedPath.js:166:14:166:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| TaintedPath.js:166:24:166:30 | req.url | semmle.label | req.url | +| TaintedPath.js:170:29:170:32 | path | semmle.label | path | +| TaintedPath.js:170:29:170:55 | path.re ... /g, '') | semmle.label | path.re ... /g, '') | +| TaintedPath.js:176:29:176:32 | path | semmle.label | path | +| TaintedPath.js:176:29:176:52 | path.re ... /g, '') | semmle.label | path.re ... /g, '') | +| TaintedPath.js:177:29:177:32 | path | semmle.label | path | +| TaintedPath.js:177:29:177:53 | path.re ... /g, '') | semmle.label | path.re ... /g, '') | +| TaintedPath.js:178:29:178:32 | path | semmle.label | path | +| TaintedPath.js:178:29:178:51 | path.re ... /g, '') | semmle.label | path.re ... /g, '') | +| TaintedPath.js:179:29:179:32 | path | semmle.label | path | +| TaintedPath.js:179:29:179:57 | path.re ... /g, '') | semmle.label | path.re ... /g, '') | +| TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | semmle.label | "prefix ... +/, '') | +| TaintedPath.js:194:40:194:43 | path | semmle.label | path | +| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | semmle.label | path.re ... +/, '') | +| TaintedPath.js:195:29:195:54 | pathMod ... e(path) | semmle.label | pathMod ... e(path) | +| TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | semmle.label | pathMod ... +/, '') | +| TaintedPath.js:195:50:195:53 | path | semmle.label | path | +| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | semmle.label | qs.parse(req.url) | +| TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | semmle.label | qs.pars ... rl).foo | +| TaintedPath.js:203:38:203:44 | req.url | semmle.label | req.url | +| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | semmle.label | qs.pars ... q.url)) | +| TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | semmle.label | qs.pars ... l)).foo | +| TaintedPath.js:204:38:204:58 | normali ... eq.url) | semmle.label | normali ... eq.url) | +| TaintedPath.js:204:51:204:57 | req.url | semmle.label | req.url | +| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | semmle.label | parseqs ... eq.url) | +| TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | semmle.label | parseqs ... rl).foo | +| TaintedPath.js:206:44:206:50 | req.url | semmle.label | req.url | +| TaintedPath.js:211:7:211:48 | path | semmle.label | path | +| TaintedPath.js:211:14:211:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| TaintedPath.js:211:14:211:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| TaintedPath.js:211:14:211:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| TaintedPath.js:211:24:211:30 | req.url | semmle.label | req.url | +| TaintedPath.js:212:31:212:34 | path | semmle.label | path | +| TaintedPath.js:213:45:213:48 | path | semmle.label | path | +| TaintedPath.js:214:35:214:38 | path | semmle.label | path | +| examples/TaintedPath.js:8:7:8:52 | filePath | semmle.label | filePath | +| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | semmle.label | url.par ... , true) | +| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | semmle.label | url.par ... ).query | +| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| examples/TaintedPath.js:8:28:8:34 | req.url | semmle.label | req.url | +| examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | semmle.label | ROOT + filePath | +| examples/TaintedPath.js:11:36:11:43 | filePath | semmle.label | filePath | +| express.js:8:20:8:32 | req.query.bar | semmle.label | req.query.bar | +| handlebars.js:10:51:10:58 | filePath | semmle.label | filePath | +| handlebars.js:11:32:11:39 | filePath | semmle.label | filePath | +| handlebars.js:13:73:13:80 | filePath | semmle.label | filePath | +| handlebars.js:15:25:15:32 | filePath | semmle.label | filePath | +| handlebars.js:29:46:29:60 | req.params.path | semmle.label | req.params.path | +| handlebars.js:43:15:43:29 | req.params.path | semmle.label | req.params.path | +| normalizedPaths.js:11:7:11:27 | path | semmle.label | path | +| normalizedPaths.js:11:14:11:27 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:13:19:13:22 | path | semmle.label | path | +| normalizedPaths.js:14:19:14:29 | './' + path | semmle.label | './' + path | +| normalizedPaths.js:14:26:14:29 | path | semmle.label | path | +| normalizedPaths.js:15:19:15:22 | path | semmle.label | path | +| normalizedPaths.js:15:19:15:38 | path + '/index.html' | semmle.label | path + '/index.html' | +| normalizedPaths.js:16:19:16:53 | pathMod ... .html') | semmle.label | pathMod ... .html') | +| normalizedPaths.js:16:35:16:38 | path | semmle.label | path | +| normalizedPaths.js:17:19:17:57 | pathMod ... , path) | semmle.label | pathMod ... , path) | +| normalizedPaths.js:17:53:17:56 | path | semmle.label | path | +| normalizedPaths.js:21:7:21:49 | path | semmle.label | path | +| normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:21:35:21:48 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:23:19:23:22 | path | semmle.label | path | +| normalizedPaths.js:24:19:24:29 | './' + path | semmle.label | './' + path | +| normalizedPaths.js:24:26:24:29 | path | semmle.label | path | +| normalizedPaths.js:25:19:25:22 | path | semmle.label | path | +| normalizedPaths.js:25:19:25:38 | path + '/index.html' | semmle.label | path + '/index.html' | +| normalizedPaths.js:26:19:26:53 | pathMod ... .html') | semmle.label | pathMod ... .html') | +| normalizedPaths.js:26:35:26:38 | path | semmle.label | path | +| normalizedPaths.js:27:19:27:57 | pathMod ... , path) | semmle.label | pathMod ... , path) | +| normalizedPaths.js:27:53:27:56 | path | semmle.label | path | +| normalizedPaths.js:31:7:31:49 | path | semmle.label | path | +| normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:31:35:31:48 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:36:19:36:22 | path | semmle.label | path | +| normalizedPaths.js:41:21:41:24 | path | semmle.label | path | +| normalizedPaths.js:54:7:54:49 | path | semmle.label | path | +| normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:54:35:54:48 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:59:19:59:22 | path | semmle.label | path | +| normalizedPaths.js:63:19:63:22 | path | semmle.label | path | +| normalizedPaths.js:63:19:63:38 | path + "/index.html" | semmle.label | path + "/index.html" | +| normalizedPaths.js:68:21:68:24 | path | semmle.label | path | +| normalizedPaths.js:73:7:73:56 | path | semmle.label | path | +| normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:73:35:73:55 | './' + ... ry.path | semmle.label | './' + ... ry.path | +| normalizedPaths.js:73:42:73:55 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:78:22:78:25 | path | semmle.label | path | +| normalizedPaths.js:82:7:82:27 | path | semmle.label | path | +| normalizedPaths.js:82:14:82:27 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:87:29:87:32 | path | semmle.label | path | +| normalizedPaths.js:90:31:90:34 | path | semmle.label | path | +| normalizedPaths.js:94:7:94:49 | path | semmle.label | path | +| normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:94:35:94:48 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:99:29:99:32 | path | semmle.label | path | +| normalizedPaths.js:117:7:117:44 | path | semmle.label | path | +| normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | semmle.label | fs.real ... y.path) | +| normalizedPaths.js:117:30:117:43 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:119:19:119:22 | path | semmle.label | path | +| normalizedPaths.js:120:19:120:53 | pathMod ... .html') | semmle.label | pathMod ... .html') | +| normalizedPaths.js:120:35:120:38 | path | semmle.label | path | +| normalizedPaths.js:130:7:130:49 | path | semmle.label | path | +| normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:130:35:130:48 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:135:21:135:24 | path | semmle.label | path | +| normalizedPaths.js:139:7:139:62 | path | semmle.label | path | +| normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:139:48:139:61 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:144:21:144:24 | path | semmle.label | path | +| normalizedPaths.js:148:7:148:58 | path | semmle.label | path | +| normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | semmle.label | 'foo/' ... y.path) | +| normalizedPaths.js:148:23:148:58 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:148:44:148:57 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:151:21:151:24 | path | semmle.label | path | +| normalizedPaths.js:153:21:153:24 | path | semmle.label | path | +| normalizedPaths.js:160:7:160:49 | path | semmle.label | path | +| normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:160:35:160:48 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:165:19:165:22 | path | semmle.label | path | +| normalizedPaths.js:170:21:170:24 | path | semmle.label | path | +| normalizedPaths.js:174:7:174:27 | path | semmle.label | path | +| normalizedPaths.js:174:14:174:27 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:184:19:184:22 | path | semmle.label | path | +| normalizedPaths.js:187:21:187:24 | path | semmle.label | path | +| normalizedPaths.js:189:21:189:24 | path | semmle.label | path | +| normalizedPaths.js:192:21:192:24 | path | semmle.label | path | +| normalizedPaths.js:194:21:194:24 | path | semmle.label | path | +| normalizedPaths.js:199:21:199:24 | path | semmle.label | path | +| normalizedPaths.js:201:7:201:49 | normalizedPath | semmle.label | normalizedPath | +| normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | semmle.label | pathMod ... e(path) | +| normalizedPaths.js:201:45:201:48 | path | semmle.label | path | +| normalizedPaths.js:205:21:205:34 | normalizedPath | semmle.label | normalizedPath | +| normalizedPaths.js:208:21:208:34 | normalizedPath | semmle.label | normalizedPath | +| normalizedPaths.js:210:21:210:34 | normalizedPath | semmle.label | normalizedPath | +| normalizedPaths.js:214:7:214:49 | path | semmle.label | path | +| normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:214:35:214:48 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:219:3:219:33 | path | semmle.label | path | +| normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | semmle.label | decodeU ... t(path) | +| normalizedPaths.js:219:29:219:32 | path | semmle.label | path | +| normalizedPaths.js:222:21:222:24 | path | semmle.label | path | +| normalizedPaths.js:226:7:226:70 | path | semmle.label | path | +| normalizedPaths.js:226:14:226:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | semmle.label | pathMod ... g, ' ') | +| normalizedPaths.js:226:35:226:48 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:228:21:228:24 | path | semmle.label | path | +| normalizedPaths.js:236:7:236:47 | path | semmle.label | path | +| normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:236:33:236:46 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:238:19:238:22 | path | semmle.label | path | +| normalizedPaths.js:245:21:245:24 | path | semmle.label | path | +| normalizedPaths.js:250:21:250:24 | path | semmle.label | path | +| normalizedPaths.js:254:7:254:47 | path | semmle.label | path | +| normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:254:33:254:46 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:256:19:256:22 | path | semmle.label | path | +| normalizedPaths.js:262:21:262:24 | path | semmle.label | path | +| normalizedPaths.js:267:7:267:42 | newpath | semmle.label | newpath | +| normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | semmle.label | pathMod ... e(path) | +| normalizedPaths.js:267:38:267:41 | path | semmle.label | path | +| normalizedPaths.js:270:21:270:27 | newpath | semmle.label | newpath | +| normalizedPaths.js:275:7:275:42 | newpath | semmle.label | newpath | +| normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | semmle.label | pathMod ... e(path) | +| normalizedPaths.js:275:38:275:41 | path | semmle.label | path | +| normalizedPaths.js:278:21:278:27 | newpath | semmle.label | newpath | +| normalizedPaths.js:283:7:283:42 | newpath | semmle.label | newpath | +| normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | semmle.label | pathMod ... e(path) | +| normalizedPaths.js:283:38:283:41 | path | semmle.label | path | +| normalizedPaths.js:286:21:286:27 | newpath | semmle.label | newpath | +| normalizedPaths.js:291:7:291:42 | newpath | semmle.label | newpath | +| normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | semmle.label | pathMod ... e(path) | +| normalizedPaths.js:291:38:291:41 | path | semmle.label | path | +| normalizedPaths.js:296:21:296:27 | newpath | semmle.label | newpath | +| normalizedPaths.js:303:6:303:26 | path | semmle.label | path | +| normalizedPaths.js:303:13:303:26 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:304:18:304:21 | path | semmle.label | path | +| normalizedPaths.js:309:19:309:22 | path | semmle.label | path | +| normalizedPaths.js:313:19:313:22 | path | semmle.label | path | +| normalizedPaths.js:316:19:316:22 | path | semmle.label | path | +| normalizedPaths.js:320:6:320:49 | normalizedPath | semmle.label | normalizedPath | +| normalizedPaths.js:320:23:320:49 | pathMod ... , path) | semmle.label | pathMod ... , path) | +| normalizedPaths.js:320:45:320:48 | path | semmle.label | path | +| normalizedPaths.js:325:19:325:32 | normalizedPath | semmle.label | normalizedPath | +| normalizedPaths.js:332:19:332:32 | normalizedPath | semmle.label | normalizedPath | +| normalizedPaths.js:339:6:339:46 | path | semmle.label | path | +| normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | semmle.label | pathMod ... y.path) | +| normalizedPaths.js:339:32:339:45 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:341:18:341:21 | path | semmle.label | path | +| normalizedPaths.js:346:19:346:22 | path | semmle.label | path | +| normalizedPaths.js:354:7:354:27 | path | semmle.label | path | +| normalizedPaths.js:354:14:354:27 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:356:19:356:22 | path | semmle.label | path | +| normalizedPaths.js:358:7:358:51 | requestPath | semmle.label | requestPath | +| normalizedPaths.js:358:21:358:51 | pathMod ... , path) | semmle.label | pathMod ... , path) | +| normalizedPaths.js:358:47:358:50 | path | semmle.label | path | +| normalizedPaths.js:363:21:363:31 | requestPath | semmle.label | requestPath | +| normalizedPaths.js:377:7:377:27 | path | semmle.label | path | +| normalizedPaths.js:377:14:377:27 | req.query.path | semmle.label | req.query.path | +| normalizedPaths.js:379:19:379:22 | path | semmle.label | path | +| normalizedPaths.js:381:19:381:29 | slash(path) | semmle.label | slash(path) | +| normalizedPaths.js:381:25:381:28 | path | semmle.label | path | +| normalizedPaths.js:385:7:385:46 | path | semmle.label | path | +| normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | semmle.label | pathMod ... uery.x) | +| normalizedPaths.js:385:35:385:45 | req.query.x | semmle.label | req.query.x | +| normalizedPaths.js:388:19:388:22 | path | semmle.label | path | +| normalizedPaths.js:399:21:399:24 | path | semmle.label | path | +| normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | semmle.label | pathMod ... t('/')) | +| normalizedPaths.js:407:45:407:55 | req.query.x | semmle.label | req.query.x | +| normalizedPaths.js:407:45:407:66 | req.que ... it('/') | semmle.label | req.que ... it('/') | +| normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | semmle.label | pathMod ... t('/')) | +| normalizedPaths.js:408:38:408:48 | req.query.x | semmle.label | req.query.x | +| normalizedPaths.js:408:38:408:59 | req.que ... it('/') | semmle.label | req.que ... it('/') | +| other-fs-libraries.js:9:7:9:48 | path | semmle.label | path | +| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| other-fs-libraries.js:9:24:9:30 | req.url | semmle.label | req.url | +| other-fs-libraries.js:11:19:11:22 | path | semmle.label | path | +| other-fs-libraries.js:12:27:12:30 | path | semmle.label | path | +| other-fs-libraries.js:13:24:13:27 | path | semmle.label | path | +| other-fs-libraries.js:14:27:14:30 | path | semmle.label | path | +| other-fs-libraries.js:16:34:16:37 | path | semmle.label | path | +| other-fs-libraries.js:17:35:17:38 | path | semmle.label | path | +| other-fs-libraries.js:19:56:19:59 | path | semmle.label | path | +| other-fs-libraries.js:24:35:24:38 | path | semmle.label | path | +| other-fs-libraries.js:38:7:38:48 | path | semmle.label | path | +| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| other-fs-libraries.js:38:24:38:30 | req.url | semmle.label | req.url | +| other-fs-libraries.js:40:35:40:38 | path | semmle.label | path | +| other-fs-libraries.js:41:50:41:53 | path | semmle.label | path | +| other-fs-libraries.js:42:53:42:56 | path | semmle.label | path | +| other-fs-libraries.js:49:7:49:48 | path | semmle.label | path | +| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| other-fs-libraries.js:49:24:49:30 | req.url | semmle.label | req.url | +| other-fs-libraries.js:51:19:51:22 | path | semmle.label | path | +| other-fs-libraries.js:52:24:52:27 | path | semmle.label | path | +| other-fs-libraries.js:54:36:54:39 | path | semmle.label | path | +| other-fs-libraries.js:55:36:55:39 | path | semmle.label | path | +| other-fs-libraries.js:57:46:57:49 | path | semmle.label | path | +| other-fs-libraries.js:59:39:59:42 | path | semmle.label | path | +| other-fs-libraries.js:62:43:62:46 | path | semmle.label | path | +| other-fs-libraries.js:63:51:63:54 | path | semmle.label | path | +| other-fs-libraries.js:68:7:68:48 | path | semmle.label | path | +| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| other-fs-libraries.js:68:24:68:30 | req.url | semmle.label | req.url | +| other-fs-libraries.js:70:19:70:22 | path | semmle.label | path | +| other-fs-libraries.js:71:10:71:13 | path | semmle.label | path | +| other-fs-libraries.js:72:15:72:18 | path | semmle.label | path | +| other-fs-libraries.js:73:8:73:11 | path | semmle.label | path | +| other-fs-libraries.js:75:15:75:15 | x | semmle.label | x | +| other-fs-libraries.js:76:19:76:19 | x | semmle.label | x | +| other-fs-libraries.js:81:7:81:48 | path | semmle.label | path | +| other-fs-libraries.js:81:14:81:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| other-fs-libraries.js:81:14:81:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| other-fs-libraries.js:81:14:81:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| other-fs-libraries.js:81:24:81:30 | req.url | semmle.label | req.url | +| other-fs-libraries.js:83:16:83:19 | path | semmle.label | path | +| prettier.js:6:11:6:28 | p | semmle.label | p | +| prettier.js:6:13:6:13 | p | semmle.label | p | +| prettier.js:7:28:7:28 | p | semmle.label | p | +| prettier.js:11:44:11:44 | p | semmle.label | p | +| pupeteer.js:5:9:5:71 | tainted | semmle.label | tainted | +| pupeteer.js:5:19:5:71 | "dir/" ... t.data" | semmle.label | "dir/" ... t.data" | +| pupeteer.js:5:28:5:53 | parseTo ... t).name | semmle.label | parseTo ... t).name | +| pupeteer.js:9:28:9:34 | tainted | semmle.label | tainted | +| pupeteer.js:13:37:13:43 | tainted | semmle.label | tainted | +| sharedlib-repro.js:13:22:13:43 | req.par ... spaceId | semmle.label | req.par ... spaceId | +| sharedlib-repro.js:21:27:21:34 | filepath | semmle.label | filepath | +| sharedlib-repro.js:22:18:22:25 | filepath | semmle.label | filepath | +| tainted-access-paths.js:6:7:6:48 | path | semmle.label | path | +| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| tainted-access-paths.js:6:24:6:30 | req.url | semmle.label | req.url | +| tainted-access-paths.js:8:19:8:22 | path | semmle.label | path | +| tainted-access-paths.js:10:7:10:36 | obj | semmle.label | obj | +| tainted-access-paths.js:10:33:10:36 | path | semmle.label | path | +| tainted-access-paths.js:12:19:12:21 | obj | semmle.label | obj | +| tainted-access-paths.js:12:19:12:25 | obj.sub | semmle.label | obj.sub | +| tainted-access-paths.js:26:19:26:21 | obj | semmle.label | obj | +| tainted-access-paths.js:26:19:26:26 | obj.sub3 | semmle.label | obj.sub3 | +| tainted-access-paths.js:29:21:29:23 | obj | semmle.label | obj | +| tainted-access-paths.js:29:21:29:28 | obj.sub4 | semmle.label | obj.sub4 | +| tainted-access-paths.js:30:23:30:25 | obj | semmle.label | obj | +| tainted-access-paths.js:30:23:30:30 | obj.sub4 | semmle.label | obj.sub4 | +| tainted-access-paths.js:31:23:31:25 | obj | semmle.label | obj | +| tainted-access-paths.js:31:23:31:30 | obj.sub4 | semmle.label | obj.sub4 | +| tainted-access-paths.js:39:7:39:48 | path | semmle.label | path | +| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| tainted-access-paths.js:39:24:39:30 | req.url | semmle.label | req.url | +| tainted-access-paths.js:40:23:40:26 | path | semmle.label | path | +| tainted-access-paths.js:48:7:48:48 | path | semmle.label | path | +| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| tainted-access-paths.js:48:24:48:30 | req.url | semmle.label | req.url | +| tainted-access-paths.js:49:10:49:13 | path | semmle.label | path | +| tainted-promise-steps.js:6:7:6:48 | path | semmle.label | path | +| tainted-promise-steps.js:6:14:6:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| tainted-promise-steps.js:6:14:6:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| tainted-promise-steps.js:6:14:6:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| tainted-promise-steps.js:6:24:6:30 | req.url | semmle.label | req.url | +| tainted-promise-steps.js:7:10:7:30 | Promise ... e(path) [PromiseValue] | semmle.label | Promise ... e(path) [PromiseValue] | +| tainted-promise-steps.js:7:26:7:29 | path | semmle.label | path | +| tainted-promise-steps.js:10:23:10:33 | pathPromise [PromiseValue] | semmle.label | pathPromise [PromiseValue] | +| tainted-promise-steps.js:11:19:11:35 | await pathPromise | semmle.label | await pathPromise | +| tainted-promise-steps.js:11:25:11:35 | pathPromise [PromiseValue] | semmle.label | pathPromise [PromiseValue] | +| tainted-promise-steps.js:12:3:12:13 | pathPromise [PromiseValue] | semmle.label | pathPromise [PromiseValue] | +| tainted-promise-steps.js:12:20:12:23 | path | semmle.label | path | +| tainted-promise-steps.js:12:44:12:47 | path | semmle.label | path | +| tainted-require.js:7:19:7:37 | req.param("module") | semmle.label | req.param("module") | +| tainted-require.js:12:29:12:47 | req.param("module") | semmle.label | req.param("module") | +| tainted-require.js:14:11:14:29 | req.param("module") | semmle.label | req.param("module") | +| tainted-sendFile.js:8:16:8:33 | req.param("gimme") | semmle.label | req.param("gimme") | +| tainted-sendFile.js:10:16:10:33 | req.param("gimme") | semmle.label | req.param("gimme") | +| tainted-sendFile.js:18:43:18:58 | req.param("dir") | semmle.label | req.param("dir") | +| tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | semmle.label | path.re ... rams.x) | +| tainted-sendFile.js:24:37:24:48 | req.params.x | semmle.label | req.params.x | +| tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | semmle.label | path.jo ... rams.x) | +| tainted-sendFile.js:25:34:25:45 | req.params.x | semmle.label | req.params.x | +| tainted-string-steps.js:6:7:6:48 | path | semmle.label | path | +| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| tainted-string-steps.js:6:24:6:30 | req.url | semmle.label | req.url | +| tainted-string-steps.js:8:18:8:21 | path | semmle.label | path | +| tainted-string-steps.js:8:18:8:34 | path.substring(4) | semmle.label | path.substring(4) | +| tainted-string-steps.js:9:18:9:21 | path | semmle.label | path | +| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | semmle.label | path.substring(0, i) | +| tainted-string-steps.js:10:18:10:21 | path | semmle.label | path | +| tainted-string-steps.js:10:18:10:31 | path.substr(4) | semmle.label | path.substr(4) | +| tainted-string-steps.js:11:18:11:21 | path | semmle.label | path | +| tainted-string-steps.js:11:18:11:30 | path.slice(4) | semmle.label | path.slice(4) | +| tainted-string-steps.js:13:18:13:21 | path | semmle.label | path | +| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | semmle.label | path.concat(unknown) | +| tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | semmle.label | unknown.concat(path) | +| tainted-string-steps.js:14:33:14:36 | path | semmle.label | path | +| tainted-string-steps.js:15:18:15:46 | unknown ... , path) | semmle.label | unknown ... , path) | +| tainted-string-steps.js:15:42:15:45 | path | semmle.label | path | +| tainted-string-steps.js:17:18:17:21 | path | semmle.label | path | +| tainted-string-steps.js:17:18:17:28 | path.trim() | semmle.label | path.trim() | +| tainted-string-steps.js:18:18:18:21 | path | semmle.label | path | +| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | semmle.label | path.toLowerCase() | +| tainted-string-steps.js:22:18:22:21 | path | semmle.label | path | +| tainted-string-steps.js:22:18:22:32 | path.split('/') | semmle.label | path.split('/') | +| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | semmle.label | path.split('/')[i] | +| tainted-string-steps.js:23:18:23:21 | path | semmle.label | path | +| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | semmle.label | path.split(/\\//) | +| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | semmle.label | path.split(/\\//)[i] | +| tainted-string-steps.js:24:18:24:21 | path | semmle.label | path | +| tainted-string-steps.js:24:18:24:32 | path.split("?") | semmle.label | path.split("?") | +| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | semmle.label | path.split("?")[0] | +| tainted-string-steps.js:26:18:26:21 | path | semmle.label | path | +| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | semmle.label | path.split(unknown) | +| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | semmle.label | path.sp ... hatever | +| tainted-string-steps.js:27:18:27:21 | path | semmle.label | path | +| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | semmle.label | path.split(unknown) | +| torrents.js:5:6:5:38 | name | semmle.label | name | +| torrents.js:5:13:5:38 | parseTo ... t).name | semmle.label | parseTo ... t).name | +| torrents.js:6:6:6:45 | loc | semmle.label | loc | +| torrents.js:6:12:6:45 | dir + " ... t.data" | semmle.label | dir + " ... t.data" | +| torrents.js:6:24:6:27 | name | semmle.label | name | +| torrents.js:7:25:7:27 | loc | semmle.label | loc | +| typescript.ts:9:7:9:48 | path | semmle.label | path | +| typescript.ts:9:14:9:37 | url.par ... , true) | semmle.label | url.par ... , true) | +| typescript.ts:9:14:9:43 | url.par ... ).query | semmle.label | url.par ... ).query | +| typescript.ts:9:14:9:48 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| typescript.ts:9:24:9:30 | req.url | semmle.label | req.url | +| typescript.ts:12:29:12:32 | path | semmle.label | path | +| typescript.ts:20:7:20:18 | path3 | semmle.label | path3 | +| typescript.ts:20:15:20:18 | path | semmle.label | path | +| typescript.ts:21:39:21:43 | path3 | semmle.label | path3 | +| typescript.ts:23:7:23:18 | path4 | semmle.label | path4 | +| typescript.ts:23:15:23:18 | path | semmle.label | path | +| typescript.ts:24:39:24:43 | path4 | semmle.label | path4 | +| typescript.ts:30:7:30:18 | path6 | semmle.label | path6 | +| typescript.ts:30:15:30:18 | path | semmle.label | path | +| typescript.ts:32:29:32:33 | path6 | semmle.label | path6 | +| views.js:1:43:1:55 | req.params[0] | semmle.label | req.params[0] | edges -| TaintedPath-es6.js:7:7:7:44 | path | TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:7:7:7:44 | path | TaintedPath-es6.js:10:41:10:44 | path | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | TaintedPath-es6.js:7:7:7:44 | path | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:15:45:15:48 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:18:33:18:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:18:33:18:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:18:33:18:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:18:33:18:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:18:33:18:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:18:33:18:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:18:33:18:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:18:33:18:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:48:51:48:54 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | -| TaintedPath.js:87:48:87:60 | req.params[0] | TaintedPath.js:87:48:87:60 | req.params[0] | -| TaintedPath.js:95:30:95:31 | ev | TaintedPath.js:96:24:96:25 | ev | -| TaintedPath.js:95:30:95:31 | ev | TaintedPath.js:96:24:96:25 | ev | -| TaintedPath.js:95:30:95:31 | ev | TaintedPath.js:96:24:96:25 | ev | -| TaintedPath.js:95:30:95:31 | ev | TaintedPath.js:96:24:96:25 | ev | -| TaintedPath.js:95:30:95:31 | ev | TaintedPath.js:96:24:96:25 | ev | -| TaintedPath.js:95:30:95:31 | ev | TaintedPath.js:96:24:96:25 | ev | -| TaintedPath.js:95:30:95:31 | ev | TaintedPath.js:96:24:96:25 | ev | -| TaintedPath.js:95:30:95:31 | ev | TaintedPath.js:96:24:96:25 | ev | -| TaintedPath.js:96:24:96:25 | ev | TaintedPath.js:96:24:96:30 | ev.data | -| TaintedPath.js:96:24:96:25 | ev | TaintedPath.js:96:24:96:30 | ev.data | -| TaintedPath.js:96:24:96:25 | ev | TaintedPath.js:96:24:96:30 | ev.data | -| TaintedPath.js:96:24:96:25 | ev | TaintedPath.js:96:24:96:30 | ev.data | -| TaintedPath.js:96:24:96:30 | ev.data | TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | -| TaintedPath.js:96:24:96:30 | ev.data | TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | -| TaintedPath.js:96:24:96:30 | ev.data | TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | -| TaintedPath.js:96:24:96:30 | ev.data | TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | -| TaintedPath.js:96:24:96:30 | ev.data | TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | -| TaintedPath.js:96:24:96:30 | ev.data | TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | -| TaintedPath.js:96:24:96:30 | ev.data | TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | -| TaintedPath.js:96:24:96:30 | ev.data | TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:102:44:102:47 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:103:14:103:17 | path | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:36 | url.par ... , true) | TaintedPath.js:100:13:100:42 | url.par ... ).query | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:42 | url.par ... ).query | TaintedPath.js:100:13:100:47 | url.par ... ry.path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:13:100:47 | url.par ... ry.path | TaintedPath.js:100:6:100:47 | path | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | -| TaintedPath.js:103:14:103:17 | path | TaintedPath.js:104:32:104:39 | realpath | -| TaintedPath.js:103:14:103:17 | path | TaintedPath.js:104:32:104:39 | realpath | -| TaintedPath.js:103:14:103:17 | path | TaintedPath.js:104:32:104:39 | realpath | -| TaintedPath.js:103:14:103:17 | path | TaintedPath.js:104:32:104:39 | realpath | -| TaintedPath.js:103:14:103:17 | path | TaintedPath.js:104:32:104:39 | realpath | -| TaintedPath.js:103:14:103:17 | path | TaintedPath.js:104:32:104:39 | realpath | -| TaintedPath.js:103:14:103:17 | path | TaintedPath.js:104:32:104:39 | realpath | -| TaintedPath.js:103:14:103:17 | path | TaintedPath.js:104:32:104:39 | realpath | -| TaintedPath.js:103:14:103:17 | path | TaintedPath.js:104:32:104:39 | realpath | -| TaintedPath.js:103:14:103:17 | path | TaintedPath.js:104:32:104:39 | realpath | -| TaintedPath.js:103:14:103:17 | path | TaintedPath.js:104:32:104:39 | realpath | -| TaintedPath.js:103:14:103:17 | path | TaintedPath.js:104:32:104:39 | realpath | -| TaintedPath.js:103:14:103:17 | path | TaintedPath.js:104:32:104:39 | realpath | -| TaintedPath.js:103:14:103:17 | path | TaintedPath.js:104:32:104:39 | realpath | -| TaintedPath.js:103:14:103:17 | path | TaintedPath.js:104:32:104:39 | realpath | -| TaintedPath.js:103:14:103:17 | path | TaintedPath.js:104:32:104:39 | realpath | -| TaintedPath.js:104:32:104:39 | realpath | TaintedPath.js:105:45:105:52 | realpath | -| TaintedPath.js:104:32:104:39 | realpath | TaintedPath.js:105:45:105:52 | realpath | -| TaintedPath.js:104:32:104:39 | realpath | TaintedPath.js:105:45:105:52 | realpath | -| TaintedPath.js:104:32:104:39 | realpath | TaintedPath.js:105:45:105:52 | realpath | -| TaintedPath.js:104:32:104:39 | realpath | TaintedPath.js:105:45:105:52 | realpath | -| TaintedPath.js:104:32:104:39 | realpath | TaintedPath.js:105:45:105:52 | realpath | -| TaintedPath.js:104:32:104:39 | realpath | TaintedPath.js:105:45:105:52 | realpath | -| TaintedPath.js:104:32:104:39 | realpath | TaintedPath.js:105:45:105:52 | realpath | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:36 | url.par ... , true) | TaintedPath.js:136:13:136:42 | url.par ... ).query | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:42 | url.par ... ).query | TaintedPath.js:136:13:136:47 | url.par ... ry.path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:13:136:47 | url.par ... ry.path | TaintedPath.js:136:6:136:47 | path | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:146:15:146:18 | path | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:37 | url.par ... , true) | TaintedPath.js:142:14:142:43 | url.par ... ).query | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:43 | url.par ... ).query | TaintedPath.js:142:14:142:48 | url.par ... ry.path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:14:142:48 | url.par ... ry.path | TaintedPath.js:142:7:142:48 | path | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | -| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:148:19:148:23 | split | -| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:148:19:148:23 | split | -| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:148:19:148:23 | split | -| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:148:19:148:23 | split | -| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:152:19:152:23 | split | -| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:152:19:152:23 | split | -| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:152:19:152:23 | split | -| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:152:19:152:23 | split | -| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:153:28:153:32 | split | -| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:153:28:153:32 | split | -| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:153:28:153:32 | split | -| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:153:28:153:32 | split | -| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:155:33:155:37 | split | -| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:155:33:155:37 | split | -| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:155:33:155:37 | split | -| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:155:33:155:37 | split | -| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:158:20:158:24 | split | -| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:158:20:158:24 | split | -| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:158:20:158:24 | split | -| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:158:20:158:24 | split | -| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:161:19:161:23 | split | -| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:161:19:161:23 | split | -| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:161:19:161:23 | split | -| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:161:19:161:23 | split | -| TaintedPath.js:146:15:146:18 | path | TaintedPath.js:146:15:146:29 | path.split("/") | -| TaintedPath.js:146:15:146:18 | path | TaintedPath.js:146:15:146:29 | path.split("/") | -| TaintedPath.js:146:15:146:18 | path | TaintedPath.js:146:15:146:29 | path.split("/") | -| TaintedPath.js:146:15:146:18 | path | TaintedPath.js:146:15:146:29 | path.split("/") | -| TaintedPath.js:146:15:146:18 | path | TaintedPath.js:146:15:146:29 | path.split("/") | -| TaintedPath.js:146:15:146:18 | path | TaintedPath.js:146:15:146:29 | path.split("/") | -| TaintedPath.js:146:15:146:18 | path | TaintedPath.js:146:15:146:29 | path.split("/") | -| TaintedPath.js:146:15:146:18 | path | TaintedPath.js:146:15:146:29 | path.split("/") | -| TaintedPath.js:146:15:146:18 | path | TaintedPath.js:146:15:146:29 | path.split("/") | -| TaintedPath.js:146:15:146:18 | path | TaintedPath.js:146:15:146:29 | path.split("/") | -| TaintedPath.js:146:15:146:18 | path | TaintedPath.js:146:15:146:29 | path.split("/") | -| TaintedPath.js:146:15:146:18 | path | TaintedPath.js:146:15:146:29 | path.split("/") | -| TaintedPath.js:146:15:146:29 | path.split("/") | TaintedPath.js:146:7:146:29 | split | -| TaintedPath.js:146:15:146:29 | path.split("/") | TaintedPath.js:146:7:146:29 | split | -| TaintedPath.js:146:15:146:29 | path.split("/") | TaintedPath.js:146:7:146:29 | split | -| TaintedPath.js:146:15:146:29 | path.split("/") | TaintedPath.js:146:7:146:29 | split | -| TaintedPath.js:148:19:148:23 | split | TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:23 | split | TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:23 | split | TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:23 | split | TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:23 | split | TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:23 | split | TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:23 | split | TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:23 | split | TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:23 | split | TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:23 | split | TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:23 | split | TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:23 | split | TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:23 | split | TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:23 | split | TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:23 | split | TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:148:19:148:23 | split | TaintedPath.js:148:19:148:33 | split.join("/") | -| TaintedPath.js:152:19:152:23 | split | TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:23 | split | TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:23 | split | TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:23 | split | TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:23 | split | TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:23 | split | TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:23 | split | TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:23 | split | TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:23 | split | TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:23 | split | TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:23 | split | TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:23 | split | TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:23 | split | TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:23 | split | TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:23 | split | TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:152:19:152:23 | split | TaintedPath.js:152:19:152:26 | split[x] | -| TaintedPath.js:153:28:153:32 | split | TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:32 | split | TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:32 | split | TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:32 | split | TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:32 | split | TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:32 | split | TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:32 | split | TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:32 | split | TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:32 | split | TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:32 | split | TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:32 | split | TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:32 | split | TaintedPath.js:153:28:153:35 | split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | -| TaintedPath.js:155:7:155:38 | concatted | TaintedPath.js:156:19:156:27 | concatted | -| TaintedPath.js:155:7:155:38 | concatted | TaintedPath.js:156:19:156:27 | concatted | -| TaintedPath.js:155:7:155:38 | concatted | TaintedPath.js:156:19:156:27 | concatted | -| TaintedPath.js:155:7:155:38 | concatted | TaintedPath.js:156:19:156:27 | concatted | -| TaintedPath.js:155:19:155:38 | prefix.concat(split) | TaintedPath.js:155:7:155:38 | concatted | -| TaintedPath.js:155:19:155:38 | prefix.concat(split) | TaintedPath.js:155:7:155:38 | concatted | -| TaintedPath.js:155:19:155:38 | prefix.concat(split) | TaintedPath.js:155:7:155:38 | concatted | -| TaintedPath.js:155:19:155:38 | prefix.concat(split) | TaintedPath.js:155:7:155:38 | concatted | -| TaintedPath.js:155:33:155:37 | split | TaintedPath.js:155:19:155:38 | prefix.concat(split) | -| TaintedPath.js:155:33:155:37 | split | TaintedPath.js:155:19:155:38 | prefix.concat(split) | -| TaintedPath.js:155:33:155:37 | split | TaintedPath.js:155:19:155:38 | prefix.concat(split) | -| TaintedPath.js:155:33:155:37 | split | TaintedPath.js:155:19:155:38 | prefix.concat(split) | -| TaintedPath.js:156:19:156:27 | concatted | TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:27 | concatted | TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:27 | concatted | TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:27 | concatted | TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:27 | concatted | TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:27 | concatted | TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:27 | concatted | TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:27 | concatted | TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:27 | concatted | TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:27 | concatted | TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:27 | concatted | TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:27 | concatted | TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:27 | concatted | TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:27 | concatted | TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:27 | concatted | TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:156:19:156:27 | concatted | TaintedPath.js:156:19:156:37 | concatted.join("/") | -| TaintedPath.js:158:7:158:39 | concatted2 | TaintedPath.js:159:19:159:28 | concatted2 | -| TaintedPath.js:158:7:158:39 | concatted2 | TaintedPath.js:159:19:159:28 | concatted2 | -| TaintedPath.js:158:7:158:39 | concatted2 | TaintedPath.js:159:19:159:28 | concatted2 | -| TaintedPath.js:158:7:158:39 | concatted2 | TaintedPath.js:159:19:159:28 | concatted2 | -| TaintedPath.js:158:20:158:24 | split | TaintedPath.js:158:20:158:39 | split.concat(prefix) | -| TaintedPath.js:158:20:158:24 | split | TaintedPath.js:158:20:158:39 | split.concat(prefix) | -| TaintedPath.js:158:20:158:24 | split | TaintedPath.js:158:20:158:39 | split.concat(prefix) | -| TaintedPath.js:158:20:158:24 | split | TaintedPath.js:158:20:158:39 | split.concat(prefix) | -| TaintedPath.js:158:20:158:39 | split.concat(prefix) | TaintedPath.js:158:7:158:39 | concatted2 | -| TaintedPath.js:158:20:158:39 | split.concat(prefix) | TaintedPath.js:158:7:158:39 | concatted2 | -| TaintedPath.js:158:20:158:39 | split.concat(prefix) | TaintedPath.js:158:7:158:39 | concatted2 | -| TaintedPath.js:158:20:158:39 | split.concat(prefix) | TaintedPath.js:158:7:158:39 | concatted2 | -| TaintedPath.js:159:19:159:28 | concatted2 | TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:28 | concatted2 | TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:28 | concatted2 | TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:28 | concatted2 | TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:28 | concatted2 | TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:28 | concatted2 | TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:28 | concatted2 | TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:28 | concatted2 | TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:28 | concatted2 | TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:28 | concatted2 | TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:28 | concatted2 | TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:28 | concatted2 | TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:28 | concatted2 | TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:28 | concatted2 | TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:28 | concatted2 | TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:159:19:159:28 | concatted2 | TaintedPath.js:159:19:159:38 | concatted2.join("/") | -| TaintedPath.js:161:19:161:23 | split | TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:23 | split | TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:23 | split | TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:23 | split | TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:23 | split | TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:23 | split | TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:23 | split | TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:23 | split | TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:23 | split | TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:23 | split | TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:23 | split | TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:23 | split | TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:23 | split | TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:23 | split | TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:23 | split | TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:161:19:161:23 | split | TaintedPath.js:161:19:161:29 | split.pop() | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:170:29:170:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:176:29:176:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:176:29:176:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:176:29:176:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:176:29:176:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:176:29:176:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:176:29:176:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:176:29:176:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:176:29:176:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:177:29:177:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:177:29:177:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:177:29:177:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:177:29:177:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:177:29:177:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:177:29:177:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:177:29:177:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:177:29:177:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:178:29:178:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:178:29:178:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:178:29:178:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:178:29:178:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:178:29:178:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:178:29:178:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:178:29:178:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:178:29:178:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:179:29:179:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:179:29:179:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:179:29:179:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:179:29:179:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:179:29:179:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:179:29:179:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:179:29:179:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:179:29:179:32 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:194:40:194:43 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:194:40:194:43 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:194:40:194:43 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:194:40:194:43 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:194:40:194:43 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:194:40:194:43 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:194:40:194:43 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:194:40:194:43 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:195:50:195:53 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:195:50:195:53 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:195:50:195:53 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:195:50:195:53 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:195:50:195:53 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:195:50:195:53 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:195:50:195:53 | path | -| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:195:50:195:53 | path | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:37 | url.par ... , true) | TaintedPath.js:166:14:166:43 | url.par ... ).query | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:43 | url.par ... ).query | TaintedPath.js:166:14:166:48 | url.par ... ry.path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:14:166:48 | url.par ... ry.path | TaintedPath.js:166:7:166:48 | path | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | -| TaintedPath.js:176:29:176:32 | path | TaintedPath.js:176:29:176:52 | path.re ... /g, '') | -| TaintedPath.js:176:29:176:32 | path | TaintedPath.js:176:29:176:52 | path.re ... /g, '') | -| TaintedPath.js:176:29:176:32 | path | TaintedPath.js:176:29:176:52 | path.re ... /g, '') | -| TaintedPath.js:176:29:176:32 | path | TaintedPath.js:176:29:176:52 | path.re ... /g, '') | -| TaintedPath.js:176:29:176:32 | path | TaintedPath.js:176:29:176:52 | path.re ... /g, '') | -| TaintedPath.js:176:29:176:32 | path | TaintedPath.js:176:29:176:52 | path.re ... /g, '') | -| TaintedPath.js:176:29:176:32 | path | TaintedPath.js:176:29:176:52 | path.re ... /g, '') | -| TaintedPath.js:176:29:176:32 | path | TaintedPath.js:176:29:176:52 | path.re ... /g, '') | -| TaintedPath.js:176:29:176:32 | path | TaintedPath.js:176:29:176:52 | path.re ... /g, '') | -| TaintedPath.js:176:29:176:32 | path | TaintedPath.js:176:29:176:52 | path.re ... /g, '') | -| TaintedPath.js:176:29:176:32 | path | TaintedPath.js:176:29:176:52 | path.re ... /g, '') | -| TaintedPath.js:176:29:176:32 | path | TaintedPath.js:176:29:176:52 | path.re ... /g, '') | -| TaintedPath.js:176:29:176:32 | path | TaintedPath.js:176:29:176:52 | path.re ... /g, '') | -| TaintedPath.js:176:29:176:32 | path | TaintedPath.js:176:29:176:52 | path.re ... /g, '') | -| TaintedPath.js:176:29:176:32 | path | TaintedPath.js:176:29:176:52 | path.re ... /g, '') | -| TaintedPath.js:176:29:176:32 | path | TaintedPath.js:176:29:176:52 | path.re ... /g, '') | -| TaintedPath.js:177:29:177:32 | path | TaintedPath.js:177:29:177:53 | path.re ... /g, '') | -| TaintedPath.js:177:29:177:32 | path | TaintedPath.js:177:29:177:53 | path.re ... /g, '') | -| TaintedPath.js:177:29:177:32 | path | TaintedPath.js:177:29:177:53 | path.re ... /g, '') | -| TaintedPath.js:177:29:177:32 | path | TaintedPath.js:177:29:177:53 | path.re ... /g, '') | -| TaintedPath.js:177:29:177:32 | path | TaintedPath.js:177:29:177:53 | path.re ... /g, '') | -| TaintedPath.js:177:29:177:32 | path | TaintedPath.js:177:29:177:53 | path.re ... /g, '') | -| TaintedPath.js:177:29:177:32 | path | TaintedPath.js:177:29:177:53 | path.re ... /g, '') | -| TaintedPath.js:177:29:177:32 | path | TaintedPath.js:177:29:177:53 | path.re ... /g, '') | -| TaintedPath.js:177:29:177:32 | path | TaintedPath.js:177:29:177:53 | path.re ... /g, '') | -| TaintedPath.js:177:29:177:32 | path | TaintedPath.js:177:29:177:53 | path.re ... /g, '') | -| TaintedPath.js:177:29:177:32 | path | TaintedPath.js:177:29:177:53 | path.re ... /g, '') | -| TaintedPath.js:177:29:177:32 | path | TaintedPath.js:177:29:177:53 | path.re ... /g, '') | -| TaintedPath.js:177:29:177:32 | path | TaintedPath.js:177:29:177:53 | path.re ... /g, '') | -| TaintedPath.js:177:29:177:32 | path | TaintedPath.js:177:29:177:53 | path.re ... /g, '') | -| TaintedPath.js:177:29:177:32 | path | TaintedPath.js:177:29:177:53 | path.re ... /g, '') | -| TaintedPath.js:177:29:177:32 | path | TaintedPath.js:177:29:177:53 | path.re ... /g, '') | -| TaintedPath.js:178:29:178:32 | path | TaintedPath.js:178:29:178:51 | path.re ... /g, '') | -| TaintedPath.js:178:29:178:32 | path | TaintedPath.js:178:29:178:51 | path.re ... /g, '') | -| TaintedPath.js:178:29:178:32 | path | TaintedPath.js:178:29:178:51 | path.re ... /g, '') | -| TaintedPath.js:178:29:178:32 | path | TaintedPath.js:178:29:178:51 | path.re ... /g, '') | -| TaintedPath.js:178:29:178:32 | path | TaintedPath.js:178:29:178:51 | path.re ... /g, '') | -| TaintedPath.js:178:29:178:32 | path | TaintedPath.js:178:29:178:51 | path.re ... /g, '') | -| TaintedPath.js:178:29:178:32 | path | TaintedPath.js:178:29:178:51 | path.re ... /g, '') | -| TaintedPath.js:178:29:178:32 | path | TaintedPath.js:178:29:178:51 | path.re ... /g, '') | -| TaintedPath.js:178:29:178:32 | path | TaintedPath.js:178:29:178:51 | path.re ... /g, '') | -| TaintedPath.js:178:29:178:32 | path | TaintedPath.js:178:29:178:51 | path.re ... /g, '') | -| TaintedPath.js:178:29:178:32 | path | TaintedPath.js:178:29:178:51 | path.re ... /g, '') | -| TaintedPath.js:178:29:178:32 | path | TaintedPath.js:178:29:178:51 | path.re ... /g, '') | -| TaintedPath.js:178:29:178:32 | path | TaintedPath.js:178:29:178:51 | path.re ... /g, '') | -| TaintedPath.js:178:29:178:32 | path | TaintedPath.js:178:29:178:51 | path.re ... /g, '') | -| TaintedPath.js:178:29:178:32 | path | TaintedPath.js:178:29:178:51 | path.re ... /g, '') | -| TaintedPath.js:178:29:178:32 | path | TaintedPath.js:178:29:178:51 | path.re ... /g, '') | -| TaintedPath.js:179:29:179:32 | path | TaintedPath.js:179:29:179:57 | path.re ... /g, '') | -| TaintedPath.js:179:29:179:32 | path | TaintedPath.js:179:29:179:57 | path.re ... /g, '') | -| TaintedPath.js:179:29:179:32 | path | TaintedPath.js:179:29:179:57 | path.re ... /g, '') | -| TaintedPath.js:179:29:179:32 | path | TaintedPath.js:179:29:179:57 | path.re ... /g, '') | -| TaintedPath.js:179:29:179:32 | path | TaintedPath.js:179:29:179:57 | path.re ... /g, '') | -| TaintedPath.js:179:29:179:32 | path | TaintedPath.js:179:29:179:57 | path.re ... /g, '') | -| TaintedPath.js:179:29:179:32 | path | TaintedPath.js:179:29:179:57 | path.re ... /g, '') | -| TaintedPath.js:179:29:179:32 | path | TaintedPath.js:179:29:179:57 | path.re ... /g, '') | -| TaintedPath.js:179:29:179:32 | path | TaintedPath.js:179:29:179:57 | path.re ... /g, '') | -| TaintedPath.js:179:29:179:32 | path | TaintedPath.js:179:29:179:57 | path.re ... /g, '') | -| TaintedPath.js:179:29:179:32 | path | TaintedPath.js:179:29:179:57 | path.re ... /g, '') | -| TaintedPath.js:179:29:179:32 | path | TaintedPath.js:179:29:179:57 | path.re ... /g, '') | -| TaintedPath.js:179:29:179:32 | path | TaintedPath.js:179:29:179:57 | path.re ... /g, '') | -| TaintedPath.js:179:29:179:32 | path | TaintedPath.js:179:29:179:57 | path.re ... /g, '') | -| TaintedPath.js:179:29:179:32 | path | TaintedPath.js:179:29:179:57 | path.re ... /g, '') | -| TaintedPath.js:179:29:179:32 | path | TaintedPath.js:179:29:179:57 | path.re ... /g, '') | -| TaintedPath.js:194:40:194:43 | path | TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:43 | path | TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:43 | path | TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:43 | path | TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:43 | path | TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:43 | path | TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:43 | path | TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:43 | path | TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:43 | path | TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:43 | path | TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:43 | path | TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:43 | path | TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:43 | path | TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:43 | path | TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:43 | path | TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:43 | path | TaintedPath.js:194:40:194:73 | path.re ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | -| TaintedPath.js:195:29:195:54 | pathMod ... e(path) | TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | -| TaintedPath.js:195:29:195:54 | pathMod ... e(path) | TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | -| TaintedPath.js:195:29:195:54 | pathMod ... e(path) | TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | -| TaintedPath.js:195:29:195:54 | pathMod ... e(path) | TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | -| TaintedPath.js:195:29:195:54 | pathMod ... e(path) | TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | -| TaintedPath.js:195:29:195:54 | pathMod ... e(path) | TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | -| TaintedPath.js:195:29:195:54 | pathMod ... e(path) | TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | -| TaintedPath.js:195:29:195:54 | pathMod ... e(path) | TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | -| TaintedPath.js:195:50:195:53 | path | TaintedPath.js:195:29:195:54 | pathMod ... e(path) | -| TaintedPath.js:195:50:195:53 | path | TaintedPath.js:195:29:195:54 | pathMod ... e(path) | -| TaintedPath.js:195:50:195:53 | path | TaintedPath.js:195:29:195:54 | pathMod ... e(path) | -| TaintedPath.js:195:50:195:53 | path | TaintedPath.js:195:29:195:54 | pathMod ... e(path) | -| TaintedPath.js:195:50:195:53 | path | TaintedPath.js:195:29:195:54 | pathMod ... e(path) | -| TaintedPath.js:195:50:195:53 | path | TaintedPath.js:195:29:195:54 | pathMod ... e(path) | -| TaintedPath.js:195:50:195:53 | path | TaintedPath.js:195:29:195:54 | pathMod ... e(path) | -| TaintedPath.js:195:50:195:53 | path | TaintedPath.js:195:29:195:54 | pathMod ... e(path) | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | -| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | -| express.js:8:20:8:32 | req.query.bar | express.js:8:20:8:32 | req.query.bar | -| handlebars.js:10:51:10:58 | filePath | handlebars.js:11:32:11:39 | filePath | -| handlebars.js:10:51:10:58 | filePath | handlebars.js:11:32:11:39 | filePath | -| handlebars.js:10:51:10:58 | filePath | handlebars.js:11:32:11:39 | filePath | -| handlebars.js:10:51:10:58 | filePath | handlebars.js:11:32:11:39 | filePath | -| handlebars.js:10:51:10:58 | filePath | handlebars.js:11:32:11:39 | filePath | -| handlebars.js:10:51:10:58 | filePath | handlebars.js:11:32:11:39 | filePath | -| handlebars.js:10:51:10:58 | filePath | handlebars.js:11:32:11:39 | filePath | -| handlebars.js:10:51:10:58 | filePath | handlebars.js:11:32:11:39 | filePath | -| handlebars.js:13:73:13:80 | filePath | handlebars.js:15:25:15:32 | filePath | -| handlebars.js:13:73:13:80 | filePath | handlebars.js:15:25:15:32 | filePath | -| handlebars.js:13:73:13:80 | filePath | handlebars.js:15:25:15:32 | filePath | -| handlebars.js:13:73:13:80 | filePath | handlebars.js:15:25:15:32 | filePath | -| handlebars.js:13:73:13:80 | filePath | handlebars.js:15:25:15:32 | filePath | -| handlebars.js:13:73:13:80 | filePath | handlebars.js:15:25:15:32 | filePath | -| handlebars.js:13:73:13:80 | filePath | handlebars.js:15:25:15:32 | filePath | -| handlebars.js:13:73:13:80 | filePath | handlebars.js:15:25:15:32 | filePath | -| handlebars.js:29:46:29:60 | req.params.path | handlebars.js:10:51:10:58 | filePath | -| handlebars.js:29:46:29:60 | req.params.path | handlebars.js:10:51:10:58 | filePath | -| handlebars.js:29:46:29:60 | req.params.path | handlebars.js:10:51:10:58 | filePath | -| handlebars.js:29:46:29:60 | req.params.path | handlebars.js:10:51:10:58 | filePath | -| handlebars.js:29:46:29:60 | req.params.path | handlebars.js:10:51:10:58 | filePath | -| handlebars.js:29:46:29:60 | req.params.path | handlebars.js:10:51:10:58 | filePath | -| handlebars.js:29:46:29:60 | req.params.path | handlebars.js:10:51:10:58 | filePath | -| handlebars.js:29:46:29:60 | req.params.path | handlebars.js:10:51:10:58 | filePath | -| handlebars.js:43:15:43:29 | req.params.path | handlebars.js:13:73:13:80 | filePath | -| handlebars.js:43:15:43:29 | req.params.path | handlebars.js:13:73:13:80 | filePath | -| handlebars.js:43:15:43:29 | req.params.path | handlebars.js:13:73:13:80 | filePath | -| handlebars.js:43:15:43:29 | req.params.path | handlebars.js:13:73:13:80 | filePath | -| handlebars.js:43:15:43:29 | req.params.path | handlebars.js:13:73:13:80 | filePath | -| handlebars.js:43:15:43:29 | req.params.path | handlebars.js:13:73:13:80 | filePath | -| handlebars.js:43:15:43:29 | req.params.path | handlebars.js:13:73:13:80 | filePath | -| handlebars.js:43:15:43:29 | req.params.path | handlebars.js:13:73:13:80 | filePath | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:13:19:13:22 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:13:19:13:22 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:13:19:13:22 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:13:19:13:22 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:13:19:13:22 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:13:19:13:22 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:13:19:13:22 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:13:19:13:22 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:14:26:14:29 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:14:26:14:29 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:14:26:14:29 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:15:19:15:22 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:15:19:15:22 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:15:19:15:22 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:15:19:15:22 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:16:35:16:38 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:16:35:16:38 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:16:35:16:38 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:16:35:16:38 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:17:53:17:56 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:17:53:17:56 | path | -| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:17:53:17:56 | path | -| normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:11:7:11:27 | path | -| normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:11:7:11:27 | path | -| normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:11:7:11:27 | path | -| normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:11:7:11:27 | path | -| normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:11:7:11:27 | path | -| normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:11:7:11:27 | path | -| normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:11:7:11:27 | path | -| normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:11:7:11:27 | path | -| normalizedPaths.js:14:26:14:29 | path | normalizedPaths.js:14:19:14:29 | './' + path | -| normalizedPaths.js:14:26:14:29 | path | normalizedPaths.js:14:19:14:29 | './' + path | -| normalizedPaths.js:14:26:14:29 | path | normalizedPaths.js:14:19:14:29 | './' + path | -| normalizedPaths.js:14:26:14:29 | path | normalizedPaths.js:14:19:14:29 | './' + path | -| normalizedPaths.js:14:26:14:29 | path | normalizedPaths.js:14:19:14:29 | './' + path | -| normalizedPaths.js:14:26:14:29 | path | normalizedPaths.js:14:19:14:29 | './' + path | -| normalizedPaths.js:15:19:15:22 | path | normalizedPaths.js:15:19:15:38 | path + '/index.html' | -| normalizedPaths.js:15:19:15:22 | path | normalizedPaths.js:15:19:15:38 | path + '/index.html' | -| normalizedPaths.js:15:19:15:22 | path | normalizedPaths.js:15:19:15:38 | path + '/index.html' | -| normalizedPaths.js:15:19:15:22 | path | normalizedPaths.js:15:19:15:38 | path + '/index.html' | -| normalizedPaths.js:15:19:15:22 | path | normalizedPaths.js:15:19:15:38 | path + '/index.html' | -| normalizedPaths.js:15:19:15:22 | path | normalizedPaths.js:15:19:15:38 | path + '/index.html' | -| normalizedPaths.js:15:19:15:22 | path | normalizedPaths.js:15:19:15:38 | path + '/index.html' | -| normalizedPaths.js:15:19:15:22 | path | normalizedPaths.js:15:19:15:38 | path + '/index.html' | -| normalizedPaths.js:16:35:16:38 | path | normalizedPaths.js:16:19:16:53 | pathMod ... .html') | -| normalizedPaths.js:16:35:16:38 | path | normalizedPaths.js:16:19:16:53 | pathMod ... .html') | -| normalizedPaths.js:16:35:16:38 | path | normalizedPaths.js:16:19:16:53 | pathMod ... .html') | -| normalizedPaths.js:16:35:16:38 | path | normalizedPaths.js:16:19:16:53 | pathMod ... .html') | -| normalizedPaths.js:16:35:16:38 | path | normalizedPaths.js:16:19:16:53 | pathMod ... .html') | -| normalizedPaths.js:16:35:16:38 | path | normalizedPaths.js:16:19:16:53 | pathMod ... .html') | -| normalizedPaths.js:16:35:16:38 | path | normalizedPaths.js:16:19:16:53 | pathMod ... .html') | -| normalizedPaths.js:16:35:16:38 | path | normalizedPaths.js:16:19:16:53 | pathMod ... .html') | -| normalizedPaths.js:17:53:17:56 | path | normalizedPaths.js:17:19:17:57 | pathMod ... , path) | -| normalizedPaths.js:17:53:17:56 | path | normalizedPaths.js:17:19:17:57 | pathMod ... , path) | -| normalizedPaths.js:17:53:17:56 | path | normalizedPaths.js:17:19:17:57 | pathMod ... , path) | -| normalizedPaths.js:17:53:17:56 | path | normalizedPaths.js:17:19:17:57 | pathMod ... , path) | -| normalizedPaths.js:17:53:17:56 | path | normalizedPaths.js:17:19:17:57 | pathMod ... , path) | -| normalizedPaths.js:17:53:17:56 | path | normalizedPaths.js:17:19:17:57 | pathMod ... , path) | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:23:19:23:22 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:23:19:23:22 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:23:19:23:22 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:23:19:23:22 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:23:19:23:22 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:23:19:23:22 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:23:19:23:22 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:23:19:23:22 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:24:26:24:29 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:24:26:24:29 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:25:19:25:22 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:25:19:25:22 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:25:19:25:22 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:25:19:25:22 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:26:35:26:38 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:26:35:26:38 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:26:35:26:38 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:26:35:26:38 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:27:53:27:56 | path | -| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:27:53:27:56 | path | -| normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | normalizedPaths.js:21:7:21:49 | path | -| normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | normalizedPaths.js:21:7:21:49 | path | -| normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | normalizedPaths.js:21:7:21:49 | path | -| normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | normalizedPaths.js:21:7:21:49 | path | -| normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | -| normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | -| normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | -| normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | -| normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | -| normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | -| normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | -| normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | -| normalizedPaths.js:24:26:24:29 | path | normalizedPaths.js:24:19:24:29 | './' + path | -| normalizedPaths.js:24:26:24:29 | path | normalizedPaths.js:24:19:24:29 | './' + path | -| normalizedPaths.js:24:26:24:29 | path | normalizedPaths.js:24:19:24:29 | './' + path | -| normalizedPaths.js:24:26:24:29 | path | normalizedPaths.js:24:19:24:29 | './' + path | -| normalizedPaths.js:25:19:25:22 | path | normalizedPaths.js:25:19:25:38 | path + '/index.html' | -| normalizedPaths.js:25:19:25:22 | path | normalizedPaths.js:25:19:25:38 | path + '/index.html' | -| normalizedPaths.js:25:19:25:22 | path | normalizedPaths.js:25:19:25:38 | path + '/index.html' | -| normalizedPaths.js:25:19:25:22 | path | normalizedPaths.js:25:19:25:38 | path + '/index.html' | -| normalizedPaths.js:25:19:25:22 | path | normalizedPaths.js:25:19:25:38 | path + '/index.html' | -| normalizedPaths.js:25:19:25:22 | path | normalizedPaths.js:25:19:25:38 | path + '/index.html' | -| normalizedPaths.js:25:19:25:22 | path | normalizedPaths.js:25:19:25:38 | path + '/index.html' | -| normalizedPaths.js:25:19:25:22 | path | normalizedPaths.js:25:19:25:38 | path + '/index.html' | -| normalizedPaths.js:26:35:26:38 | path | normalizedPaths.js:26:19:26:53 | pathMod ... .html') | -| normalizedPaths.js:26:35:26:38 | path | normalizedPaths.js:26:19:26:53 | pathMod ... .html') | -| normalizedPaths.js:26:35:26:38 | path | normalizedPaths.js:26:19:26:53 | pathMod ... .html') | -| normalizedPaths.js:26:35:26:38 | path | normalizedPaths.js:26:19:26:53 | pathMod ... .html') | -| normalizedPaths.js:26:35:26:38 | path | normalizedPaths.js:26:19:26:53 | pathMod ... .html') | -| normalizedPaths.js:26:35:26:38 | path | normalizedPaths.js:26:19:26:53 | pathMod ... .html') | -| normalizedPaths.js:26:35:26:38 | path | normalizedPaths.js:26:19:26:53 | pathMod ... .html') | -| normalizedPaths.js:26:35:26:38 | path | normalizedPaths.js:26:19:26:53 | pathMod ... .html') | -| normalizedPaths.js:27:53:27:56 | path | normalizedPaths.js:27:19:27:57 | pathMod ... , path) | -| normalizedPaths.js:27:53:27:56 | path | normalizedPaths.js:27:19:27:57 | pathMod ... , path) | -| normalizedPaths.js:27:53:27:56 | path | normalizedPaths.js:27:19:27:57 | pathMod ... , path) | -| normalizedPaths.js:27:53:27:56 | path | normalizedPaths.js:27:19:27:57 | pathMod ... , path) | -| normalizedPaths.js:31:7:31:49 | path | normalizedPaths.js:36:19:36:22 | path | -| normalizedPaths.js:31:7:31:49 | path | normalizedPaths.js:36:19:36:22 | path | -| normalizedPaths.js:31:7:31:49 | path | normalizedPaths.js:36:19:36:22 | path | -| normalizedPaths.js:31:7:31:49 | path | normalizedPaths.js:36:19:36:22 | path | -| normalizedPaths.js:31:7:31:49 | path | normalizedPaths.js:41:21:41:24 | path | -| normalizedPaths.js:31:7:31:49 | path | normalizedPaths.js:41:21:41:24 | path | -| normalizedPaths.js:31:7:31:49 | path | normalizedPaths.js:41:21:41:24 | path | -| normalizedPaths.js:31:7:31:49 | path | normalizedPaths.js:41:21:41:24 | path | -| normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | normalizedPaths.js:31:7:31:49 | path | -| normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | normalizedPaths.js:31:7:31:49 | path | -| normalizedPaths.js:31:35:31:48 | req.query.path | normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | -| normalizedPaths.js:31:35:31:48 | req.query.path | normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | -| normalizedPaths.js:31:35:31:48 | req.query.path | normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | -| normalizedPaths.js:31:35:31:48 | req.query.path | normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | -| normalizedPaths.js:54:7:54:49 | path | normalizedPaths.js:59:19:59:22 | path | -| normalizedPaths.js:54:7:54:49 | path | normalizedPaths.js:59:19:59:22 | path | -| normalizedPaths.js:54:7:54:49 | path | normalizedPaths.js:59:19:59:22 | path | -| normalizedPaths.js:54:7:54:49 | path | normalizedPaths.js:59:19:59:22 | path | -| normalizedPaths.js:54:7:54:49 | path | normalizedPaths.js:63:19:63:22 | path | -| normalizedPaths.js:54:7:54:49 | path | normalizedPaths.js:63:19:63:22 | path | -| normalizedPaths.js:54:7:54:49 | path | normalizedPaths.js:68:21:68:24 | path | -| normalizedPaths.js:54:7:54:49 | path | normalizedPaths.js:68:21:68:24 | path | -| normalizedPaths.js:54:7:54:49 | path | normalizedPaths.js:68:21:68:24 | path | -| normalizedPaths.js:54:7:54:49 | path | normalizedPaths.js:68:21:68:24 | path | -| normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | normalizedPaths.js:54:7:54:49 | path | -| normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | normalizedPaths.js:54:7:54:49 | path | -| normalizedPaths.js:54:35:54:48 | req.query.path | normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | -| normalizedPaths.js:54:35:54:48 | req.query.path | normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | -| normalizedPaths.js:54:35:54:48 | req.query.path | normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | -| normalizedPaths.js:54:35:54:48 | req.query.path | normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | -| normalizedPaths.js:63:19:63:22 | path | normalizedPaths.js:63:19:63:38 | path + "/index.html" | -| normalizedPaths.js:63:19:63:22 | path | normalizedPaths.js:63:19:63:38 | path + "/index.html" | -| normalizedPaths.js:63:19:63:22 | path | normalizedPaths.js:63:19:63:38 | path + "/index.html" | -| normalizedPaths.js:63:19:63:22 | path | normalizedPaths.js:63:19:63:38 | path + "/index.html" | -| normalizedPaths.js:73:7:73:56 | path | normalizedPaths.js:78:22:78:25 | path | -| normalizedPaths.js:73:7:73:56 | path | normalizedPaths.js:78:22:78:25 | path | -| normalizedPaths.js:73:7:73:56 | path | normalizedPaths.js:78:22:78:25 | path | -| normalizedPaths.js:73:7:73:56 | path | normalizedPaths.js:78:22:78:25 | path | -| normalizedPaths.js:73:7:73:56 | path | normalizedPaths.js:78:22:78:25 | path | -| normalizedPaths.js:73:7:73:56 | path | normalizedPaths.js:78:22:78:25 | path | -| normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | normalizedPaths.js:73:7:73:56 | path | -| normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | normalizedPaths.js:73:7:73:56 | path | -| normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | normalizedPaths.js:73:7:73:56 | path | -| normalizedPaths.js:73:35:73:55 | './' + ... ry.path | normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | -| normalizedPaths.js:73:35:73:55 | './' + ... ry.path | normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | -| normalizedPaths.js:73:35:73:55 | './' + ... ry.path | normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | -| normalizedPaths.js:73:42:73:55 | req.query.path | normalizedPaths.js:73:35:73:55 | './' + ... ry.path | -| normalizedPaths.js:73:42:73:55 | req.query.path | normalizedPaths.js:73:35:73:55 | './' + ... ry.path | -| normalizedPaths.js:73:42:73:55 | req.query.path | normalizedPaths.js:73:35:73:55 | './' + ... ry.path | -| normalizedPaths.js:73:42:73:55 | req.query.path | normalizedPaths.js:73:35:73:55 | './' + ... ry.path | -| normalizedPaths.js:73:42:73:55 | req.query.path | normalizedPaths.js:73:35:73:55 | './' + ... ry.path | -| normalizedPaths.js:73:42:73:55 | req.query.path | normalizedPaths.js:73:35:73:55 | './' + ... ry.path | -| normalizedPaths.js:82:7:82:27 | path | normalizedPaths.js:87:29:87:32 | path | -| normalizedPaths.js:82:7:82:27 | path | normalizedPaths.js:87:29:87:32 | path | -| normalizedPaths.js:82:7:82:27 | path | normalizedPaths.js:87:29:87:32 | path | -| normalizedPaths.js:82:7:82:27 | path | normalizedPaths.js:87:29:87:32 | path | -| normalizedPaths.js:82:7:82:27 | path | normalizedPaths.js:90:31:90:34 | path | -| normalizedPaths.js:82:7:82:27 | path | normalizedPaths.js:90:31:90:34 | path | -| normalizedPaths.js:82:14:82:27 | req.query.path | normalizedPaths.js:82:7:82:27 | path | -| normalizedPaths.js:82:14:82:27 | req.query.path | normalizedPaths.js:82:7:82:27 | path | -| normalizedPaths.js:82:14:82:27 | req.query.path | normalizedPaths.js:82:7:82:27 | path | -| normalizedPaths.js:82:14:82:27 | req.query.path | normalizedPaths.js:82:7:82:27 | path | -| normalizedPaths.js:94:7:94:49 | path | normalizedPaths.js:99:29:99:32 | path | -| normalizedPaths.js:94:7:94:49 | path | normalizedPaths.js:99:29:99:32 | path | -| normalizedPaths.js:94:7:94:49 | path | normalizedPaths.js:99:29:99:32 | path | -| normalizedPaths.js:94:7:94:49 | path | normalizedPaths.js:99:29:99:32 | path | -| normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | normalizedPaths.js:94:7:94:49 | path | -| normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | normalizedPaths.js:94:7:94:49 | path | -| normalizedPaths.js:94:35:94:48 | req.query.path | normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | -| normalizedPaths.js:94:35:94:48 | req.query.path | normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | -| normalizedPaths.js:94:35:94:48 | req.query.path | normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | -| normalizedPaths.js:94:35:94:48 | req.query.path | normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | -| normalizedPaths.js:117:7:117:44 | path | normalizedPaths.js:119:19:119:22 | path | -| normalizedPaths.js:117:7:117:44 | path | normalizedPaths.js:119:19:119:22 | path | -| normalizedPaths.js:117:7:117:44 | path | normalizedPaths.js:119:19:119:22 | path | -| normalizedPaths.js:117:7:117:44 | path | normalizedPaths.js:119:19:119:22 | path | -| normalizedPaths.js:117:7:117:44 | path | normalizedPaths.js:119:19:119:22 | path | -| normalizedPaths.js:117:7:117:44 | path | normalizedPaths.js:119:19:119:22 | path | -| normalizedPaths.js:117:7:117:44 | path | normalizedPaths.js:119:19:119:22 | path | -| normalizedPaths.js:117:7:117:44 | path | normalizedPaths.js:119:19:119:22 | path | -| normalizedPaths.js:117:7:117:44 | path | normalizedPaths.js:120:35:120:38 | path | -| normalizedPaths.js:117:7:117:44 | path | normalizedPaths.js:120:35:120:38 | path | -| normalizedPaths.js:117:7:117:44 | path | normalizedPaths.js:120:35:120:38 | path | -| normalizedPaths.js:117:7:117:44 | path | normalizedPaths.js:120:35:120:38 | path | -| normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | normalizedPaths.js:117:7:117:44 | path | -| normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | normalizedPaths.js:117:7:117:44 | path | -| normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | normalizedPaths.js:117:7:117:44 | path | -| normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | normalizedPaths.js:117:7:117:44 | path | -| normalizedPaths.js:117:30:117:43 | req.query.path | normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | -| normalizedPaths.js:117:30:117:43 | req.query.path | normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | -| normalizedPaths.js:117:30:117:43 | req.query.path | normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | -| normalizedPaths.js:117:30:117:43 | req.query.path | normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | -| normalizedPaths.js:117:30:117:43 | req.query.path | normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | -| normalizedPaths.js:117:30:117:43 | req.query.path | normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | -| normalizedPaths.js:117:30:117:43 | req.query.path | normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | -| normalizedPaths.js:117:30:117:43 | req.query.path | normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | -| normalizedPaths.js:120:35:120:38 | path | normalizedPaths.js:120:19:120:53 | pathMod ... .html') | -| normalizedPaths.js:120:35:120:38 | path | normalizedPaths.js:120:19:120:53 | pathMod ... .html') | -| normalizedPaths.js:120:35:120:38 | path | normalizedPaths.js:120:19:120:53 | pathMod ... .html') | -| normalizedPaths.js:120:35:120:38 | path | normalizedPaths.js:120:19:120:53 | pathMod ... .html') | -| normalizedPaths.js:120:35:120:38 | path | normalizedPaths.js:120:19:120:53 | pathMod ... .html') | -| normalizedPaths.js:120:35:120:38 | path | normalizedPaths.js:120:19:120:53 | pathMod ... .html') | -| normalizedPaths.js:120:35:120:38 | path | normalizedPaths.js:120:19:120:53 | pathMod ... .html') | -| normalizedPaths.js:120:35:120:38 | path | normalizedPaths.js:120:19:120:53 | pathMod ... .html') | -| normalizedPaths.js:130:7:130:49 | path | normalizedPaths.js:135:21:135:24 | path | -| normalizedPaths.js:130:7:130:49 | path | normalizedPaths.js:135:21:135:24 | path | -| normalizedPaths.js:130:7:130:49 | path | normalizedPaths.js:135:21:135:24 | path | -| normalizedPaths.js:130:7:130:49 | path | normalizedPaths.js:135:21:135:24 | path | -| normalizedPaths.js:130:7:130:49 | path | normalizedPaths.js:135:21:135:24 | path | -| normalizedPaths.js:130:7:130:49 | path | normalizedPaths.js:135:21:135:24 | path | -| normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | normalizedPaths.js:130:7:130:49 | path | -| normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | normalizedPaths.js:130:7:130:49 | path | -| normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | normalizedPaths.js:130:7:130:49 | path | -| normalizedPaths.js:130:35:130:48 | req.query.path | normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | -| normalizedPaths.js:130:35:130:48 | req.query.path | normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | -| normalizedPaths.js:130:35:130:48 | req.query.path | normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | -| normalizedPaths.js:130:35:130:48 | req.query.path | normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | -| normalizedPaths.js:130:35:130:48 | req.query.path | normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | -| normalizedPaths.js:130:35:130:48 | req.query.path | normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | -| normalizedPaths.js:139:7:139:62 | path | normalizedPaths.js:144:21:144:24 | path | -| normalizedPaths.js:139:7:139:62 | path | normalizedPaths.js:144:21:144:24 | path | -| normalizedPaths.js:139:7:139:62 | path | normalizedPaths.js:144:21:144:24 | path | -| normalizedPaths.js:139:7:139:62 | path | normalizedPaths.js:144:21:144:24 | path | -| normalizedPaths.js:139:7:139:62 | path | normalizedPaths.js:144:21:144:24 | path | -| normalizedPaths.js:139:7:139:62 | path | normalizedPaths.js:144:21:144:24 | path | -| normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | normalizedPaths.js:139:7:139:62 | path | -| normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | normalizedPaths.js:139:7:139:62 | path | -| normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | normalizedPaths.js:139:7:139:62 | path | -| normalizedPaths.js:139:48:139:61 | req.query.path | normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | -| normalizedPaths.js:139:48:139:61 | req.query.path | normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | -| normalizedPaths.js:139:48:139:61 | req.query.path | normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | -| normalizedPaths.js:139:48:139:61 | req.query.path | normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | -| normalizedPaths.js:139:48:139:61 | req.query.path | normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | -| normalizedPaths.js:139:48:139:61 | req.query.path | normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | -| normalizedPaths.js:148:7:148:58 | path | normalizedPaths.js:151:21:151:24 | path | -| normalizedPaths.js:148:7:148:58 | path | normalizedPaths.js:151:21:151:24 | path | -| normalizedPaths.js:148:7:148:58 | path | normalizedPaths.js:151:21:151:24 | path | -| normalizedPaths.js:148:7:148:58 | path | normalizedPaths.js:151:21:151:24 | path | -| normalizedPaths.js:148:7:148:58 | path | normalizedPaths.js:153:21:153:24 | path | -| normalizedPaths.js:148:7:148:58 | path | normalizedPaths.js:153:21:153:24 | path | -| normalizedPaths.js:148:7:148:58 | path | normalizedPaths.js:153:21:153:24 | path | -| normalizedPaths.js:148:7:148:58 | path | normalizedPaths.js:153:21:153:24 | path | -| normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | normalizedPaths.js:148:7:148:58 | path | -| normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | normalizedPaths.js:148:7:148:58 | path | -| normalizedPaths.js:148:23:148:58 | pathMod ... y.path) | normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | -| normalizedPaths.js:148:23:148:58 | pathMod ... y.path) | normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | -| normalizedPaths.js:148:44:148:57 | req.query.path | normalizedPaths.js:148:23:148:58 | pathMod ... y.path) | -| normalizedPaths.js:148:44:148:57 | req.query.path | normalizedPaths.js:148:23:148:58 | pathMod ... y.path) | -| normalizedPaths.js:148:44:148:57 | req.query.path | normalizedPaths.js:148:23:148:58 | pathMod ... y.path) | -| normalizedPaths.js:148:44:148:57 | req.query.path | normalizedPaths.js:148:23:148:58 | pathMod ... y.path) | -| normalizedPaths.js:160:7:160:49 | path | normalizedPaths.js:165:19:165:22 | path | -| normalizedPaths.js:160:7:160:49 | path | normalizedPaths.js:165:19:165:22 | path | -| normalizedPaths.js:160:7:160:49 | path | normalizedPaths.js:165:19:165:22 | path | -| normalizedPaths.js:160:7:160:49 | path | normalizedPaths.js:165:19:165:22 | path | -| normalizedPaths.js:160:7:160:49 | path | normalizedPaths.js:170:21:170:24 | path | -| normalizedPaths.js:160:7:160:49 | path | normalizedPaths.js:170:21:170:24 | path | -| normalizedPaths.js:160:7:160:49 | path | normalizedPaths.js:170:21:170:24 | path | -| normalizedPaths.js:160:7:160:49 | path | normalizedPaths.js:170:21:170:24 | path | -| normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | normalizedPaths.js:160:7:160:49 | path | -| normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | normalizedPaths.js:160:7:160:49 | path | -| normalizedPaths.js:160:35:160:48 | req.query.path | normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | -| normalizedPaths.js:160:35:160:48 | req.query.path | normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | -| normalizedPaths.js:160:35:160:48 | req.query.path | normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | -| normalizedPaths.js:160:35:160:48 | req.query.path | normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:184:19:184:22 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:184:19:184:22 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:184:19:184:22 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:184:19:184:22 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:184:19:184:22 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:184:19:184:22 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:184:19:184:22 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:184:19:184:22 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:187:21:187:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:187:21:187:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:187:21:187:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:187:21:187:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:189:21:189:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:189:21:189:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:189:21:189:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:189:21:189:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:192:21:192:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:192:21:192:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:192:21:192:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:192:21:192:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:192:21:192:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:192:21:192:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:192:21:192:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:192:21:192:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:194:21:194:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:194:21:194:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:199:21:199:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:199:21:199:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:199:21:199:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:199:21:199:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:199:21:199:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:199:21:199:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:199:21:199:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:199:21:199:24 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:201:45:201:48 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:201:45:201:48 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:201:45:201:48 | path | -| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:201:45:201:48 | path | -| normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:174:7:174:27 | path | -| normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:174:7:174:27 | path | -| normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:174:7:174:27 | path | -| normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:174:7:174:27 | path | -| normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:174:7:174:27 | path | -| normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:174:7:174:27 | path | -| normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:174:7:174:27 | path | -| normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:174:7:174:27 | path | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:205:21:205:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:205:21:205:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:205:21:205:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:205:21:205:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:205:21:205:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:205:21:205:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:205:21:205:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:205:21:205:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:208:21:208:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:208:21:208:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:208:21:208:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:208:21:208:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:208:21:208:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:208:21:208:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:208:21:208:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:208:21:208:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:210:21:210:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:210:21:210:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:210:21:210:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:210:21:210:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:210:21:210:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:210:21:210:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:210:21:210:34 | normalizedPath | -| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:210:21:210:34 | normalizedPath | -| normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | normalizedPaths.js:201:7:201:49 | normalizedPath | -| normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | normalizedPaths.js:201:7:201:49 | normalizedPath | -| normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | normalizedPaths.js:201:7:201:49 | normalizedPath | -| normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | normalizedPaths.js:201:7:201:49 | normalizedPath | -| normalizedPaths.js:201:45:201:48 | path | normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | -| normalizedPaths.js:201:45:201:48 | path | normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | -| normalizedPaths.js:201:45:201:48 | path | normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | -| normalizedPaths.js:201:45:201:48 | path | normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | -| normalizedPaths.js:214:7:214:49 | path | normalizedPaths.js:219:29:219:32 | path | -| normalizedPaths.js:214:7:214:49 | path | normalizedPaths.js:219:29:219:32 | path | -| normalizedPaths.js:214:7:214:49 | path | normalizedPaths.js:219:29:219:32 | path | -| normalizedPaths.js:214:7:214:49 | path | normalizedPaths.js:219:29:219:32 | path | -| normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | normalizedPaths.js:214:7:214:49 | path | -| normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | normalizedPaths.js:214:7:214:49 | path | -| normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | normalizedPaths.js:214:7:214:49 | path | -| normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | normalizedPaths.js:214:7:214:49 | path | -| normalizedPaths.js:214:35:214:48 | req.query.path | normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | -| normalizedPaths.js:214:35:214:48 | req.query.path | normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | -| normalizedPaths.js:214:35:214:48 | req.query.path | normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | -| normalizedPaths.js:214:35:214:48 | req.query.path | normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | -| normalizedPaths.js:214:35:214:48 | req.query.path | normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | -| normalizedPaths.js:214:35:214:48 | req.query.path | normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | -| normalizedPaths.js:214:35:214:48 | req.query.path | normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | -| normalizedPaths.js:214:35:214:48 | req.query.path | normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | -| normalizedPaths.js:219:3:219:33 | path | normalizedPaths.js:222:21:222:24 | path | -| normalizedPaths.js:219:3:219:33 | path | normalizedPaths.js:222:21:222:24 | path | -| normalizedPaths.js:219:3:219:33 | path | normalizedPaths.js:222:21:222:24 | path | -| normalizedPaths.js:219:3:219:33 | path | normalizedPaths.js:222:21:222:24 | path | -| normalizedPaths.js:219:3:219:33 | path | normalizedPaths.js:222:21:222:24 | path | -| normalizedPaths.js:219:3:219:33 | path | normalizedPaths.js:222:21:222:24 | path | -| normalizedPaths.js:219:3:219:33 | path | normalizedPaths.js:222:21:222:24 | path | -| normalizedPaths.js:219:3:219:33 | path | normalizedPaths.js:222:21:222:24 | path | -| normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | normalizedPaths.js:219:3:219:33 | path | -| normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | normalizedPaths.js:219:3:219:33 | path | -| normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | normalizedPaths.js:219:3:219:33 | path | -| normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | normalizedPaths.js:219:3:219:33 | path | -| normalizedPaths.js:219:29:219:32 | path | normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | -| normalizedPaths.js:219:29:219:32 | path | normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | -| normalizedPaths.js:219:29:219:32 | path | normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | -| normalizedPaths.js:219:29:219:32 | path | normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | -| normalizedPaths.js:226:7:226:70 | path | normalizedPaths.js:228:21:228:24 | path | -| normalizedPaths.js:226:7:226:70 | path | normalizedPaths.js:228:21:228:24 | path | -| normalizedPaths.js:226:7:226:70 | path | normalizedPaths.js:228:21:228:24 | path | -| normalizedPaths.js:226:7:226:70 | path | normalizedPaths.js:228:21:228:24 | path | -| normalizedPaths.js:226:14:226:49 | pathMod ... y.path) | normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | -| normalizedPaths.js:226:14:226:49 | pathMod ... y.path) | normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | -| normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | normalizedPaths.js:226:7:226:70 | path | -| normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | normalizedPaths.js:226:7:226:70 | path | -| normalizedPaths.js:226:35:226:48 | req.query.path | normalizedPaths.js:226:14:226:49 | pathMod ... y.path) | -| normalizedPaths.js:226:35:226:48 | req.query.path | normalizedPaths.js:226:14:226:49 | pathMod ... y.path) | -| normalizedPaths.js:226:35:226:48 | req.query.path | normalizedPaths.js:226:14:226:49 | pathMod ... y.path) | -| normalizedPaths.js:226:35:226:48 | req.query.path | normalizedPaths.js:226:14:226:49 | pathMod ... y.path) | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:238:19:238:22 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:238:19:238:22 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:238:19:238:22 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:238:19:238:22 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:238:19:238:22 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:238:19:238:22 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:238:19:238:22 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:238:19:238:22 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:245:21:245:24 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:245:21:245:24 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:245:21:245:24 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:245:21:245:24 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:245:21:245:24 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:245:21:245:24 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:245:21:245:24 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:245:21:245:24 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:250:21:250:24 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:250:21:250:24 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:250:21:250:24 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:250:21:250:24 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:250:21:250:24 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:250:21:250:24 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:250:21:250:24 | path | -| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:250:21:250:24 | path | -| normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | normalizedPaths.js:236:7:236:47 | path | -| normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | normalizedPaths.js:236:7:236:47 | path | -| normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | normalizedPaths.js:236:7:236:47 | path | -| normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | normalizedPaths.js:236:7:236:47 | path | -| normalizedPaths.js:236:33:236:46 | req.query.path | normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | -| normalizedPaths.js:236:33:236:46 | req.query.path | normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | -| normalizedPaths.js:236:33:236:46 | req.query.path | normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | -| normalizedPaths.js:236:33:236:46 | req.query.path | normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | -| normalizedPaths.js:236:33:236:46 | req.query.path | normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | -| normalizedPaths.js:236:33:236:46 | req.query.path | normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | -| normalizedPaths.js:236:33:236:46 | req.query.path | normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | -| normalizedPaths.js:236:33:236:46 | req.query.path | normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:256:19:256:22 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:256:19:256:22 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:256:19:256:22 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:256:19:256:22 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:256:19:256:22 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:256:19:256:22 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:256:19:256:22 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:256:19:256:22 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:262:21:262:24 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:262:21:262:24 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:262:21:262:24 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:262:21:262:24 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:262:21:262:24 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:262:21:262:24 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:262:21:262:24 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:262:21:262:24 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:267:38:267:41 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:267:38:267:41 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:267:38:267:41 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:267:38:267:41 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:275:38:275:41 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:275:38:275:41 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:275:38:275:41 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:275:38:275:41 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:283:38:283:41 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:283:38:283:41 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:283:38:283:41 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:283:38:283:41 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:291:38:291:41 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:291:38:291:41 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:291:38:291:41 | path | -| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:291:38:291:41 | path | -| normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | normalizedPaths.js:254:7:254:47 | path | -| normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | normalizedPaths.js:254:7:254:47 | path | -| normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | normalizedPaths.js:254:7:254:47 | path | -| normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | normalizedPaths.js:254:7:254:47 | path | -| normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | -| normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | -| normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | -| normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | -| normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | -| normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | -| normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | -| normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | -| normalizedPaths.js:267:7:267:42 | newpath | normalizedPaths.js:270:21:270:27 | newpath | -| normalizedPaths.js:267:7:267:42 | newpath | normalizedPaths.js:270:21:270:27 | newpath | -| normalizedPaths.js:267:7:267:42 | newpath | normalizedPaths.js:270:21:270:27 | newpath | -| normalizedPaths.js:267:7:267:42 | newpath | normalizedPaths.js:270:21:270:27 | newpath | -| normalizedPaths.js:267:7:267:42 | newpath | normalizedPaths.js:270:21:270:27 | newpath | -| normalizedPaths.js:267:7:267:42 | newpath | normalizedPaths.js:270:21:270:27 | newpath | -| normalizedPaths.js:267:7:267:42 | newpath | normalizedPaths.js:270:21:270:27 | newpath | -| normalizedPaths.js:267:7:267:42 | newpath | normalizedPaths.js:270:21:270:27 | newpath | -| normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | normalizedPaths.js:267:7:267:42 | newpath | -| normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | normalizedPaths.js:267:7:267:42 | newpath | -| normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | normalizedPaths.js:267:7:267:42 | newpath | -| normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | normalizedPaths.js:267:7:267:42 | newpath | -| normalizedPaths.js:267:38:267:41 | path | normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | -| normalizedPaths.js:267:38:267:41 | path | normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | -| normalizedPaths.js:267:38:267:41 | path | normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | -| normalizedPaths.js:267:38:267:41 | path | normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | -| normalizedPaths.js:275:7:275:42 | newpath | normalizedPaths.js:278:21:278:27 | newpath | -| normalizedPaths.js:275:7:275:42 | newpath | normalizedPaths.js:278:21:278:27 | newpath | -| normalizedPaths.js:275:7:275:42 | newpath | normalizedPaths.js:278:21:278:27 | newpath | -| normalizedPaths.js:275:7:275:42 | newpath | normalizedPaths.js:278:21:278:27 | newpath | -| normalizedPaths.js:275:7:275:42 | newpath | normalizedPaths.js:278:21:278:27 | newpath | -| normalizedPaths.js:275:7:275:42 | newpath | normalizedPaths.js:278:21:278:27 | newpath | -| normalizedPaths.js:275:7:275:42 | newpath | normalizedPaths.js:278:21:278:27 | newpath | -| normalizedPaths.js:275:7:275:42 | newpath | normalizedPaths.js:278:21:278:27 | newpath | -| normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | normalizedPaths.js:275:7:275:42 | newpath | -| normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | normalizedPaths.js:275:7:275:42 | newpath | -| normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | normalizedPaths.js:275:7:275:42 | newpath | -| normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | normalizedPaths.js:275:7:275:42 | newpath | -| normalizedPaths.js:275:38:275:41 | path | normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | -| normalizedPaths.js:275:38:275:41 | path | normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | -| normalizedPaths.js:275:38:275:41 | path | normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | -| normalizedPaths.js:275:38:275:41 | path | normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | -| normalizedPaths.js:283:7:283:42 | newpath | normalizedPaths.js:286:21:286:27 | newpath | -| normalizedPaths.js:283:7:283:42 | newpath | normalizedPaths.js:286:21:286:27 | newpath | -| normalizedPaths.js:283:7:283:42 | newpath | normalizedPaths.js:286:21:286:27 | newpath | -| normalizedPaths.js:283:7:283:42 | newpath | normalizedPaths.js:286:21:286:27 | newpath | -| normalizedPaths.js:283:7:283:42 | newpath | normalizedPaths.js:286:21:286:27 | newpath | -| normalizedPaths.js:283:7:283:42 | newpath | normalizedPaths.js:286:21:286:27 | newpath | -| normalizedPaths.js:283:7:283:42 | newpath | normalizedPaths.js:286:21:286:27 | newpath | -| normalizedPaths.js:283:7:283:42 | newpath | normalizedPaths.js:286:21:286:27 | newpath | -| normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | normalizedPaths.js:283:7:283:42 | newpath | -| normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | normalizedPaths.js:283:7:283:42 | newpath | -| normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | normalizedPaths.js:283:7:283:42 | newpath | -| normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | normalizedPaths.js:283:7:283:42 | newpath | -| normalizedPaths.js:283:38:283:41 | path | normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | -| normalizedPaths.js:283:38:283:41 | path | normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | -| normalizedPaths.js:283:38:283:41 | path | normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | -| normalizedPaths.js:283:38:283:41 | path | normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | -| normalizedPaths.js:291:7:291:42 | newpath | normalizedPaths.js:296:21:296:27 | newpath | -| normalizedPaths.js:291:7:291:42 | newpath | normalizedPaths.js:296:21:296:27 | newpath | -| normalizedPaths.js:291:7:291:42 | newpath | normalizedPaths.js:296:21:296:27 | newpath | -| normalizedPaths.js:291:7:291:42 | newpath | normalizedPaths.js:296:21:296:27 | newpath | -| normalizedPaths.js:291:7:291:42 | newpath | normalizedPaths.js:296:21:296:27 | newpath | -| normalizedPaths.js:291:7:291:42 | newpath | normalizedPaths.js:296:21:296:27 | newpath | -| normalizedPaths.js:291:7:291:42 | newpath | normalizedPaths.js:296:21:296:27 | newpath | -| normalizedPaths.js:291:7:291:42 | newpath | normalizedPaths.js:296:21:296:27 | newpath | -| normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | normalizedPaths.js:291:7:291:42 | newpath | -| normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | normalizedPaths.js:291:7:291:42 | newpath | -| normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | normalizedPaths.js:291:7:291:42 | newpath | -| normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | normalizedPaths.js:291:7:291:42 | newpath | -| normalizedPaths.js:291:38:291:41 | path | normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | -| normalizedPaths.js:291:38:291:41 | path | normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | -| normalizedPaths.js:291:38:291:41 | path | normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | -| normalizedPaths.js:291:38:291:41 | path | normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:304:18:304:21 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:304:18:304:21 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:304:18:304:21 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:304:18:304:21 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:304:18:304:21 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:304:18:304:21 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:304:18:304:21 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:304:18:304:21 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:309:19:309:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:309:19:309:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:309:19:309:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:309:19:309:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:309:19:309:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:309:19:309:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:309:19:309:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:309:19:309:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:313:19:313:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:313:19:313:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:313:19:313:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:313:19:313:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:313:19:313:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:313:19:313:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:316:19:316:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:316:19:316:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:316:19:316:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:316:19:316:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:316:19:316:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:316:19:316:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:316:19:316:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:316:19:316:22 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:320:45:320:48 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:320:45:320:48 | path | -| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:320:45:320:48 | path | -| normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:303:6:303:26 | path | -| normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:303:6:303:26 | path | -| normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:303:6:303:26 | path | -| normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:303:6:303:26 | path | -| normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:303:6:303:26 | path | -| normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:303:6:303:26 | path | -| normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:303:6:303:26 | path | -| normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:303:6:303:26 | path | -| normalizedPaths.js:320:6:320:49 | normalizedPath | normalizedPaths.js:325:19:325:32 | normalizedPath | -| normalizedPaths.js:320:6:320:49 | normalizedPath | normalizedPaths.js:325:19:325:32 | normalizedPath | -| normalizedPaths.js:320:6:320:49 | normalizedPath | normalizedPaths.js:325:19:325:32 | normalizedPath | -| normalizedPaths.js:320:6:320:49 | normalizedPath | normalizedPaths.js:325:19:325:32 | normalizedPath | -| normalizedPaths.js:320:6:320:49 | normalizedPath | normalizedPaths.js:325:19:325:32 | normalizedPath | -| normalizedPaths.js:320:6:320:49 | normalizedPath | normalizedPaths.js:325:19:325:32 | normalizedPath | -| normalizedPaths.js:320:6:320:49 | normalizedPath | normalizedPaths.js:332:19:332:32 | normalizedPath | -| normalizedPaths.js:320:6:320:49 | normalizedPath | normalizedPaths.js:332:19:332:32 | normalizedPath | -| normalizedPaths.js:320:6:320:49 | normalizedPath | normalizedPaths.js:332:19:332:32 | normalizedPath | -| normalizedPaths.js:320:6:320:49 | normalizedPath | normalizedPaths.js:332:19:332:32 | normalizedPath | -| normalizedPaths.js:320:6:320:49 | normalizedPath | normalizedPaths.js:332:19:332:32 | normalizedPath | -| normalizedPaths.js:320:6:320:49 | normalizedPath | normalizedPaths.js:332:19:332:32 | normalizedPath | -| normalizedPaths.js:320:23:320:49 | pathMod ... , path) | normalizedPaths.js:320:6:320:49 | normalizedPath | -| normalizedPaths.js:320:23:320:49 | pathMod ... , path) | normalizedPaths.js:320:6:320:49 | normalizedPath | -| normalizedPaths.js:320:23:320:49 | pathMod ... , path) | normalizedPaths.js:320:6:320:49 | normalizedPath | -| normalizedPaths.js:320:45:320:48 | path | normalizedPaths.js:320:23:320:49 | pathMod ... , path) | -| normalizedPaths.js:320:45:320:48 | path | normalizedPaths.js:320:23:320:49 | pathMod ... , path) | -| normalizedPaths.js:320:45:320:48 | path | normalizedPaths.js:320:23:320:49 | pathMod ... , path) | -| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:341:18:341:21 | path | -| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:341:18:341:21 | path | -| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:341:18:341:21 | path | -| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:341:18:341:21 | path | -| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:341:18:341:21 | path | -| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:341:18:341:21 | path | -| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:341:18:341:21 | path | -| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:341:18:341:21 | path | -| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:346:19:346:22 | path | -| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:346:19:346:22 | path | -| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:346:19:346:22 | path | -| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:346:19:346:22 | path | -| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:346:19:346:22 | path | -| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:346:19:346:22 | path | -| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:346:19:346:22 | path | -| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:346:19:346:22 | path | -| normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | normalizedPaths.js:339:6:339:46 | path | -| normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | normalizedPaths.js:339:6:339:46 | path | -| normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | normalizedPaths.js:339:6:339:46 | path | -| normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | normalizedPaths.js:339:6:339:46 | path | -| normalizedPaths.js:339:32:339:45 | req.query.path | normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | -| normalizedPaths.js:339:32:339:45 | req.query.path | normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | -| normalizedPaths.js:339:32:339:45 | req.query.path | normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | -| normalizedPaths.js:339:32:339:45 | req.query.path | normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | -| normalizedPaths.js:339:32:339:45 | req.query.path | normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | -| normalizedPaths.js:339:32:339:45 | req.query.path | normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | -| normalizedPaths.js:339:32:339:45 | req.query.path | normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | -| normalizedPaths.js:339:32:339:45 | req.query.path | normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | -| normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:356:19:356:22 | path | -| normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:356:19:356:22 | path | -| normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:356:19:356:22 | path | -| normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:356:19:356:22 | path | -| normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:356:19:356:22 | path | -| normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:356:19:356:22 | path | -| normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:356:19:356:22 | path | -| normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:356:19:356:22 | path | -| normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:358:47:358:50 | path | -| normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:358:47:358:50 | path | -| normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:358:47:358:50 | path | -| normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:354:7:354:27 | path | -| normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:354:7:354:27 | path | -| normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:354:7:354:27 | path | -| normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:354:7:354:27 | path | -| normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:354:7:354:27 | path | -| normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:354:7:354:27 | path | -| normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:354:7:354:27 | path | -| normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:354:7:354:27 | path | -| normalizedPaths.js:358:7:358:51 | requestPath | normalizedPaths.js:363:21:363:31 | requestPath | -| normalizedPaths.js:358:7:358:51 | requestPath | normalizedPaths.js:363:21:363:31 | requestPath | -| normalizedPaths.js:358:7:358:51 | requestPath | normalizedPaths.js:363:21:363:31 | requestPath | -| normalizedPaths.js:358:7:358:51 | requestPath | normalizedPaths.js:363:21:363:31 | requestPath | -| normalizedPaths.js:358:7:358:51 | requestPath | normalizedPaths.js:363:21:363:31 | requestPath | -| normalizedPaths.js:358:7:358:51 | requestPath | normalizedPaths.js:363:21:363:31 | requestPath | -| normalizedPaths.js:358:21:358:51 | pathMod ... , path) | normalizedPaths.js:358:7:358:51 | requestPath | -| normalizedPaths.js:358:21:358:51 | pathMod ... , path) | normalizedPaths.js:358:7:358:51 | requestPath | -| normalizedPaths.js:358:21:358:51 | pathMod ... , path) | normalizedPaths.js:358:7:358:51 | requestPath | -| normalizedPaths.js:358:47:358:50 | path | normalizedPaths.js:358:21:358:51 | pathMod ... , path) | -| normalizedPaths.js:358:47:358:50 | path | normalizedPaths.js:358:21:358:51 | pathMod ... , path) | -| normalizedPaths.js:358:47:358:50 | path | normalizedPaths.js:358:21:358:51 | pathMod ... , path) | -| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:379:19:379:22 | path | -| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:379:19:379:22 | path | -| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:379:19:379:22 | path | -| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:379:19:379:22 | path | -| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:379:19:379:22 | path | -| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:379:19:379:22 | path | -| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:379:19:379:22 | path | -| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:379:19:379:22 | path | -| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:381:25:381:28 | path | -| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:381:25:381:28 | path | -| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:381:25:381:28 | path | -| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:381:25:381:28 | path | -| normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:377:7:377:27 | path | -| normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:377:7:377:27 | path | -| normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:377:7:377:27 | path | -| normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:377:7:377:27 | path | -| normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:377:7:377:27 | path | -| normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:377:7:377:27 | path | -| normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:377:7:377:27 | path | -| normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:377:7:377:27 | path | -| normalizedPaths.js:381:25:381:28 | path | normalizedPaths.js:381:19:381:29 | slash(path) | -| normalizedPaths.js:381:25:381:28 | path | normalizedPaths.js:381:19:381:29 | slash(path) | -| normalizedPaths.js:381:25:381:28 | path | normalizedPaths.js:381:19:381:29 | slash(path) | -| normalizedPaths.js:381:25:381:28 | path | normalizedPaths.js:381:19:381:29 | slash(path) | -| normalizedPaths.js:381:25:381:28 | path | normalizedPaths.js:381:19:381:29 | slash(path) | -| normalizedPaths.js:381:25:381:28 | path | normalizedPaths.js:381:19:381:29 | slash(path) | -| normalizedPaths.js:381:25:381:28 | path | normalizedPaths.js:381:19:381:29 | slash(path) | -| normalizedPaths.js:381:25:381:28 | path | normalizedPaths.js:381:19:381:29 | slash(path) | -| normalizedPaths.js:385:7:385:46 | path | normalizedPaths.js:388:19:388:22 | path | -| normalizedPaths.js:385:7:385:46 | path | normalizedPaths.js:388:19:388:22 | path | -| normalizedPaths.js:385:7:385:46 | path | normalizedPaths.js:388:19:388:22 | path | -| normalizedPaths.js:385:7:385:46 | path | normalizedPaths.js:388:19:388:22 | path | -| normalizedPaths.js:385:7:385:46 | path | normalizedPaths.js:399:21:399:24 | path | -| normalizedPaths.js:385:7:385:46 | path | normalizedPaths.js:399:21:399:24 | path | -| normalizedPaths.js:385:7:385:46 | path | normalizedPaths.js:399:21:399:24 | path | -| normalizedPaths.js:385:7:385:46 | path | normalizedPaths.js:399:21:399:24 | path | -| normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | normalizedPaths.js:385:7:385:46 | path | -| normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | normalizedPaths.js:385:7:385:46 | path | -| normalizedPaths.js:385:35:385:45 | req.query.x | normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | -| normalizedPaths.js:385:35:385:45 | req.query.x | normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | -| normalizedPaths.js:385:35:385:45 | req.query.x | normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | -| normalizedPaths.js:385:35:385:45 | req.query.x | normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | -| normalizedPaths.js:407:45:407:55 | req.query.x | normalizedPaths.js:407:45:407:66 | req.que ... it('/') | -| normalizedPaths.js:407:45:407:55 | req.query.x | normalizedPaths.js:407:45:407:66 | req.que ... it('/') | -| normalizedPaths.js:407:45:407:55 | req.query.x | normalizedPaths.js:407:45:407:66 | req.que ... it('/') | -| normalizedPaths.js:407:45:407:55 | req.query.x | normalizedPaths.js:407:45:407:66 | req.que ... it('/') | -| normalizedPaths.js:407:45:407:55 | req.query.x | normalizedPaths.js:407:45:407:66 | req.que ... it('/') | -| normalizedPaths.js:407:45:407:55 | req.query.x | normalizedPaths.js:407:45:407:66 | req.que ... it('/') | -| normalizedPaths.js:407:45:407:66 | req.que ... it('/') | normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | -| normalizedPaths.js:407:45:407:66 | req.que ... it('/') | normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | -| normalizedPaths.js:407:45:407:66 | req.que ... it('/') | normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | -| normalizedPaths.js:407:45:407:66 | req.que ... it('/') | normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | -| normalizedPaths.js:407:45:407:66 | req.que ... it('/') | normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | -| normalizedPaths.js:407:45:407:66 | req.que ... it('/') | normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | -| normalizedPaths.js:408:38:408:48 | req.query.x | normalizedPaths.js:408:38:408:59 | req.que ... it('/') | -| normalizedPaths.js:408:38:408:48 | req.query.x | normalizedPaths.js:408:38:408:59 | req.que ... it('/') | -| normalizedPaths.js:408:38:408:48 | req.query.x | normalizedPaths.js:408:38:408:59 | req.que ... it('/') | -| normalizedPaths.js:408:38:408:48 | req.query.x | normalizedPaths.js:408:38:408:59 | req.que ... it('/') | -| normalizedPaths.js:408:38:408:48 | req.query.x | normalizedPaths.js:408:38:408:59 | req.que ... it('/') | -| normalizedPaths.js:408:38:408:48 | req.query.x | normalizedPaths.js:408:38:408:59 | req.que ... it('/') | -| normalizedPaths.js:408:38:408:59 | req.que ... it('/') | normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | -| normalizedPaths.js:408:38:408:59 | req.que ... it('/') | normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | -| normalizedPaths.js:408:38:408:59 | req.que ... it('/') | normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | -| normalizedPaths.js:408:38:408:59 | req.que ... it('/') | normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | -| normalizedPaths.js:408:38:408:59 | req.que ... it('/') | normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | -| normalizedPaths.js:408:38:408:59 | req.que ... it('/') | normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:7:77:48 | path | other-fs-libraries.js:79:16:79:19 | path | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:37 | url.par ... , true) | other-fs-libraries.js:77:14:77:43 | url.par ... ).query | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:43 | url.par ... ).query | other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:14:77:48 | url.par ... ry.path | other-fs-libraries.js:77:7:77:48 | path | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:77:14:77:37 | url.par ... , true) | -| prettier.js:6:11:6:28 | p | prettier.js:7:28:7:28 | p | -| prettier.js:6:11:6:28 | p | prettier.js:7:28:7:28 | p | -| prettier.js:6:11:6:28 | p | prettier.js:7:28:7:28 | p | -| prettier.js:6:11:6:28 | p | prettier.js:7:28:7:28 | p | -| prettier.js:6:11:6:28 | p | prettier.js:7:28:7:28 | p | -| prettier.js:6:11:6:28 | p | prettier.js:7:28:7:28 | p | -| prettier.js:6:11:6:28 | p | prettier.js:7:28:7:28 | p | -| prettier.js:6:11:6:28 | p | prettier.js:7:28:7:28 | p | -| prettier.js:6:11:6:28 | p | prettier.js:11:44:11:44 | p | -| prettier.js:6:11:6:28 | p | prettier.js:11:44:11:44 | p | -| prettier.js:6:11:6:28 | p | prettier.js:11:44:11:44 | p | -| prettier.js:6:11:6:28 | p | prettier.js:11:44:11:44 | p | -| prettier.js:6:11:6:28 | p | prettier.js:11:44:11:44 | p | -| prettier.js:6:11:6:28 | p | prettier.js:11:44:11:44 | p | -| prettier.js:6:11:6:28 | p | prettier.js:11:44:11:44 | p | -| prettier.js:6:11:6:28 | p | prettier.js:11:44:11:44 | p | -| prettier.js:6:13:6:13 | p | prettier.js:6:11:6:28 | p | -| prettier.js:6:13:6:13 | p | prettier.js:6:11:6:28 | p | -| prettier.js:6:13:6:13 | p | prettier.js:6:11:6:28 | p | -| prettier.js:6:13:6:13 | p | prettier.js:6:11:6:28 | p | -| prettier.js:6:13:6:13 | p | prettier.js:6:11:6:28 | p | -| prettier.js:6:13:6:13 | p | prettier.js:6:11:6:28 | p | -| prettier.js:6:13:6:13 | p | prettier.js:6:11:6:28 | p | -| prettier.js:6:13:6:13 | p | prettier.js:6:11:6:28 | p | -| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:9:28:9:34 | tainted | -| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:9:28:9:34 | tainted | -| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:9:28:9:34 | tainted | -| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:9:28:9:34 | tainted | -| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:9:28:9:34 | tainted | -| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:9:28:9:34 | tainted | -| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:13:37:13:43 | tainted | -| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:13:37:13:43 | tainted | -| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:13:37:13:43 | tainted | -| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:13:37:13:43 | tainted | -| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:13:37:13:43 | tainted | -| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:13:37:13:43 | tainted | -| pupeteer.js:5:19:5:71 | "dir/" ... t.data" | pupeteer.js:5:9:5:71 | tainted | -| pupeteer.js:5:19:5:71 | "dir/" ... t.data" | pupeteer.js:5:9:5:71 | tainted | -| pupeteer.js:5:19:5:71 | "dir/" ... t.data" | pupeteer.js:5:9:5:71 | tainted | -| pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:5:19:5:71 | "dir/" ... t.data" | -| pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:5:19:5:71 | "dir/" ... t.data" | -| pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:5:19:5:71 | "dir/" ... t.data" | -| pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:5:19:5:71 | "dir/" ... t.data" | -| pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:5:19:5:71 | "dir/" ... t.data" | -| pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:5:19:5:71 | "dir/" ... t.data" | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | tainted-access-paths.js:10:7:10:36 | obj | -| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:13:10:36 | bla ? s ... : path | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | -| tainted-require.js:7:19:7:37 | req.param("module") | tainted-require.js:7:19:7:37 | req.param("module") | -| tainted-require.js:12:29:12:47 | req.param("module") | tainted-require.js:12:29:12:47 | req.param("module") | -| tainted-require.js:14:11:14:29 | req.param("module") | tainted-require.js:14:11:14:29 | req.param("module") | -| tainted-sendFile.js:8:16:8:33 | req.param("gimme") | tainted-sendFile.js:8:16:8:33 | req.param("gimme") | -| tainted-sendFile.js:10:16:10:33 | req.param("gimme") | tainted-sendFile.js:10:16:10:33 | req.param("gimme") | -| tainted-sendFile.js:18:43:18:58 | req.param("dir") | tainted-sendFile.js:18:43:18:58 | req.param("dir") | -| tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | -| tainted-sendFile.js:25:34:25:45 | req.params.x | tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | -| tainted-sendFile.js:25:34:25:45 | req.params.x | tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | -| tainted-sendFile.js:25:34:25:45 | req.params.x | tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | -| tainted-sendFile.js:25:34:25:45 | req.params.x | tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | -| tainted-sendFile.js:25:34:25:45 | req.params.x | tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | -| tainted-sendFile.js:25:34:25:45 | req.params.x | tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | -| tainted-sendFile.js:25:34:25:45 | req.params.x | tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | -| tainted-sendFile.js:25:34:25:45 | req.params.x | tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | -| tainted-sendFile.js:25:34:25:45 | req.params.x | tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | -| tainted-sendFile.js:25:34:25:45 | req.params.x | tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:14:33:14:36 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:15:42:15:45 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | -| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | -| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | -| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | -| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | -| torrents.js:5:6:5:38 | name | torrents.js:6:24:6:27 | name | -| torrents.js:5:6:5:38 | name | torrents.js:6:24:6:27 | name | -| torrents.js:5:6:5:38 | name | torrents.js:6:24:6:27 | name | -| torrents.js:5:13:5:38 | parseTo ... t).name | torrents.js:5:6:5:38 | name | -| torrents.js:5:13:5:38 | parseTo ... t).name | torrents.js:5:6:5:38 | name | -| torrents.js:5:13:5:38 | parseTo ... t).name | torrents.js:5:6:5:38 | name | -| torrents.js:5:13:5:38 | parseTo ... t).name | torrents.js:5:6:5:38 | name | -| torrents.js:5:13:5:38 | parseTo ... t).name | torrents.js:5:6:5:38 | name | -| torrents.js:5:13:5:38 | parseTo ... t).name | torrents.js:5:6:5:38 | name | -| torrents.js:6:6:6:45 | loc | torrents.js:7:25:7:27 | loc | -| torrents.js:6:6:6:45 | loc | torrents.js:7:25:7:27 | loc | -| torrents.js:6:6:6:45 | loc | torrents.js:7:25:7:27 | loc | -| torrents.js:6:6:6:45 | loc | torrents.js:7:25:7:27 | loc | -| torrents.js:6:6:6:45 | loc | torrents.js:7:25:7:27 | loc | -| torrents.js:6:6:6:45 | loc | torrents.js:7:25:7:27 | loc | -| torrents.js:6:12:6:45 | dir + " ... t.data" | torrents.js:6:6:6:45 | loc | -| torrents.js:6:12:6:45 | dir + " ... t.data" | torrents.js:6:6:6:45 | loc | -| torrents.js:6:12:6:45 | dir + " ... t.data" | torrents.js:6:6:6:45 | loc | -| torrents.js:6:24:6:27 | name | torrents.js:6:12:6:45 | dir + " ... t.data" | -| torrents.js:6:24:6:27 | name | torrents.js:6:12:6:45 | dir + " ... t.data" | -| torrents.js:6:24:6:27 | name | torrents.js:6:12:6:45 | dir + " ... t.data" | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | -| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | -| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | -| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | -| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | -| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | -| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | -| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | -| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | -| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | -| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | -| views.js:1:43:1:55 | req.params[0] | views.js:1:43:1:55 | req.params[0] | +| TaintedPath-es6.js:7:7:7:44 | path | TaintedPath-es6.js:10:41:10:44 | path | provenance | | +| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | provenance | Config | +| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | provenance | Config | +| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | TaintedPath-es6.js:7:7:7:44 | path | provenance | | +| TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | provenance | Config | +| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | provenance | Config | +| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | provenance | | +| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:15:45:15:48 | path | provenance | | +| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:18:33:18:36 | path | provenance | | +| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | provenance | | +| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | provenance | | +| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | provenance | | +| TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | provenance | Config | +| TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | provenance | Config | +| TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | provenance | | +| TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | provenance | Config | +| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | provenance | Config | +| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | provenance | | +| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | provenance | | +| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:48:51:48:54 | path | provenance | | +| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | provenance | | +| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | provenance | | +| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | provenance | | +| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | provenance | | +| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | provenance | | +| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | provenance | | +| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | provenance | Config | +| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | provenance | Config | +| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | provenance | | +| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | provenance | Config | +| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | provenance | Config | +| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | provenance | Config | +| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | provenance | Config | +| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | provenance | Config | +| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | provenance | Config | +| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | provenance | Config | +| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | provenance | Config | +| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | provenance | Config | +| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | provenance | Config | +| TaintedPath.js:77:31:77:70 | require ... eq.url) | TaintedPath.js:77:31:77:76 | require ... ).query | provenance | Config | +| TaintedPath.js:77:63:77:69 | req.url | TaintedPath.js:77:31:77:70 | require ... eq.url) | provenance | Config | +| TaintedPath.js:78:31:78:68 | require ... eq.url) | TaintedPath.js:78:31:78:74 | require ... ).query | provenance | Config | +| TaintedPath.js:78:61:78:67 | req.url | TaintedPath.js:78:31:78:68 | require ... eq.url) | provenance | Config | +| TaintedPath.js:79:31:79:67 | require ... eq.url) | TaintedPath.js:79:31:79:73 | require ... ).query | provenance | Config | +| TaintedPath.js:79:60:79:66 | req.url | TaintedPath.js:79:31:79:67 | require ... eq.url) | provenance | Config | +| TaintedPath.js:95:30:95:31 | ev | TaintedPath.js:96:24:96:25 | ev | provenance | | +| TaintedPath.js:96:24:96:25 | ev | TaintedPath.js:96:24:96:30 | ev.data | provenance | Config | +| TaintedPath.js:96:24:96:30 | ev.data | TaintedPath.js:71:26:71:45 | Cookie.get("unsafe") | provenance | Config | +| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:102:44:102:47 | path | provenance | | +| TaintedPath.js:100:6:100:47 | path | TaintedPath.js:103:14:103:17 | path | provenance | | +| TaintedPath.js:100:13:100:36 | url.par ... , true) | TaintedPath.js:100:13:100:42 | url.par ... ).query | provenance | Config | +| TaintedPath.js:100:13:100:42 | url.par ... ).query | TaintedPath.js:100:13:100:47 | url.par ... ry.path | provenance | Config | +| TaintedPath.js:100:13:100:47 | url.par ... ry.path | TaintedPath.js:100:6:100:47 | path | provenance | | +| TaintedPath.js:100:23:100:29 | req.url | TaintedPath.js:100:13:100:36 | url.par ... , true) | provenance | Config | +| TaintedPath.js:102:44:102:47 | path | TaintedPath.js:102:28:102:48 | fs.real ... c(path) | provenance | Config | +| TaintedPath.js:103:14:103:17 | path | TaintedPath.js:104:32:104:39 | realpath | provenance | Config | +| TaintedPath.js:104:32:104:39 | realpath | TaintedPath.js:105:45:105:52 | realpath | provenance | | +| TaintedPath.js:136:6:136:47 | path | TaintedPath.js:138:23:138:26 | path | provenance | | +| TaintedPath.js:136:13:136:36 | url.par ... , true) | TaintedPath.js:136:13:136:42 | url.par ... ).query | provenance | Config | +| TaintedPath.js:136:13:136:42 | url.par ... ).query | TaintedPath.js:136:13:136:47 | url.par ... ry.path | provenance | Config | +| TaintedPath.js:136:13:136:47 | url.par ... ry.path | TaintedPath.js:136:6:136:47 | path | provenance | | +| TaintedPath.js:136:23:136:29 | req.url | TaintedPath.js:136:13:136:36 | url.par ... , true) | provenance | Config | +| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:144:19:144:22 | path | provenance | | +| TaintedPath.js:142:7:142:48 | path | TaintedPath.js:146:15:146:18 | path | provenance | | +| TaintedPath.js:142:14:142:37 | url.par ... , true) | TaintedPath.js:142:14:142:43 | url.par ... ).query | provenance | Config | +| TaintedPath.js:142:14:142:43 | url.par ... ).query | TaintedPath.js:142:14:142:48 | url.par ... ry.path | provenance | Config | +| TaintedPath.js:142:14:142:48 | url.par ... ry.path | TaintedPath.js:142:7:142:48 | path | provenance | | +| TaintedPath.js:142:24:142:30 | req.url | TaintedPath.js:142:14:142:37 | url.par ... , true) | provenance | Config | +| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:148:19:148:23 | split | provenance | | +| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:152:19:152:23 | split | provenance | | +| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:153:28:153:32 | split | provenance | | +| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:155:33:155:37 | split | provenance | | +| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:158:20:158:24 | split | provenance | | +| TaintedPath.js:146:7:146:29 | split | TaintedPath.js:161:19:161:23 | split | provenance | | +| TaintedPath.js:146:15:146:18 | path | TaintedPath.js:146:15:146:29 | path.split("/") | provenance | Config | +| TaintedPath.js:146:15:146:29 | path.split("/") | TaintedPath.js:146:7:146:29 | split | provenance | | +| TaintedPath.js:148:19:148:23 | split | TaintedPath.js:148:19:148:33 | split.join("/") | provenance | Config | +| TaintedPath.js:152:19:152:23 | split | TaintedPath.js:152:19:152:26 | split[x] | provenance | Config | +| TaintedPath.js:153:28:153:32 | split | TaintedPath.js:153:28:153:35 | split[x] | provenance | Config | +| TaintedPath.js:153:28:153:35 | split[x] | TaintedPath.js:153:19:153:35 | prefix + split[x] | provenance | Config | +| TaintedPath.js:155:7:155:38 | concatted | TaintedPath.js:156:19:156:27 | concatted | provenance | | +| TaintedPath.js:155:19:155:38 | prefix.concat(split) | TaintedPath.js:155:7:155:38 | concatted | provenance | | +| TaintedPath.js:155:33:155:37 | split | TaintedPath.js:155:19:155:38 | prefix.concat(split) | provenance | Config | +| TaintedPath.js:156:19:156:27 | concatted | TaintedPath.js:156:19:156:37 | concatted.join("/") | provenance | Config | +| TaintedPath.js:158:7:158:39 | concatted2 | TaintedPath.js:159:19:159:28 | concatted2 | provenance | | +| TaintedPath.js:158:20:158:24 | split | TaintedPath.js:158:20:158:39 | split.concat(prefix) | provenance | Config | +| TaintedPath.js:158:20:158:39 | split.concat(prefix) | TaintedPath.js:158:7:158:39 | concatted2 | provenance | | +| TaintedPath.js:159:19:159:28 | concatted2 | TaintedPath.js:159:19:159:38 | concatted2.join("/") | provenance | Config | +| TaintedPath.js:161:19:161:23 | split | TaintedPath.js:161:19:161:29 | split.pop() | provenance | Config | +| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:170:29:170:32 | path | provenance | | +| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:176:29:176:32 | path | provenance | | +| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:177:29:177:32 | path | provenance | | +| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:178:29:178:32 | path | provenance | | +| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:179:29:179:32 | path | provenance | | +| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:194:40:194:43 | path | provenance | | +| TaintedPath.js:166:7:166:48 | path | TaintedPath.js:195:50:195:53 | path | provenance | | +| TaintedPath.js:166:14:166:37 | url.par ... , true) | TaintedPath.js:166:14:166:43 | url.par ... ).query | provenance | Config | +| TaintedPath.js:166:14:166:43 | url.par ... ).query | TaintedPath.js:166:14:166:48 | url.par ... ry.path | provenance | Config | +| TaintedPath.js:166:14:166:48 | url.par ... ry.path | TaintedPath.js:166:7:166:48 | path | provenance | | +| TaintedPath.js:166:24:166:30 | req.url | TaintedPath.js:166:14:166:37 | url.par ... , true) | provenance | Config | +| TaintedPath.js:170:29:170:32 | path | TaintedPath.js:170:29:170:55 | path.re ... /g, '') | provenance | Config | +| TaintedPath.js:176:29:176:32 | path | TaintedPath.js:176:29:176:52 | path.re ... /g, '') | provenance | Config | +| TaintedPath.js:177:29:177:32 | path | TaintedPath.js:177:29:177:53 | path.re ... /g, '') | provenance | Config | +| TaintedPath.js:178:29:178:32 | path | TaintedPath.js:178:29:178:51 | path.re ... /g, '') | provenance | Config | +| TaintedPath.js:179:29:179:32 | path | TaintedPath.js:179:29:179:57 | path.re ... /g, '') | provenance | Config | +| TaintedPath.js:194:40:194:43 | path | TaintedPath.js:194:40:194:73 | path.re ... +/, '') | provenance | Config | +| TaintedPath.js:194:40:194:73 | path.re ... +/, '') | TaintedPath.js:194:29:194:73 | "prefix ... +/, '') | provenance | Config | +| TaintedPath.js:195:29:195:54 | pathMod ... e(path) | TaintedPath.js:195:29:195:84 | pathMod ... +/, '') | provenance | Config | +| TaintedPath.js:195:50:195:53 | path | TaintedPath.js:195:29:195:54 | pathMod ... e(path) | provenance | Config | +| TaintedPath.js:203:29:203:45 | qs.parse(req.url) | TaintedPath.js:203:29:203:49 | qs.pars ... rl).foo | provenance | Config | +| TaintedPath.js:203:38:203:44 | req.url | TaintedPath.js:203:29:203:45 | qs.parse(req.url) | provenance | Config | +| TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | TaintedPath.js:204:29:204:63 | qs.pars ... l)).foo | provenance | Config | +| TaintedPath.js:204:38:204:58 | normali ... eq.url) | TaintedPath.js:204:29:204:59 | qs.pars ... q.url)) | provenance | Config | +| TaintedPath.js:204:51:204:57 | req.url | TaintedPath.js:204:38:204:58 | normali ... eq.url) | provenance | Config | +| TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | TaintedPath.js:206:29:206:55 | parseqs ... rl).foo | provenance | Config | +| TaintedPath.js:206:44:206:50 | req.url | TaintedPath.js:206:29:206:51 | parseqs ... eq.url) | provenance | Config | +| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:212:31:212:34 | path | provenance | | +| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:45:213:48 | path | provenance | | +| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:214:35:214:38 | path | provenance | | +| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | provenance | Config | +| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | provenance | Config | +| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | provenance | | +| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | provenance | Config | +| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | provenance | | +| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | provenance | Config | +| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | provenance | Config | +| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | provenance | | +| examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | provenance | Config | +| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | provenance | Config | +| handlebars.js:10:51:10:58 | filePath | handlebars.js:11:32:11:39 | filePath | provenance | | +| handlebars.js:13:73:13:80 | filePath | handlebars.js:15:25:15:32 | filePath | provenance | | +| handlebars.js:29:46:29:60 | req.params.path | handlebars.js:10:51:10:58 | filePath | provenance | | +| handlebars.js:43:15:43:29 | req.params.path | handlebars.js:13:73:13:80 | filePath | provenance | | +| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:13:19:13:22 | path | provenance | | +| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:14:26:14:29 | path | provenance | | +| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:15:19:15:22 | path | provenance | | +| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:16:35:16:38 | path | provenance | | +| normalizedPaths.js:11:7:11:27 | path | normalizedPaths.js:17:53:17:56 | path | provenance | | +| normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:11:7:11:27 | path | provenance | | +| normalizedPaths.js:14:26:14:29 | path | normalizedPaths.js:14:19:14:29 | './' + path | provenance | Config | +| normalizedPaths.js:15:19:15:22 | path | normalizedPaths.js:15:19:15:38 | path + '/index.html' | provenance | Config | +| normalizedPaths.js:16:35:16:38 | path | normalizedPaths.js:16:19:16:53 | pathMod ... .html') | provenance | Config | +| normalizedPaths.js:17:53:17:56 | path | normalizedPaths.js:17:19:17:57 | pathMod ... , path) | provenance | Config | +| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:23:19:23:22 | path | provenance | | +| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:24:26:24:29 | path | provenance | | +| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:25:19:25:22 | path | provenance | | +| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:26:35:26:38 | path | provenance | | +| normalizedPaths.js:21:7:21:49 | path | normalizedPaths.js:27:53:27:56 | path | provenance | | +| normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | normalizedPaths.js:21:7:21:49 | path | provenance | | +| normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | provenance | Config | +| normalizedPaths.js:24:26:24:29 | path | normalizedPaths.js:24:19:24:29 | './' + path | provenance | Config | +| normalizedPaths.js:25:19:25:22 | path | normalizedPaths.js:25:19:25:38 | path + '/index.html' | provenance | Config | +| normalizedPaths.js:26:35:26:38 | path | normalizedPaths.js:26:19:26:53 | pathMod ... .html') | provenance | Config | +| normalizedPaths.js:27:53:27:56 | path | normalizedPaths.js:27:19:27:57 | pathMod ... , path) | provenance | Config | +| normalizedPaths.js:31:7:31:49 | path | normalizedPaths.js:36:19:36:22 | path | provenance | | +| normalizedPaths.js:31:7:31:49 | path | normalizedPaths.js:41:21:41:24 | path | provenance | | +| normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | normalizedPaths.js:31:7:31:49 | path | provenance | | +| normalizedPaths.js:31:35:31:48 | req.query.path | normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | provenance | Config | +| normalizedPaths.js:54:7:54:49 | path | normalizedPaths.js:59:19:59:22 | path | provenance | | +| normalizedPaths.js:54:7:54:49 | path | normalizedPaths.js:63:19:63:22 | path | provenance | | +| normalizedPaths.js:54:7:54:49 | path | normalizedPaths.js:68:21:68:24 | path | provenance | | +| normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | normalizedPaths.js:54:7:54:49 | path | provenance | | +| normalizedPaths.js:54:35:54:48 | req.query.path | normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | provenance | Config | +| normalizedPaths.js:63:19:63:22 | path | normalizedPaths.js:63:19:63:38 | path + "/index.html" | provenance | Config | +| normalizedPaths.js:73:7:73:56 | path | normalizedPaths.js:78:22:78:25 | path | provenance | | +| normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | normalizedPaths.js:73:7:73:56 | path | provenance | | +| normalizedPaths.js:73:35:73:55 | './' + ... ry.path | normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | provenance | Config | +| normalizedPaths.js:73:42:73:55 | req.query.path | normalizedPaths.js:73:35:73:55 | './' + ... ry.path | provenance | Config | +| normalizedPaths.js:82:7:82:27 | path | normalizedPaths.js:87:29:87:32 | path | provenance | | +| normalizedPaths.js:82:7:82:27 | path | normalizedPaths.js:90:31:90:34 | path | provenance | | +| normalizedPaths.js:82:14:82:27 | req.query.path | normalizedPaths.js:82:7:82:27 | path | provenance | | +| normalizedPaths.js:94:7:94:49 | path | normalizedPaths.js:99:29:99:32 | path | provenance | | +| normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | normalizedPaths.js:94:7:94:49 | path | provenance | | +| normalizedPaths.js:94:35:94:48 | req.query.path | normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | provenance | Config | +| normalizedPaths.js:117:7:117:44 | path | normalizedPaths.js:119:19:119:22 | path | provenance | | +| normalizedPaths.js:117:7:117:44 | path | normalizedPaths.js:120:35:120:38 | path | provenance | | +| normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | normalizedPaths.js:117:7:117:44 | path | provenance | | +| normalizedPaths.js:117:30:117:43 | req.query.path | normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | provenance | Config | +| normalizedPaths.js:120:35:120:38 | path | normalizedPaths.js:120:19:120:53 | pathMod ... .html') | provenance | Config | +| normalizedPaths.js:130:7:130:49 | path | normalizedPaths.js:135:21:135:24 | path | provenance | | +| normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | normalizedPaths.js:130:7:130:49 | path | provenance | | +| normalizedPaths.js:130:35:130:48 | req.query.path | normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | provenance | Config | +| normalizedPaths.js:139:7:139:62 | path | normalizedPaths.js:144:21:144:24 | path | provenance | | +| normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | normalizedPaths.js:139:7:139:62 | path | provenance | | +| normalizedPaths.js:139:48:139:61 | req.query.path | normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | provenance | Config | +| normalizedPaths.js:148:7:148:58 | path | normalizedPaths.js:151:21:151:24 | path | provenance | | +| normalizedPaths.js:148:7:148:58 | path | normalizedPaths.js:153:21:153:24 | path | provenance | | +| normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | normalizedPaths.js:148:7:148:58 | path | provenance | | +| normalizedPaths.js:148:23:148:58 | pathMod ... y.path) | normalizedPaths.js:148:14:148:58 | 'foo/' ... y.path) | provenance | Config | +| normalizedPaths.js:148:44:148:57 | req.query.path | normalizedPaths.js:148:23:148:58 | pathMod ... y.path) | provenance | Config | +| normalizedPaths.js:160:7:160:49 | path | normalizedPaths.js:165:19:165:22 | path | provenance | | +| normalizedPaths.js:160:7:160:49 | path | normalizedPaths.js:170:21:170:24 | path | provenance | | +| normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | normalizedPaths.js:160:7:160:49 | path | provenance | | +| normalizedPaths.js:160:35:160:48 | req.query.path | normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | provenance | Config | +| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:184:19:184:22 | path | provenance | | +| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:187:21:187:24 | path | provenance | | +| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:189:21:189:24 | path | provenance | | +| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:192:21:192:24 | path | provenance | | +| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:194:21:194:24 | path | provenance | | +| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:199:21:199:24 | path | provenance | | +| normalizedPaths.js:174:7:174:27 | path | normalizedPaths.js:201:45:201:48 | path | provenance | | +| normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:174:7:174:27 | path | provenance | | +| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:205:21:205:34 | normalizedPath | provenance | | +| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:208:21:208:34 | normalizedPath | provenance | | +| normalizedPaths.js:201:7:201:49 | normalizedPath | normalizedPaths.js:210:21:210:34 | normalizedPath | provenance | | +| normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | normalizedPaths.js:201:7:201:49 | normalizedPath | provenance | | +| normalizedPaths.js:201:45:201:48 | path | normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | provenance | Config | +| normalizedPaths.js:214:7:214:49 | path | normalizedPaths.js:219:29:219:32 | path | provenance | | +| normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | normalizedPaths.js:214:7:214:49 | path | provenance | | +| normalizedPaths.js:214:35:214:48 | req.query.path | normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | provenance | Config | +| normalizedPaths.js:219:3:219:33 | path | normalizedPaths.js:222:21:222:24 | path | provenance | | +| normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | normalizedPaths.js:219:3:219:33 | path | provenance | | +| normalizedPaths.js:219:29:219:32 | path | normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | provenance | Config | +| normalizedPaths.js:226:7:226:70 | path | normalizedPaths.js:228:21:228:24 | path | provenance | | +| normalizedPaths.js:226:14:226:49 | pathMod ... y.path) | normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | provenance | Config | +| normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | normalizedPaths.js:226:7:226:70 | path | provenance | | +| normalizedPaths.js:226:35:226:48 | req.query.path | normalizedPaths.js:226:14:226:49 | pathMod ... y.path) | provenance | Config | +| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:238:19:238:22 | path | provenance | | +| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:245:21:245:24 | path | provenance | | +| normalizedPaths.js:236:7:236:47 | path | normalizedPaths.js:250:21:250:24 | path | provenance | | +| normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | normalizedPaths.js:236:7:236:47 | path | provenance | | +| normalizedPaths.js:236:33:236:46 | req.query.path | normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | provenance | Config | +| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:256:19:256:22 | path | provenance | | +| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:262:21:262:24 | path | provenance | | +| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:267:38:267:41 | path | provenance | | +| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:275:38:275:41 | path | provenance | | +| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:283:38:283:41 | path | provenance | | +| normalizedPaths.js:254:7:254:47 | path | normalizedPaths.js:291:38:291:41 | path | provenance | | +| normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | normalizedPaths.js:254:7:254:47 | path | provenance | | +| normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | provenance | Config | +| normalizedPaths.js:267:7:267:42 | newpath | normalizedPaths.js:270:21:270:27 | newpath | provenance | | +| normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | normalizedPaths.js:267:7:267:42 | newpath | provenance | | +| normalizedPaths.js:267:38:267:41 | path | normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | provenance | Config | +| normalizedPaths.js:275:7:275:42 | newpath | normalizedPaths.js:278:21:278:27 | newpath | provenance | | +| normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | normalizedPaths.js:275:7:275:42 | newpath | provenance | | +| normalizedPaths.js:275:38:275:41 | path | normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | provenance | Config | +| normalizedPaths.js:283:7:283:42 | newpath | normalizedPaths.js:286:21:286:27 | newpath | provenance | | +| normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | normalizedPaths.js:283:7:283:42 | newpath | provenance | | +| normalizedPaths.js:283:38:283:41 | path | normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | provenance | Config | +| normalizedPaths.js:291:7:291:42 | newpath | normalizedPaths.js:296:21:296:27 | newpath | provenance | | +| normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | normalizedPaths.js:291:7:291:42 | newpath | provenance | | +| normalizedPaths.js:291:38:291:41 | path | normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | provenance | Config | +| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:304:18:304:21 | path | provenance | | +| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:309:19:309:22 | path | provenance | | +| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:313:19:313:22 | path | provenance | | +| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:316:19:316:22 | path | provenance | | +| normalizedPaths.js:303:6:303:26 | path | normalizedPaths.js:320:45:320:48 | path | provenance | | +| normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:303:6:303:26 | path | provenance | | +| normalizedPaths.js:320:6:320:49 | normalizedPath | normalizedPaths.js:325:19:325:32 | normalizedPath | provenance | | +| normalizedPaths.js:320:6:320:49 | normalizedPath | normalizedPaths.js:332:19:332:32 | normalizedPath | provenance | | +| normalizedPaths.js:320:23:320:49 | pathMod ... , path) | normalizedPaths.js:320:6:320:49 | normalizedPath | provenance | | +| normalizedPaths.js:320:45:320:48 | path | normalizedPaths.js:320:23:320:49 | pathMod ... , path) | provenance | Config | +| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:341:18:341:21 | path | provenance | | +| normalizedPaths.js:339:6:339:46 | path | normalizedPaths.js:346:19:346:22 | path | provenance | | +| normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | normalizedPaths.js:339:6:339:46 | path | provenance | | +| normalizedPaths.js:339:32:339:45 | req.query.path | normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | provenance | Config | +| normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:356:19:356:22 | path | provenance | | +| normalizedPaths.js:354:7:354:27 | path | normalizedPaths.js:358:47:358:50 | path | provenance | | +| normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:354:7:354:27 | path | provenance | | +| normalizedPaths.js:358:7:358:51 | requestPath | normalizedPaths.js:363:21:363:31 | requestPath | provenance | | +| normalizedPaths.js:358:21:358:51 | pathMod ... , path) | normalizedPaths.js:358:7:358:51 | requestPath | provenance | | +| normalizedPaths.js:358:47:358:50 | path | normalizedPaths.js:358:21:358:51 | pathMod ... , path) | provenance | Config | +| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:379:19:379:22 | path | provenance | | +| normalizedPaths.js:377:7:377:27 | path | normalizedPaths.js:381:25:381:28 | path | provenance | | +| normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:377:7:377:27 | path | provenance | | +| normalizedPaths.js:381:25:381:28 | path | normalizedPaths.js:381:19:381:29 | slash(path) | provenance | Config | +| normalizedPaths.js:385:7:385:46 | path | normalizedPaths.js:388:19:388:22 | path | provenance | | +| normalizedPaths.js:385:7:385:46 | path | normalizedPaths.js:399:21:399:24 | path | provenance | | +| normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | normalizedPaths.js:385:7:385:46 | path | provenance | | +| normalizedPaths.js:385:35:385:45 | req.query.x | normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | provenance | Config | +| normalizedPaths.js:407:45:407:55 | req.query.x | normalizedPaths.js:407:45:407:66 | req.que ... it('/') | provenance | Config | +| normalizedPaths.js:407:45:407:66 | req.que ... it('/') | normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | provenance | Config | +| normalizedPaths.js:408:38:408:48 | req.query.x | normalizedPaths.js:408:38:408:59 | req.que ... it('/') | provenance | Config | +| normalizedPaths.js:408:38:408:59 | req.que ... it('/') | normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | provenance | Config | +| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | provenance | | +| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | provenance | | +| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | provenance | | +| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:14:27:14:30 | path | provenance | | +| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:16:34:16:37 | path | provenance | | +| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:17:35:17:38 | path | provenance | | +| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:19:56:19:59 | path | provenance | | +| other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:24:35:24:38 | path | provenance | | +| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | provenance | Config | +| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | provenance | Config | +| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | other-fs-libraries.js:9:7:9:48 | path | provenance | | +| other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | provenance | Config | +| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:40:35:40:38 | path | provenance | | +| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:41:50:41:53 | path | provenance | | +| other-fs-libraries.js:38:7:38:48 | path | other-fs-libraries.js:42:53:42:56 | path | provenance | | +| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | other-fs-libraries.js:38:14:38:43 | url.par ... ).query | provenance | Config | +| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | provenance | Config | +| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | other-fs-libraries.js:38:7:38:48 | path | provenance | | +| other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:38:14:38:37 | url.par ... , true) | provenance | Config | +| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:51:19:51:22 | path | provenance | | +| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:52:24:52:27 | path | provenance | | +| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:54:36:54:39 | path | provenance | | +| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:55:36:55:39 | path | provenance | | +| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:57:46:57:49 | path | provenance | | +| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:59:39:59:42 | path | provenance | | +| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:62:43:62:46 | path | provenance | | +| other-fs-libraries.js:49:7:49:48 | path | other-fs-libraries.js:63:51:63:54 | path | provenance | | +| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | other-fs-libraries.js:49:14:49:43 | url.par ... ).query | provenance | Config | +| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | provenance | Config | +| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | other-fs-libraries.js:49:7:49:48 | path | provenance | | +| other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:49:14:49:37 | url.par ... , true) | provenance | Config | +| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:70:19:70:22 | path | provenance | | +| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:71:10:71:13 | path | provenance | | +| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:72:15:72:18 | path | provenance | | +| other-fs-libraries.js:68:7:68:48 | path | other-fs-libraries.js:73:8:73:11 | path | provenance | | +| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | other-fs-libraries.js:68:14:68:43 | url.par ... ).query | provenance | Config | +| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | provenance | Config | +| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | other-fs-libraries.js:68:7:68:48 | path | provenance | | +| other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:68:14:68:37 | url.par ... , true) | provenance | Config | +| other-fs-libraries.js:73:8:73:11 | path | other-fs-libraries.js:75:15:75:15 | x | provenance | | +| other-fs-libraries.js:75:15:75:15 | x | other-fs-libraries.js:76:19:76:19 | x | provenance | | +| other-fs-libraries.js:81:7:81:48 | path | other-fs-libraries.js:83:16:83:19 | path | provenance | | +| other-fs-libraries.js:81:14:81:37 | url.par ... , true) | other-fs-libraries.js:81:14:81:43 | url.par ... ).query | provenance | Config | +| other-fs-libraries.js:81:14:81:43 | url.par ... ).query | other-fs-libraries.js:81:14:81:48 | url.par ... ry.path | provenance | Config | +| other-fs-libraries.js:81:14:81:48 | url.par ... ry.path | other-fs-libraries.js:81:7:81:48 | path | provenance | | +| other-fs-libraries.js:81:24:81:30 | req.url | other-fs-libraries.js:81:14:81:37 | url.par ... , true) | provenance | Config | +| prettier.js:6:11:6:28 | p | prettier.js:7:28:7:28 | p | provenance | | +| prettier.js:6:11:6:28 | p | prettier.js:11:44:11:44 | p | provenance | | +| prettier.js:6:13:6:13 | p | prettier.js:6:11:6:28 | p | provenance | | +| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:9:28:9:34 | tainted | provenance | | +| pupeteer.js:5:9:5:71 | tainted | pupeteer.js:13:37:13:43 | tainted | provenance | | +| pupeteer.js:5:19:5:71 | "dir/" ... t.data" | pupeteer.js:5:9:5:71 | tainted | provenance | | +| pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:5:19:5:71 | "dir/" ... t.data" | provenance | Config | +| sharedlib-repro.js:13:22:13:43 | req.par ... spaceId | sharedlib-repro.js:21:27:21:34 | filepath | provenance | | +| sharedlib-repro.js:21:27:21:34 | filepath | sharedlib-repro.js:22:18:22:25 | filepath | provenance | | +| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | provenance | | +| tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:10:33:10:36 | path | provenance | | +| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | tainted-access-paths.js:6:14:6:43 | url.par ... ).query | provenance | Config | +| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | provenance | Config | +| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | tainted-access-paths.js:6:7:6:48 | path | provenance | | +| tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:6:14:6:37 | url.par ... , true) | provenance | Config | +| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:12:19:12:21 | obj | provenance | | +| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:26:19:26:21 | obj | provenance | | +| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:29:21:29:23 | obj | provenance | | +| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:30:23:30:25 | obj | provenance | | +| tainted-access-paths.js:10:7:10:36 | obj | tainted-access-paths.js:31:23:31:25 | obj | provenance | | +| tainted-access-paths.js:10:33:10:36 | path | tainted-access-paths.js:10:7:10:36 | obj | provenance | | +| tainted-access-paths.js:12:19:12:21 | obj | tainted-access-paths.js:12:19:12:25 | obj.sub | provenance | Config | +| tainted-access-paths.js:26:19:26:21 | obj | tainted-access-paths.js:26:19:26:26 | obj.sub3 | provenance | Config | +| tainted-access-paths.js:29:21:29:23 | obj | tainted-access-paths.js:29:21:29:28 | obj.sub4 | provenance | Config | +| tainted-access-paths.js:30:23:30:25 | obj | tainted-access-paths.js:30:23:30:30 | obj.sub4 | provenance | Config | +| tainted-access-paths.js:31:23:31:25 | obj | tainted-access-paths.js:31:23:31:30 | obj.sub4 | provenance | Config | +| tainted-access-paths.js:39:7:39:48 | path | tainted-access-paths.js:40:23:40:26 | path | provenance | | +| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | tainted-access-paths.js:39:14:39:43 | url.par ... ).query | provenance | Config | +| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | provenance | Config | +| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | tainted-access-paths.js:39:7:39:48 | path | provenance | | +| tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:39:14:39:37 | url.par ... , true) | provenance | Config | +| tainted-access-paths.js:48:7:48:48 | path | tainted-access-paths.js:49:10:49:13 | path | provenance | | +| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | tainted-access-paths.js:48:14:48:43 | url.par ... ).query | provenance | Config | +| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | provenance | Config | +| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | tainted-access-paths.js:48:7:48:48 | path | provenance | | +| tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:48:14:48:37 | url.par ... , true) | provenance | Config | +| tainted-promise-steps.js:6:7:6:48 | path | tainted-promise-steps.js:7:26:7:29 | path | provenance | | +| tainted-promise-steps.js:6:14:6:37 | url.par ... , true) | tainted-promise-steps.js:6:14:6:43 | url.par ... ).query | provenance | Config | +| tainted-promise-steps.js:6:14:6:43 | url.par ... ).query | tainted-promise-steps.js:6:14:6:48 | url.par ... ry.path | provenance | Config | +| tainted-promise-steps.js:6:14:6:48 | url.par ... ry.path | tainted-promise-steps.js:6:7:6:48 | path | provenance | | +| tainted-promise-steps.js:6:24:6:30 | req.url | tainted-promise-steps.js:6:14:6:37 | url.par ... , true) | provenance | Config | +| tainted-promise-steps.js:7:10:7:30 | Promise ... e(path) [PromiseValue] | tainted-promise-steps.js:10:23:10:33 | pathPromise [PromiseValue] | provenance | | +| tainted-promise-steps.js:7:26:7:29 | path | tainted-promise-steps.js:7:10:7:30 | Promise ... e(path) [PromiseValue] | provenance | | +| tainted-promise-steps.js:10:23:10:33 | pathPromise [PromiseValue] | tainted-promise-steps.js:11:25:11:35 | pathPromise [PromiseValue] | provenance | | +| tainted-promise-steps.js:10:23:10:33 | pathPromise [PromiseValue] | tainted-promise-steps.js:12:3:12:13 | pathPromise [PromiseValue] | provenance | | +| tainted-promise-steps.js:11:25:11:35 | pathPromise [PromiseValue] | tainted-promise-steps.js:11:19:11:35 | await pathPromise | provenance | | +| tainted-promise-steps.js:12:3:12:13 | pathPromise [PromiseValue] | tainted-promise-steps.js:12:20:12:23 | path | provenance | | +| tainted-promise-steps.js:12:20:12:23 | path | tainted-promise-steps.js:12:44:12:47 | path | provenance | | +| tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | provenance | Config | +| tainted-sendFile.js:25:34:25:45 | req.params.x | tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | provenance | Config | +| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | provenance | | +| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | provenance | | +| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | provenance | | +| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:11:18:11:21 | path | provenance | | +| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:13:18:13:21 | path | provenance | | +| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:14:33:14:36 | path | provenance | | +| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:15:42:15:45 | path | provenance | | +| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:17:18:17:21 | path | provenance | | +| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:18:18:18:21 | path | provenance | | +| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:22:18:22:21 | path | provenance | | +| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:23:18:23:21 | path | provenance | | +| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:24:18:24:21 | path | provenance | | +| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:26:18:26:21 | path | provenance | | +| tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:27:18:27:21 | path | provenance | | +| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | tainted-string-steps.js:6:14:6:43 | url.par ... ).query | provenance | Config | +| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | provenance | Config | +| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | tainted-string-steps.js:6:7:6:48 | path | provenance | | +| tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:6:14:6:37 | url.par ... , true) | provenance | Config | +| tainted-string-steps.js:8:18:8:21 | path | tainted-string-steps.js:8:18:8:34 | path.substring(4) | provenance | Config | +| tainted-string-steps.js:9:18:9:21 | path | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | provenance | Config | +| tainted-string-steps.js:10:18:10:21 | path | tainted-string-steps.js:10:18:10:31 | path.substr(4) | provenance | Config | +| tainted-string-steps.js:11:18:11:21 | path | tainted-string-steps.js:11:18:11:30 | path.slice(4) | provenance | Config | +| tainted-string-steps.js:13:18:13:21 | path | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | provenance | Config | +| tainted-string-steps.js:14:33:14:36 | path | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | provenance | Config | +| tainted-string-steps.js:15:42:15:45 | path | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | provenance | Config | +| tainted-string-steps.js:17:18:17:21 | path | tainted-string-steps.js:17:18:17:28 | path.trim() | provenance | Config | +| tainted-string-steps.js:18:18:18:21 | path | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | provenance | Config | +| tainted-string-steps.js:22:18:22:21 | path | tainted-string-steps.js:22:18:22:32 | path.split('/') | provenance | Config | +| tainted-string-steps.js:22:18:22:32 | path.split('/') | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | provenance | Config | +| tainted-string-steps.js:23:18:23:21 | path | tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | provenance | Config | +| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | provenance | Config | +| tainted-string-steps.js:24:18:24:21 | path | tainted-string-steps.js:24:18:24:32 | path.split("?") | provenance | Config | +| tainted-string-steps.js:24:18:24:32 | path.split("?") | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | provenance | Config | +| tainted-string-steps.js:26:18:26:21 | path | tainted-string-steps.js:26:18:26:36 | path.split(unknown) | provenance | Config | +| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | provenance | Config | +| tainted-string-steps.js:27:18:27:21 | path | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | provenance | Config | +| torrents.js:5:6:5:38 | name | torrents.js:6:24:6:27 | name | provenance | | +| torrents.js:5:13:5:38 | parseTo ... t).name | torrents.js:5:6:5:38 | name | provenance | | +| torrents.js:6:6:6:45 | loc | torrents.js:7:25:7:27 | loc | provenance | | +| torrents.js:6:12:6:45 | dir + " ... t.data" | torrents.js:6:6:6:45 | loc | provenance | | +| torrents.js:6:24:6:27 | name | torrents.js:6:12:6:45 | dir + " ... t.data" | provenance | Config | +| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | provenance | | +| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | provenance | | +| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | provenance | | +| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | provenance | | +| typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | provenance | Config | +| typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | provenance | Config | +| typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | provenance | | +| typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | provenance | Config | +| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | provenance | | +| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | provenance | | +| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | provenance | | +| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | provenance | | +| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | provenance | | +| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | provenance | | +subpaths #select | TaintedPath-es6.js:10:26:10:45 | join("public", path) | TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:10:26:10:45 | join("public", path) | This path depends on a $@. | TaintedPath-es6.js:7:20:7:26 | req.url | user-provided value | | TaintedPath.js:12:29:12:32 | path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:12:29:12:32 | path | This path depends on a $@. | TaintedPath.js:9:24:9:30 | req.url | user-provided value | @@ -10600,11 +1053,13 @@ edges | other-fs-libraries.js:70:19:70:22 | path | other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:70:19:70:22 | path | This path depends on a $@. | other-fs-libraries.js:68:24:68:30 | req.url | user-provided value | | other-fs-libraries.js:71:10:71:13 | path | other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:71:10:71:13 | path | This path depends on a $@. | other-fs-libraries.js:68:24:68:30 | req.url | user-provided value | | other-fs-libraries.js:72:15:72:18 | path | other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:72:15:72:18 | path | This path depends on a $@. | other-fs-libraries.js:68:24:68:30 | req.url | user-provided value | -| other-fs-libraries.js:79:16:79:19 | path | other-fs-libraries.js:77:24:77:30 | req.url | other-fs-libraries.js:79:16:79:19 | path | This path depends on a $@. | other-fs-libraries.js:77:24:77:30 | req.url | user-provided value | +| other-fs-libraries.js:76:19:76:19 | x | other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:76:19:76:19 | x | This path depends on a $@. | other-fs-libraries.js:68:24:68:30 | req.url | user-provided value | +| other-fs-libraries.js:83:16:83:19 | path | other-fs-libraries.js:81:24:81:30 | req.url | other-fs-libraries.js:83:16:83:19 | path | This path depends on a $@. | other-fs-libraries.js:81:24:81:30 | req.url | user-provided value | | prettier.js:7:28:7:28 | p | prettier.js:6:13:6:13 | p | prettier.js:7:28:7:28 | p | This path depends on a $@. | prettier.js:6:13:6:13 | p | user-provided value | | prettier.js:11:44:11:44 | p | prettier.js:6:13:6:13 | p | prettier.js:11:44:11:44 | p | This path depends on a $@. | prettier.js:6:13:6:13 | p | user-provided value | | pupeteer.js:9:28:9:34 | tainted | pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:9:28:9:34 | tainted | This path depends on a $@. | pupeteer.js:5:28:5:53 | parseTo ... t).name | user-provided value | | pupeteer.js:13:37:13:43 | tainted | pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:13:37:13:43 | tainted | This path depends on a $@. | pupeteer.js:5:28:5:53 | parseTo ... t).name | user-provided value | +| sharedlib-repro.js:22:18:22:25 | filepath | sharedlib-repro.js:13:22:13:43 | req.par ... spaceId | sharedlib-repro.js:22:18:22:25 | filepath | This path depends on a $@. | sharedlib-repro.js:13:22:13:43 | req.par ... spaceId | user-provided value | | tainted-access-paths.js:8:19:8:22 | path | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:8:19:8:22 | path | This path depends on a $@. | tainted-access-paths.js:6:24:6:30 | req.url | user-provided value | | tainted-access-paths.js:12:19:12:25 | obj.sub | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:12:19:12:25 | obj.sub | This path depends on a $@. | tainted-access-paths.js:6:24:6:30 | req.url | user-provided value | | tainted-access-paths.js:26:19:26:26 | obj.sub3 | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:26:19:26:26 | obj.sub3 | This path depends on a $@. | tainted-access-paths.js:6:24:6:30 | req.url | user-provided value | @@ -10613,6 +1068,8 @@ edges | tainted-access-paths.js:31:23:31:30 | obj.sub4 | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:31:23:31:30 | obj.sub4 | This path depends on a $@. | tainted-access-paths.js:6:24:6:30 | req.url | user-provided value | | tainted-access-paths.js:40:23:40:26 | path | tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:40:23:40:26 | path | This path depends on a $@. | tainted-access-paths.js:39:24:39:30 | req.url | user-provided value | | tainted-access-paths.js:49:10:49:13 | path | tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:49:10:49:13 | path | This path depends on a $@. | tainted-access-paths.js:48:24:48:30 | req.url | user-provided value | +| tainted-promise-steps.js:11:19:11:35 | await pathPromise | tainted-promise-steps.js:6:24:6:30 | req.url | tainted-promise-steps.js:11:19:11:35 | await pathPromise | This path depends on a $@. | tainted-promise-steps.js:6:24:6:30 | req.url | user-provided value | +| tainted-promise-steps.js:12:44:12:47 | path | tainted-promise-steps.js:6:24:6:30 | req.url | tainted-promise-steps.js:12:44:12:47 | path | This path depends on a $@. | tainted-promise-steps.js:6:24:6:30 | req.url | user-provided value | | tainted-require.js:7:19:7:37 | req.param("module") | tainted-require.js:7:19:7:37 | req.param("module") | tainted-require.js:7:19:7:37 | req.param("module") | This path depends on a $@. | tainted-require.js:7:19:7:37 | req.param("module") | user-provided value | | tainted-require.js:12:29:12:47 | req.param("module") | tainted-require.js:12:29:12:47 | req.param("module") | tainted-require.js:12:29:12:47 | req.param("module") | This path depends on a $@. | tainted-require.js:12:29:12:47 | req.param("module") | user-provided value | | tainted-require.js:14:11:14:29 | req.param("module") | tainted-require.js:14:11:14:29 | req.param("module") | tainted-require.js:14:11:14:29 | req.param("module") | This path depends on a $@. | tainted-require.js:14:11:14:29 | req.param("module") | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/other-fs-libraries.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/other-fs-libraries.js index 1a618105226b..1dac13246c6f 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/other-fs-libraries.js +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/other-fs-libraries.js @@ -70,7 +70,11 @@ http.createServer(function(req, res) { fs.readFileSync(path); // NOT OK mkdirp(path); // NOT OK mkdirp.sync(path); // NOT OK + func(path); }); +function func(x) { + fs.readFileSync(x); // NOT OK +} const fsp = require("fs/promises"); http.createServer(function(req, res) { diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/sharedlib-repro.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/sharedlib-repro.js new file mode 100644 index 000000000000..eebc95348ba6 --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/sharedlib-repro.js @@ -0,0 +1,35 @@ +const fs = require('fs'); +const express = require('express'); +const app = express(); + +app.get('/', function (req, res) { + getTree(req, res, { workspaceDir: '/tmp' }); +}); + +function getTree(req, res, options) { + var workspaceId = req.params.workspaceId; + var realfileRootPath = workspaceId; // getfileRoot(workspaceId); + var filePath = workspaceId; // path.join(options.workspaceDir,realfileRootPath, req.params["0"]); + withStatsAndETag(req.params.workspaceId, function (err, stats, etag) {}); +} + +function getfileRoot(workspaceId) { + var userId = decodeUserIdFromWorkspaceId(workspaceId); + return path.join(userId.substring(0,2), userId, decodeWorkspaceNameFromWorkspaceId(workspaceId)); +} + +function withStatsAndETag(filepath, callback) { + fs.readFileSync(filepath); // NOT OK +}; + +function decodeUserIdFromWorkspaceId(workspaceId) { + var index = workspaceId.lastIndexOf(SEPARATOR); + if (index === -1) return null; + return workspaceId.substring(0, index); +} + +function decodeWorkspaceNameFromWorkspaceId(workspaceId) { + var index = workspaceId.lastIndexOf(SEPARATOR); + if (index === -1) return null; + return workspaceId.substring(index + 1); +} diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-promise-steps.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-promise-steps.js new file mode 100644 index 000000000000..49c5fa78fe8d --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-promise-steps.js @@ -0,0 +1,15 @@ +var fs = require('fs'), + http = require('http'), + url = require('url'); + +var server = http.createServer(function(req, res) { + let path = url.parse(req.url, true).query.path; + doRead(Promise.resolve(path)); +}); + +async function doRead(pathPromise) { + fs.readFileSync(await pathPromise); // NOT OK + pathPromise.then(path => fs.readFileSync(path)); // NO TOK +} + +server.listen(); diff --git a/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlip.expected b/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlip.expected index 253bca10b039..67e38f937ba0 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlip.expected +++ b/javascript/ql/test/query-tests/Security/CWE-022/ZipSlip/ZipSlip.expected @@ -1,130 +1,42 @@ nodes -| AdmZipBad.js:6:24:6:41 | zipEntry.entryName | -| AdmZipBad.js:6:24:6:41 | zipEntry.entryName | -| AdmZipBad.js:6:24:6:41 | zipEntry.entryName | -| AdmZipBad.js:6:24:6:41 | zipEntry.entryName | -| TarSlipBad.js:6:36:6:46 | header.name | -| TarSlipBad.js:6:36:6:46 | header.name | -| TarSlipBad.js:6:36:6:46 | header.name | -| TarSlipBad.js:6:36:6:46 | header.name | -| TarSlipBad.js:9:17:9:31 | header.linkname | -| TarSlipBad.js:9:17:9:31 | header.linkname | -| TarSlipBad.js:9:17:9:31 | header.linkname | -| TarSlipBad.js:9:17:9:31 | header.linkname | -| ZipSlipBad2.js:5:9:5:46 | fileName | -| ZipSlipBad2.js:5:9:5:46 | fileName | -| ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path | -| ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path | -| ZipSlipBad2.js:5:37:5:46 | entry.path | -| ZipSlipBad2.js:5:37:5:46 | entry.path | -| ZipSlipBad2.js:5:37:5:46 | entry.path | -| ZipSlipBad2.js:6:22:6:29 | fileName | -| ZipSlipBad2.js:6:22:6:29 | fileName | -| ZipSlipBad2.js:6:22:6:29 | fileName | -| ZipSlipBad.js:7:11:7:31 | fileName | -| ZipSlipBad.js:7:11:7:31 | fileName | -| ZipSlipBad.js:7:22:7:31 | entry.path | -| ZipSlipBad.js:7:22:7:31 | entry.path | -| ZipSlipBad.js:7:22:7:31 | entry.path | -| ZipSlipBad.js:8:37:8:44 | fileName | -| ZipSlipBad.js:8:37:8:44 | fileName | -| ZipSlipBad.js:8:37:8:44 | fileName | -| ZipSlipBad.js:15:11:15:31 | fileName | -| ZipSlipBad.js:15:11:15:31 | fileName | -| ZipSlipBad.js:15:22:15:31 | entry.path | -| ZipSlipBad.js:15:22:15:31 | entry.path | -| ZipSlipBad.js:15:22:15:31 | entry.path | -| ZipSlipBad.js:16:30:16:37 | fileName | -| ZipSlipBad.js:16:30:16:37 | fileName | -| ZipSlipBad.js:16:30:16:37 | fileName | -| ZipSlipBad.js:22:11:22:31 | fileName | -| ZipSlipBad.js:22:11:22:31 | fileName | -| ZipSlipBad.js:22:22:22:31 | entry.path | -| ZipSlipBad.js:22:22:22:31 | entry.path | -| ZipSlipBad.js:22:22:22:31 | entry.path | -| ZipSlipBad.js:23:28:23:35 | fileName | -| ZipSlipBad.js:23:28:23:35 | fileName | -| ZipSlipBad.js:23:28:23:35 | fileName | -| ZipSlipBad.js:30:14:30:17 | name | -| ZipSlipBad.js:30:14:30:17 | name | -| ZipSlipBad.js:30:14:30:17 | name | -| ZipSlipBad.js:31:26:31:29 | name | -| ZipSlipBad.js:31:26:31:29 | name | -| ZipSlipBad.js:31:26:31:29 | name | -| ZipSlipBad.js:34:16:34:19 | name | -| ZipSlipBad.js:34:16:34:19 | name | -| ZipSlipBad.js:34:16:34:19 | name | -| ZipSlipBad.js:35:26:35:29 | name | -| ZipSlipBad.js:35:26:35:29 | name | -| ZipSlipBad.js:35:26:35:29 | name | -| ZipSlipBadUnzipper.js:7:9:7:29 | fileName | -| ZipSlipBadUnzipper.js:7:9:7:29 | fileName | -| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | -| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | -| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | -| ZipSlipBadUnzipper.js:8:37:8:44 | fileName | -| ZipSlipBadUnzipper.js:8:37:8:44 | fileName | -| ZipSlipBadUnzipper.js:8:37:8:44 | fileName | +| AdmZipBad.js:6:24:6:41 | zipEntry.entryName | semmle.label | zipEntry.entryName | +| TarSlipBad.js:6:36:6:46 | header.name | semmle.label | header.name | +| TarSlipBad.js:9:17:9:31 | header.linkname | semmle.label | header.linkname | +| ZipSlipBad2.js:5:9:5:46 | fileName | semmle.label | fileName | +| ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path | semmle.label | 'output ... ry.path | +| ZipSlipBad2.js:5:37:5:46 | entry.path | semmle.label | entry.path | +| ZipSlipBad2.js:6:22:6:29 | fileName | semmle.label | fileName | +| ZipSlipBad.js:7:11:7:31 | fileName | semmle.label | fileName | +| ZipSlipBad.js:7:22:7:31 | entry.path | semmle.label | entry.path | +| ZipSlipBad.js:8:37:8:44 | fileName | semmle.label | fileName | +| ZipSlipBad.js:15:11:15:31 | fileName | semmle.label | fileName | +| ZipSlipBad.js:15:22:15:31 | entry.path | semmle.label | entry.path | +| ZipSlipBad.js:16:30:16:37 | fileName | semmle.label | fileName | +| ZipSlipBad.js:22:11:22:31 | fileName | semmle.label | fileName | +| ZipSlipBad.js:22:22:22:31 | entry.path | semmle.label | entry.path | +| ZipSlipBad.js:23:28:23:35 | fileName | semmle.label | fileName | +| ZipSlipBad.js:30:14:30:17 | name | semmle.label | name | +| ZipSlipBad.js:31:26:31:29 | name | semmle.label | name | +| ZipSlipBad.js:34:16:34:19 | name | semmle.label | name | +| ZipSlipBad.js:35:26:35:29 | name | semmle.label | name | +| ZipSlipBadUnzipper.js:7:9:7:29 | fileName | semmle.label | fileName | +| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | semmle.label | entry.path | +| ZipSlipBadUnzipper.js:8:37:8:44 | fileName | semmle.label | fileName | edges -| AdmZipBad.js:6:24:6:41 | zipEntry.entryName | AdmZipBad.js:6:24:6:41 | zipEntry.entryName | -| TarSlipBad.js:6:36:6:46 | header.name | TarSlipBad.js:6:36:6:46 | header.name | -| TarSlipBad.js:9:17:9:31 | header.linkname | TarSlipBad.js:9:17:9:31 | header.linkname | -| ZipSlipBad2.js:5:9:5:46 | fileName | ZipSlipBad2.js:6:22:6:29 | fileName | -| ZipSlipBad2.js:5:9:5:46 | fileName | ZipSlipBad2.js:6:22:6:29 | fileName | -| ZipSlipBad2.js:5:9:5:46 | fileName | ZipSlipBad2.js:6:22:6:29 | fileName | -| ZipSlipBad2.js:5:9:5:46 | fileName | ZipSlipBad2.js:6:22:6:29 | fileName | -| ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path | ZipSlipBad2.js:5:9:5:46 | fileName | -| ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path | ZipSlipBad2.js:5:9:5:46 | fileName | -| ZipSlipBad2.js:5:37:5:46 | entry.path | ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path | -| ZipSlipBad2.js:5:37:5:46 | entry.path | ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path | -| ZipSlipBad2.js:5:37:5:46 | entry.path | ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path | -| ZipSlipBad2.js:5:37:5:46 | entry.path | ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path | -| ZipSlipBad.js:7:11:7:31 | fileName | ZipSlipBad.js:8:37:8:44 | fileName | -| ZipSlipBad.js:7:11:7:31 | fileName | ZipSlipBad.js:8:37:8:44 | fileName | -| ZipSlipBad.js:7:11:7:31 | fileName | ZipSlipBad.js:8:37:8:44 | fileName | -| ZipSlipBad.js:7:11:7:31 | fileName | ZipSlipBad.js:8:37:8:44 | fileName | -| ZipSlipBad.js:7:22:7:31 | entry.path | ZipSlipBad.js:7:11:7:31 | fileName | -| ZipSlipBad.js:7:22:7:31 | entry.path | ZipSlipBad.js:7:11:7:31 | fileName | -| ZipSlipBad.js:7:22:7:31 | entry.path | ZipSlipBad.js:7:11:7:31 | fileName | -| ZipSlipBad.js:7:22:7:31 | entry.path | ZipSlipBad.js:7:11:7:31 | fileName | -| ZipSlipBad.js:15:11:15:31 | fileName | ZipSlipBad.js:16:30:16:37 | fileName | -| ZipSlipBad.js:15:11:15:31 | fileName | ZipSlipBad.js:16:30:16:37 | fileName | -| ZipSlipBad.js:15:11:15:31 | fileName | ZipSlipBad.js:16:30:16:37 | fileName | -| ZipSlipBad.js:15:11:15:31 | fileName | ZipSlipBad.js:16:30:16:37 | fileName | -| ZipSlipBad.js:15:22:15:31 | entry.path | ZipSlipBad.js:15:11:15:31 | fileName | -| ZipSlipBad.js:15:22:15:31 | entry.path | ZipSlipBad.js:15:11:15:31 | fileName | -| ZipSlipBad.js:15:22:15:31 | entry.path | ZipSlipBad.js:15:11:15:31 | fileName | -| ZipSlipBad.js:15:22:15:31 | entry.path | ZipSlipBad.js:15:11:15:31 | fileName | -| ZipSlipBad.js:22:11:22:31 | fileName | ZipSlipBad.js:23:28:23:35 | fileName | -| ZipSlipBad.js:22:11:22:31 | fileName | ZipSlipBad.js:23:28:23:35 | fileName | -| ZipSlipBad.js:22:11:22:31 | fileName | ZipSlipBad.js:23:28:23:35 | fileName | -| ZipSlipBad.js:22:11:22:31 | fileName | ZipSlipBad.js:23:28:23:35 | fileName | -| ZipSlipBad.js:22:22:22:31 | entry.path | ZipSlipBad.js:22:11:22:31 | fileName | -| ZipSlipBad.js:22:22:22:31 | entry.path | ZipSlipBad.js:22:11:22:31 | fileName | -| ZipSlipBad.js:22:22:22:31 | entry.path | ZipSlipBad.js:22:11:22:31 | fileName | -| ZipSlipBad.js:22:22:22:31 | entry.path | ZipSlipBad.js:22:11:22:31 | fileName | -| ZipSlipBad.js:30:14:30:17 | name | ZipSlipBad.js:31:26:31:29 | name | -| ZipSlipBad.js:30:14:30:17 | name | ZipSlipBad.js:31:26:31:29 | name | -| ZipSlipBad.js:30:14:30:17 | name | ZipSlipBad.js:31:26:31:29 | name | -| ZipSlipBad.js:30:14:30:17 | name | ZipSlipBad.js:31:26:31:29 | name | -| ZipSlipBad.js:30:14:30:17 | name | ZipSlipBad.js:31:26:31:29 | name | -| ZipSlipBad.js:30:14:30:17 | name | ZipSlipBad.js:31:26:31:29 | name | -| ZipSlipBad.js:30:14:30:17 | name | ZipSlipBad.js:31:26:31:29 | name | -| ZipSlipBad.js:34:16:34:19 | name | ZipSlipBad.js:35:26:35:29 | name | -| ZipSlipBad.js:34:16:34:19 | name | ZipSlipBad.js:35:26:35:29 | name | -| ZipSlipBad.js:34:16:34:19 | name | ZipSlipBad.js:35:26:35:29 | name | -| ZipSlipBad.js:34:16:34:19 | name | ZipSlipBad.js:35:26:35:29 | name | -| ZipSlipBad.js:34:16:34:19 | name | ZipSlipBad.js:35:26:35:29 | name | -| ZipSlipBad.js:34:16:34:19 | name | ZipSlipBad.js:35:26:35:29 | name | -| ZipSlipBad.js:34:16:34:19 | name | ZipSlipBad.js:35:26:35:29 | name | -| ZipSlipBadUnzipper.js:7:9:7:29 | fileName | ZipSlipBadUnzipper.js:8:37:8:44 | fileName | -| ZipSlipBadUnzipper.js:7:9:7:29 | fileName | ZipSlipBadUnzipper.js:8:37:8:44 | fileName | -| ZipSlipBadUnzipper.js:7:9:7:29 | fileName | ZipSlipBadUnzipper.js:8:37:8:44 | fileName | -| ZipSlipBadUnzipper.js:7:9:7:29 | fileName | ZipSlipBadUnzipper.js:8:37:8:44 | fileName | -| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | ZipSlipBadUnzipper.js:7:9:7:29 | fileName | -| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | ZipSlipBadUnzipper.js:7:9:7:29 | fileName | -| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | ZipSlipBadUnzipper.js:7:9:7:29 | fileName | -| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | ZipSlipBadUnzipper.js:7:9:7:29 | fileName | +| ZipSlipBad2.js:5:9:5:46 | fileName | ZipSlipBad2.js:6:22:6:29 | fileName | provenance | | +| ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path | ZipSlipBad2.js:5:9:5:46 | fileName | provenance | | +| ZipSlipBad2.js:5:37:5:46 | entry.path | ZipSlipBad2.js:5:20:5:46 | 'output ... ry.path | provenance | Config | +| ZipSlipBad.js:7:11:7:31 | fileName | ZipSlipBad.js:8:37:8:44 | fileName | provenance | | +| ZipSlipBad.js:7:22:7:31 | entry.path | ZipSlipBad.js:7:11:7:31 | fileName | provenance | | +| ZipSlipBad.js:15:11:15:31 | fileName | ZipSlipBad.js:16:30:16:37 | fileName | provenance | | +| ZipSlipBad.js:15:22:15:31 | entry.path | ZipSlipBad.js:15:11:15:31 | fileName | provenance | | +| ZipSlipBad.js:22:11:22:31 | fileName | ZipSlipBad.js:23:28:23:35 | fileName | provenance | | +| ZipSlipBad.js:22:22:22:31 | entry.path | ZipSlipBad.js:22:11:22:31 | fileName | provenance | | +| ZipSlipBad.js:30:14:30:17 | name | ZipSlipBad.js:31:26:31:29 | name | provenance | | +| ZipSlipBad.js:34:16:34:19 | name | ZipSlipBad.js:35:26:35:29 | name | provenance | | +| ZipSlipBadUnzipper.js:7:9:7:29 | fileName | ZipSlipBadUnzipper.js:8:37:8:44 | fileName | provenance | | +| ZipSlipBadUnzipper.js:7:20:7:29 | entry.path | ZipSlipBadUnzipper.js:7:9:7:29 | fileName | provenance | | +subpaths #select | AdmZipBad.js:6:24:6:41 | zipEntry.entryName | AdmZipBad.js:6:24:6:41 | zipEntry.entryName | AdmZipBad.js:6:24:6:41 | zipEntry.entryName | Unsanitized archive entry, which may contain '..', is used in a $@. | AdmZipBad.js:6:24:6:41 | zipEntry.entryName | file system operation | | TarSlipBad.js:6:36:6:46 | header.name | TarSlipBad.js:6:36:6:46 | header.name | TarSlipBad.js:6:36:6:46 | header.name | Unsanitized archive entry, which may contain '..', is used in a $@. | TarSlipBad.js:6:36:6:46 | header.name | file system operation | diff --git a/javascript/ql/test/query-tests/Security/CWE-073/TemplateObjectInjection.expected b/javascript/ql/test/query-tests/Security/CWE-073/TemplateObjectInjection.expected index eee80b295923..8be388d5ad97 100644 --- a/javascript/ql/test/query-tests/Security/CWE-073/TemplateObjectInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-073/TemplateObjectInjection.expected @@ -1,112 +1,70 @@ nodes -| routes.js:2:23:2:30 | req.body | -| routes.js:2:23:2:30 | req.body | -| routes.js:2:23:2:30 | req.body | -| tst2.js:6:9:6:46 | bodyParameter | -| tst2.js:6:25:6:32 | req.body | -| tst2.js:6:25:6:32 | req.body | -| tst2.js:6:25:6:46 | req.bod ... rameter | -| tst2.js:7:28:7:40 | bodyParameter | -| tst2.js:7:28:7:40 | bodyParameter | -| tst2.js:26:9:26:46 | bodyParameter | -| tst2.js:26:25:26:32 | req.body | -| tst2.js:26:25:26:32 | req.body | -| tst2.js:26:25:26:46 | req.bod ... rameter | -| tst2.js:27:28:27:40 | bodyParameter | -| tst2.js:27:28:27:40 | bodyParameter | -| tst2.js:34:9:34:46 | bodyParameter | -| tst2.js:34:25:34:32 | req.body | -| tst2.js:34:25:34:32 | req.body | -| tst2.js:34:25:34:46 | req.bod ... rameter | -| tst2.js:35:28:35:40 | bodyParameter | -| tst2.js:35:28:35:40 | bodyParameter | -| tst2.js:42:9:42:46 | bodyParameter | -| tst2.js:42:25:42:32 | req.body | -| tst2.js:42:25:42:32 | req.body | -| tst2.js:42:25:42:46 | req.bod ... rameter | -| tst2.js:43:28:43:40 | bodyParameter | -| tst2.js:43:28:43:40 | bodyParameter | -| tst2.js:51:9:51:46 | bodyParameter | -| tst2.js:51:25:51:32 | req.body | -| tst2.js:51:25:51:32 | req.body | -| tst2.js:51:25:51:46 | req.bod ... rameter | -| tst2.js:52:28:52:40 | bodyParameter | -| tst2.js:52:28:52:40 | bodyParameter | -| tst.js:7:9:7:46 | bodyParameter | -| tst.js:7:25:7:32 | req.body | -| tst.js:7:25:7:32 | req.body | -| tst.js:7:25:7:46 | req.bod ... rameter | -| tst.js:8:9:8:49 | queryParameter | -| tst.js:8:9:8:49 | queryParameter | -| tst.js:8:26:8:49 | req.que ... rameter | -| tst.js:8:26:8:49 | req.que ... rameter | -| tst.js:8:26:8:49 | req.que ... rameter | -| tst.js:10:28:10:40 | bodyParameter | -| tst.js:10:28:10:40 | bodyParameter | -| tst.js:11:28:11:41 | queryParameter | -| tst.js:11:28:11:41 | queryParameter | -| tst.js:20:19:20:32 | queryParameter | -| tst.js:20:19:20:32 | queryParameter | -| tst.js:23:24:23:26 | obj | -| tst.js:23:24:23:26 | obj | -| tst.js:24:28:24:30 | obj | -| tst.js:24:28:24:30 | obj | -| tst.js:26:11:26:24 | str | -| tst.js:26:17:26:19 | obj | -| tst.js:26:17:26:24 | obj + "" | -| tst.js:29:28:29:42 | JSON.parse(str) | -| tst.js:29:28:29:42 | JSON.parse(str) | -| tst.js:29:39:29:41 | str | +| routes.js:2:23:2:30 | req.body | semmle.label | req.body | +| tst2.js:6:9:6:46 | bodyParameter | semmle.label | bodyParameter | +| tst2.js:6:25:6:32 | req.body | semmle.label | req.body | +| tst2.js:6:25:6:46 | req.bod ... rameter | semmle.label | req.bod ... rameter | +| tst2.js:7:28:7:40 | bodyParameter | semmle.label | bodyParameter | +| tst2.js:26:9:26:46 | bodyParameter | semmle.label | bodyParameter | +| tst2.js:26:25:26:32 | req.body | semmle.label | req.body | +| tst2.js:26:25:26:46 | req.bod ... rameter | semmle.label | req.bod ... rameter | +| tst2.js:27:28:27:40 | bodyParameter | semmle.label | bodyParameter | +| tst2.js:34:9:34:46 | bodyParameter | semmle.label | bodyParameter | +| tst2.js:34:25:34:32 | req.body | semmle.label | req.body | +| tst2.js:34:25:34:46 | req.bod ... rameter | semmle.label | req.bod ... rameter | +| tst2.js:35:28:35:40 | bodyParameter | semmle.label | bodyParameter | +| tst2.js:42:9:42:46 | bodyParameter | semmle.label | bodyParameter | +| tst2.js:42:25:42:32 | req.body | semmle.label | req.body | +| tst2.js:42:25:42:46 | req.bod ... rameter | semmle.label | req.bod ... rameter | +| tst2.js:43:28:43:40 | bodyParameter | semmle.label | bodyParameter | +| tst2.js:51:9:51:46 | bodyParameter | semmle.label | bodyParameter | +| tst2.js:51:25:51:32 | req.body | semmle.label | req.body | +| tst2.js:51:25:51:46 | req.bod ... rameter | semmle.label | req.bod ... rameter | +| tst2.js:52:28:52:40 | bodyParameter | semmle.label | bodyParameter | +| tst.js:7:9:7:46 | bodyParameter | semmle.label | bodyParameter | +| tst.js:7:25:7:32 | req.body | semmle.label | req.body | +| tst.js:7:25:7:46 | req.bod ... rameter | semmle.label | req.bod ... rameter | +| tst.js:8:9:8:49 | queryParameter | semmle.label | queryParameter | +| tst.js:8:26:8:49 | req.que ... rameter | semmle.label | req.que ... rameter | +| tst.js:10:28:10:40 | bodyParameter | semmle.label | bodyParameter | +| tst.js:11:28:11:41 | queryParameter | semmle.label | queryParameter | +| tst.js:20:19:20:32 | queryParameter | semmle.label | queryParameter | +| tst.js:23:24:23:26 | obj | semmle.label | obj | +| tst.js:24:28:24:30 | obj | semmle.label | obj | +| tst.js:26:11:26:24 | str | semmle.label | str | +| tst.js:26:17:26:19 | obj | semmle.label | obj | +| tst.js:26:17:26:24 | obj + "" | semmle.label | obj + "" | +| tst.js:29:28:29:42 | JSON.parse(str) | semmle.label | JSON.parse(str) | +| tst.js:29:39:29:41 | str | semmle.label | str | edges -| routes.js:2:23:2:30 | req.body | routes.js:2:23:2:30 | req.body | -| tst2.js:6:9:6:46 | bodyParameter | tst2.js:7:28:7:40 | bodyParameter | -| tst2.js:6:9:6:46 | bodyParameter | tst2.js:7:28:7:40 | bodyParameter | -| tst2.js:6:25:6:32 | req.body | tst2.js:6:25:6:46 | req.bod ... rameter | -| tst2.js:6:25:6:32 | req.body | tst2.js:6:25:6:46 | req.bod ... rameter | -| tst2.js:6:25:6:46 | req.bod ... rameter | tst2.js:6:9:6:46 | bodyParameter | -| tst2.js:26:9:26:46 | bodyParameter | tst2.js:27:28:27:40 | bodyParameter | -| tst2.js:26:9:26:46 | bodyParameter | tst2.js:27:28:27:40 | bodyParameter | -| tst2.js:26:25:26:32 | req.body | tst2.js:26:25:26:46 | req.bod ... rameter | -| tst2.js:26:25:26:32 | req.body | tst2.js:26:25:26:46 | req.bod ... rameter | -| tst2.js:26:25:26:46 | req.bod ... rameter | tst2.js:26:9:26:46 | bodyParameter | -| tst2.js:34:9:34:46 | bodyParameter | tst2.js:35:28:35:40 | bodyParameter | -| tst2.js:34:9:34:46 | bodyParameter | tst2.js:35:28:35:40 | bodyParameter | -| tst2.js:34:25:34:32 | req.body | tst2.js:34:25:34:46 | req.bod ... rameter | -| tst2.js:34:25:34:32 | req.body | tst2.js:34:25:34:46 | req.bod ... rameter | -| tst2.js:34:25:34:46 | req.bod ... rameter | tst2.js:34:9:34:46 | bodyParameter | -| tst2.js:42:9:42:46 | bodyParameter | tst2.js:43:28:43:40 | bodyParameter | -| tst2.js:42:9:42:46 | bodyParameter | tst2.js:43:28:43:40 | bodyParameter | -| tst2.js:42:25:42:32 | req.body | tst2.js:42:25:42:46 | req.bod ... rameter | -| tst2.js:42:25:42:32 | req.body | tst2.js:42:25:42:46 | req.bod ... rameter | -| tst2.js:42:25:42:46 | req.bod ... rameter | tst2.js:42:9:42:46 | bodyParameter | -| tst2.js:51:9:51:46 | bodyParameter | tst2.js:52:28:52:40 | bodyParameter | -| tst2.js:51:9:51:46 | bodyParameter | tst2.js:52:28:52:40 | bodyParameter | -| tst2.js:51:25:51:32 | req.body | tst2.js:51:25:51:46 | req.bod ... rameter | -| tst2.js:51:25:51:32 | req.body | tst2.js:51:25:51:46 | req.bod ... rameter | -| tst2.js:51:25:51:46 | req.bod ... rameter | tst2.js:51:9:51:46 | bodyParameter | -| tst.js:7:9:7:46 | bodyParameter | tst.js:10:28:10:40 | bodyParameter | -| tst.js:7:9:7:46 | bodyParameter | tst.js:10:28:10:40 | bodyParameter | -| tst.js:7:25:7:32 | req.body | tst.js:7:25:7:46 | req.bod ... rameter | -| tst.js:7:25:7:32 | req.body | tst.js:7:25:7:46 | req.bod ... rameter | -| tst.js:7:25:7:46 | req.bod ... rameter | tst.js:7:9:7:46 | bodyParameter | -| tst.js:8:9:8:49 | queryParameter | tst.js:11:28:11:41 | queryParameter | -| tst.js:8:9:8:49 | queryParameter | tst.js:11:28:11:41 | queryParameter | -| tst.js:8:9:8:49 | queryParameter | tst.js:20:19:20:32 | queryParameter | -| tst.js:8:9:8:49 | queryParameter | tst.js:20:19:20:32 | queryParameter | -| tst.js:8:26:8:49 | req.que ... rameter | tst.js:8:9:8:49 | queryParameter | -| tst.js:8:26:8:49 | req.que ... rameter | tst.js:8:9:8:49 | queryParameter | -| tst.js:8:26:8:49 | req.que ... rameter | tst.js:8:9:8:49 | queryParameter | -| tst.js:8:26:8:49 | req.que ... rameter | tst.js:8:9:8:49 | queryParameter | -| tst.js:20:19:20:32 | queryParameter | tst.js:23:24:23:26 | obj | -| tst.js:20:19:20:32 | queryParameter | tst.js:23:24:23:26 | obj | -| tst.js:23:24:23:26 | obj | tst.js:24:28:24:30 | obj | -| tst.js:23:24:23:26 | obj | tst.js:24:28:24:30 | obj | -| tst.js:23:24:23:26 | obj | tst.js:26:17:26:19 | obj | -| tst.js:26:11:26:24 | str | tst.js:29:39:29:41 | str | -| tst.js:26:17:26:19 | obj | tst.js:26:17:26:24 | obj + "" | -| tst.js:26:17:26:24 | obj + "" | tst.js:26:11:26:24 | str | -| tst.js:29:39:29:41 | str | tst.js:29:28:29:42 | JSON.parse(str) | -| tst.js:29:39:29:41 | str | tst.js:29:28:29:42 | JSON.parse(str) | +| tst2.js:6:9:6:46 | bodyParameter | tst2.js:7:28:7:40 | bodyParameter | provenance | | +| tst2.js:6:25:6:32 | req.body | tst2.js:6:25:6:46 | req.bod ... rameter | provenance | Config | +| tst2.js:6:25:6:46 | req.bod ... rameter | tst2.js:6:9:6:46 | bodyParameter | provenance | | +| tst2.js:26:9:26:46 | bodyParameter | tst2.js:27:28:27:40 | bodyParameter | provenance | | +| tst2.js:26:25:26:32 | req.body | tst2.js:26:25:26:46 | req.bod ... rameter | provenance | Config | +| tst2.js:26:25:26:46 | req.bod ... rameter | tst2.js:26:9:26:46 | bodyParameter | provenance | | +| tst2.js:34:9:34:46 | bodyParameter | tst2.js:35:28:35:40 | bodyParameter | provenance | | +| tst2.js:34:25:34:32 | req.body | tst2.js:34:25:34:46 | req.bod ... rameter | provenance | Config | +| tst2.js:34:25:34:46 | req.bod ... rameter | tst2.js:34:9:34:46 | bodyParameter | provenance | | +| tst2.js:42:9:42:46 | bodyParameter | tst2.js:43:28:43:40 | bodyParameter | provenance | | +| tst2.js:42:25:42:32 | req.body | tst2.js:42:25:42:46 | req.bod ... rameter | provenance | Config | +| tst2.js:42:25:42:46 | req.bod ... rameter | tst2.js:42:9:42:46 | bodyParameter | provenance | | +| tst2.js:51:9:51:46 | bodyParameter | tst2.js:52:28:52:40 | bodyParameter | provenance | | +| tst2.js:51:25:51:32 | req.body | tst2.js:51:25:51:46 | req.bod ... rameter | provenance | Config | +| tst2.js:51:25:51:46 | req.bod ... rameter | tst2.js:51:9:51:46 | bodyParameter | provenance | | +| tst.js:7:9:7:46 | bodyParameter | tst.js:10:28:10:40 | bodyParameter | provenance | | +| tst.js:7:25:7:32 | req.body | tst.js:7:25:7:46 | req.bod ... rameter | provenance | Config | +| tst.js:7:25:7:46 | req.bod ... rameter | tst.js:7:9:7:46 | bodyParameter | provenance | | +| tst.js:8:9:8:49 | queryParameter | tst.js:11:28:11:41 | queryParameter | provenance | | +| tst.js:8:9:8:49 | queryParameter | tst.js:20:19:20:32 | queryParameter | provenance | | +| tst.js:8:26:8:49 | req.que ... rameter | tst.js:8:9:8:49 | queryParameter | provenance | | +| tst.js:20:19:20:32 | queryParameter | tst.js:23:24:23:26 | obj | provenance | | +| tst.js:23:24:23:26 | obj | tst.js:24:28:24:30 | obj | provenance | | +| tst.js:23:24:23:26 | obj | tst.js:26:17:26:19 | obj | provenance | | +| tst.js:26:11:26:24 | str | tst.js:29:39:29:41 | str | provenance | | +| tst.js:26:17:26:19 | obj | tst.js:26:17:26:24 | obj + "" | provenance | Config | +| tst.js:26:17:26:24 | obj + "" | tst.js:26:11:26:24 | str | provenance | | +| tst.js:29:39:29:41 | str | tst.js:29:28:29:42 | JSON.parse(str) | provenance | Config | +subpaths #select | routes.js:2:23:2:30 | req.body | routes.js:2:23:2:30 | req.body | routes.js:2:23:2:30 | req.body | Template object depends on a $@. | routes.js:2:23:2:30 | req.body | user-provided value | | tst2.js:7:28:7:40 | bodyParameter | tst2.js:6:25:6:32 | req.body | tst2.js:7:28:7:40 | bodyParameter | Template object depends on a $@. | tst2.js:6:25:6:32 | req.body | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.expected b/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.expected index fb8bc60e6736..82521f20efac 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-078/CommandInjection/CommandInjection.expected @@ -1,370 +1,224 @@ -nodes -| actions.js:8:9:8:57 | title | -| actions.js:8:17:8:57 | github. ... t.title | -| actions.js:8:17:8:57 | github. ... t.title | -| actions.js:9:8:9:22 | `echo ${title}` | -| actions.js:9:8:9:22 | `echo ${title}` | -| actions.js:9:16:9:20 | title | -| actions.js:18:9:18:63 | head_ref | -| actions.js:18:20:18:63 | github. ... ead.ref | -| actions.js:18:20:18:63 | github. ... ead.ref | -| actions.js:19:14:19:31 | `echo ${head_ref}` | -| actions.js:19:14:19:31 | `echo ${head_ref}` | -| actions.js:19:22:19:29 | head_ref | -| child_process-test.js:6:9:6:49 | cmd | -| child_process-test.js:6:15:6:38 | url.par ... , true) | -| child_process-test.js:6:15:6:44 | url.par ... ).query | -| child_process-test.js:6:15:6:49 | url.par ... ry.path | -| child_process-test.js:6:15:6:49 | url.par ... ry.path | -| child_process-test.js:6:25:6:31 | req.url | -| child_process-test.js:6:25:6:31 | req.url | -| child_process-test.js:17:13:17:15 | cmd | -| child_process-test.js:17:13:17:15 | cmd | -| child_process-test.js:18:17:18:19 | cmd | -| child_process-test.js:18:17:18:19 | cmd | -| child_process-test.js:19:17:19:19 | cmd | -| child_process-test.js:19:17:19:19 | cmd | -| child_process-test.js:20:21:20:23 | cmd | -| child_process-test.js:20:21:20:23 | cmd | -| child_process-test.js:21:14:21:16 | cmd | -| child_process-test.js:21:14:21:16 | cmd | -| child_process-test.js:22:18:22:20 | cmd | -| child_process-test.js:22:18:22:20 | cmd | -| child_process-test.js:23:13:23:15 | cmd | -| child_process-test.js:23:13:23:15 | cmd | -| child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" | -| child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" | -| child_process-test.js:25:21:25:23 | cmd | -| child_process-test.js:39:26:39:28 | cmd | -| child_process-test.js:39:26:39:28 | cmd | -| child_process-test.js:43:15:43:17 | cmd | -| child_process-test.js:43:15:43:17 | cmd | -| child_process-test.js:48:15:48:17 | cmd | -| child_process-test.js:48:15:48:17 | cmd | -| child_process-test.js:53:15:53:17 | cmd | -| child_process-test.js:53:15:53:17 | cmd | -| child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) | -| child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) | -| child_process-test.js:56:46:56:57 | ["bar", cmd] | -| child_process-test.js:56:54:56:56 | cmd | -| child_process-test.js:56:54:56:56 | cmd | -| child_process-test.js:57:25:57:49 | ['/C', ... at(cmd) | -| child_process-test.js:57:25:57:49 | ['/C', ... at(cmd) | -| child_process-test.js:57:46:57:48 | cmd | -| child_process-test.js:73:9:73:49 | cmd | -| child_process-test.js:73:15:73:38 | url.par ... , true) | -| child_process-test.js:73:15:73:44 | url.par ... ).query | -| child_process-test.js:73:15:73:49 | url.par ... ry.path | -| child_process-test.js:73:25:73:31 | req.url | -| child_process-test.js:73:25:73:31 | req.url | -| child_process-test.js:75:29:75:31 | cmd | -| child_process-test.js:75:29:75:31 | cmd | -| child_process-test.js:83:19:83:36 | req.query.fileName | -| child_process-test.js:83:19:83:36 | req.query.fileName | -| child_process-test.js:83:19:83:36 | req.query.fileName | -| child_process-test.js:94:11:94:35 | "ping " ... ms.host | -| child_process-test.js:94:11:94:35 | "ping " ... ms.host | -| child_process-test.js:94:21:94:30 | ctx.params | -| child_process-test.js:94:21:94:30 | ctx.params | -| child_process-test.js:94:21:94:35 | ctx.params.host | -| exec-sh2.js:9:17:9:23 | command | -| exec-sh2.js:10:40:10:46 | command | -| exec-sh2.js:10:40:10:46 | command | -| exec-sh2.js:14:9:14:49 | cmd | -| exec-sh2.js:14:15:14:38 | url.par ... , true) | -| exec-sh2.js:14:15:14:44 | url.par ... ).query | -| exec-sh2.js:14:15:14:49 | url.par ... ry.path | -| exec-sh2.js:14:25:14:31 | req.url | -| exec-sh2.js:14:25:14:31 | req.url | -| exec-sh2.js:15:12:15:14 | cmd | -| exec-sh.js:13:17:13:23 | command | -| exec-sh.js:15:44:15:50 | command | -| exec-sh.js:15:44:15:50 | command | -| exec-sh.js:19:9:19:49 | cmd | -| exec-sh.js:19:15:19:38 | url.par ... , true) | -| exec-sh.js:19:15:19:44 | url.par ... ).query | -| exec-sh.js:19:15:19:49 | url.par ... ry.path | -| exec-sh.js:19:25:19:31 | req.url | -| exec-sh.js:19:25:19:31 | req.url | -| exec-sh.js:20:12:20:14 | cmd | -| execSeries.js:3:20:3:22 | arr | -| execSeries.js:6:14:6:16 | arr | -| execSeries.js:6:14:6:21 | arr[i++] | -| execSeries.js:13:19:13:26 | commands | -| execSeries.js:14:13:14:20 | commands | -| execSeries.js:14:24:14:30 | command | -| execSeries.js:14:41:14:47 | command | -| execSeries.js:14:41:14:47 | command | -| execSeries.js:18:7:18:58 | cmd | -| execSeries.js:18:13:18:47 | require ... , true) | -| execSeries.js:18:13:18:53 | require ... ).query | -| execSeries.js:18:13:18:58 | require ... ry.path | -| execSeries.js:18:34:18:40 | req.url | -| execSeries.js:18:34:18:40 | req.url | -| execSeries.js:19:12:19:16 | [cmd] | -| execSeries.js:19:13:19:15 | cmd | -| form-parsers.js:9:8:9:39 | "touch ... nalname | -| form-parsers.js:9:8:9:39 | "touch ... nalname | -| form-parsers.js:9:19:9:26 | req.file | -| form-parsers.js:9:19:9:26 | req.file | -| form-parsers.js:9:19:9:39 | req.fil ... nalname | -| form-parsers.js:13:3:13:11 | req.files | -| form-parsers.js:13:3:13:11 | req.files | -| form-parsers.js:13:21:13:24 | file | -| form-parsers.js:14:10:14:37 | "touch ... nalname | -| form-parsers.js:14:10:14:37 | "touch ... nalname | -| form-parsers.js:14:21:14:24 | file | -| form-parsers.js:14:21:14:37 | file.originalname | -| form-parsers.js:24:48:24:55 | filename | -| form-parsers.js:24:48:24:55 | filename | -| form-parsers.js:25:10:25:28 | "touch " + filename | -| form-parsers.js:25:10:25:28 | "touch " + filename | -| form-parsers.js:25:21:25:28 | filename | -| form-parsers.js:35:25:35:30 | fields | -| form-parsers.js:35:25:35:30 | fields | -| form-parsers.js:36:10:36:31 | "touch ... ds.name | -| form-parsers.js:36:10:36:31 | "touch ... ds.name | -| form-parsers.js:36:21:36:26 | fields | -| form-parsers.js:36:21:36:31 | fields.name | -| form-parsers.js:40:26:40:31 | fields | -| form-parsers.js:40:26:40:31 | fields | -| form-parsers.js:41:10:41:31 | "touch ... ds.name | -| form-parsers.js:41:10:41:31 | "touch ... ds.name | -| form-parsers.js:41:21:41:26 | fields | -| form-parsers.js:41:21:41:31 | fields.name | -| form-parsers.js:52:34:52:39 | fields | -| form-parsers.js:52:34:52:39 | fields | -| form-parsers.js:53:10:53:31 | "touch ... ds.name | -| form-parsers.js:53:10:53:31 | "touch ... ds.name | -| form-parsers.js:53:21:53:26 | fields | -| form-parsers.js:53:21:53:31 | fields.name | -| form-parsers.js:58:30:58:33 | part | -| form-parsers.js:58:30:58:33 | part | -| form-parsers.js:59:10:59:33 | "touch ... ilename | -| form-parsers.js:59:10:59:33 | "touch ... ilename | -| form-parsers.js:59:21:59:24 | part | -| form-parsers.js:59:21:59:33 | part.filename | -| other.js:5:9:5:49 | cmd | -| other.js:5:15:5:38 | url.par ... , true) | -| other.js:5:15:5:44 | url.par ... ).query | -| other.js:5:15:5:49 | url.par ... ry.path | -| other.js:5:25:5:31 | req.url | -| other.js:5:25:5:31 | req.url | -| other.js:7:33:7:35 | cmd | -| other.js:7:33:7:35 | cmd | -| other.js:8:28:8:30 | cmd | -| other.js:8:28:8:30 | cmd | -| other.js:9:32:9:34 | cmd | -| other.js:9:32:9:34 | cmd | -| other.js:10:29:10:31 | cmd | -| other.js:10:29:10:31 | cmd | -| other.js:11:29:11:31 | cmd | -| other.js:11:29:11:31 | cmd | -| other.js:12:27:12:29 | cmd | -| other.js:12:27:12:29 | cmd | -| other.js:14:28:14:30 | cmd | -| other.js:14:28:14:30 | cmd | -| other.js:15:34:15:36 | cmd | -| other.js:15:34:15:36 | cmd | -| other.js:16:21:16:23 | cmd | -| other.js:16:21:16:23 | cmd | -| other.js:17:27:17:29 | cmd | -| other.js:17:27:17:29 | cmd | -| other.js:18:22:18:24 | cmd | -| other.js:18:22:18:24 | cmd | -| other.js:19:36:19:38 | cmd | -| other.js:19:36:19:38 | cmd | -| other.js:22:21:22:23 | cmd | -| other.js:22:21:22:23 | cmd | -| other.js:23:28:23:30 | cmd | -| other.js:23:28:23:30 | cmd | -| other.js:26:34:26:36 | cmd | -| other.js:26:34:26:36 | cmd | -| other.js:28:27:28:29 | cmd | -| other.js:28:27:28:29 | cmd | -| other.js:30:33:30:35 | cmd | -| other.js:30:33:30:35 | cmd | -| other.js:34:44:34:46 | cmd | -| other.js:34:44:34:46 | cmd | -| third-party-command-injection.js:5:20:5:26 | command | -| third-party-command-injection.js:5:20:5:26 | command | -| third-party-command-injection.js:6:21:6:27 | command | -| third-party-command-injection.js:6:21:6:27 | command | edges -| actions.js:8:9:8:57 | title | actions.js:9:16:9:20 | title | -| actions.js:8:17:8:57 | github. ... t.title | actions.js:8:9:8:57 | title | -| actions.js:8:17:8:57 | github. ... t.title | actions.js:8:9:8:57 | title | -| actions.js:9:16:9:20 | title | actions.js:9:8:9:22 | `echo ${title}` | -| actions.js:9:16:9:20 | title | actions.js:9:8:9:22 | `echo ${title}` | -| actions.js:18:9:18:63 | head_ref | actions.js:19:22:19:29 | head_ref | -| actions.js:18:20:18:63 | github. ... ead.ref | actions.js:18:9:18:63 | head_ref | -| actions.js:18:20:18:63 | github. ... ead.ref | actions.js:18:9:18:63 | head_ref | -| actions.js:19:22:19:29 | head_ref | actions.js:19:14:19:31 | `echo ${head_ref}` | -| actions.js:19:22:19:29 | head_ref | actions.js:19:14:19:31 | `echo ${head_ref}` | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:17:13:17:15 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:17:13:17:15 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:18:17:18:19 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:18:17:18:19 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:19:17:19:19 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:19:17:19:19 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:20:21:20:23 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:20:21:20:23 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:21:14:21:16 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:21:14:21:16 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:22:18:22:20 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:22:18:22:20 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:23:13:23:15 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:23:13:23:15 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:25:21:25:23 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:39:26:39:28 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:39:26:39:28 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:43:15:43:17 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:43:15:43:17 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:48:15:48:17 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:48:15:48:17 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:53:15:53:17 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:53:15:53:17 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:56:54:56:56 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:56:54:56:56 | cmd | -| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:57:46:57:48 | cmd | -| child_process-test.js:6:15:6:38 | url.par ... , true) | child_process-test.js:6:15:6:44 | url.par ... ).query | -| child_process-test.js:6:15:6:44 | url.par ... ).query | child_process-test.js:6:15:6:49 | url.par ... ry.path | -| child_process-test.js:6:15:6:44 | url.par ... ).query | child_process-test.js:6:15:6:49 | url.par ... ry.path | -| child_process-test.js:6:15:6:49 | url.par ... ry.path | child_process-test.js:6:9:6:49 | cmd | -| child_process-test.js:6:25:6:31 | req.url | child_process-test.js:6:15:6:38 | url.par ... , true) | -| child_process-test.js:6:25:6:31 | req.url | child_process-test.js:6:15:6:38 | url.par ... , true) | -| child_process-test.js:25:21:25:23 | cmd | child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" | -| child_process-test.js:25:21:25:23 | cmd | child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" | -| child_process-test.js:56:46:56:57 | ["bar", cmd] | child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) | -| child_process-test.js:56:46:56:57 | ["bar", cmd] | child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) | -| child_process-test.js:56:54:56:56 | cmd | child_process-test.js:56:46:56:57 | ["bar", cmd] | -| child_process-test.js:57:46:57:48 | cmd | child_process-test.js:57:25:57:49 | ['/C', ... at(cmd) | -| child_process-test.js:57:46:57:48 | cmd | child_process-test.js:57:25:57:49 | ['/C', ... at(cmd) | -| child_process-test.js:73:9:73:49 | cmd | child_process-test.js:75:29:75:31 | cmd | -| child_process-test.js:73:9:73:49 | cmd | child_process-test.js:75:29:75:31 | cmd | -| child_process-test.js:73:15:73:38 | url.par ... , true) | child_process-test.js:73:15:73:44 | url.par ... ).query | -| child_process-test.js:73:15:73:44 | url.par ... ).query | child_process-test.js:73:15:73:49 | url.par ... ry.path | -| child_process-test.js:73:15:73:49 | url.par ... ry.path | child_process-test.js:73:9:73:49 | cmd | -| child_process-test.js:73:25:73:31 | req.url | child_process-test.js:73:15:73:38 | url.par ... , true) | -| child_process-test.js:73:25:73:31 | req.url | child_process-test.js:73:15:73:38 | url.par ... , true) | -| child_process-test.js:83:19:83:36 | req.query.fileName | child_process-test.js:83:19:83:36 | req.query.fileName | -| child_process-test.js:94:21:94:30 | ctx.params | child_process-test.js:94:21:94:35 | ctx.params.host | -| child_process-test.js:94:21:94:30 | ctx.params | child_process-test.js:94:21:94:35 | ctx.params.host | -| child_process-test.js:94:21:94:35 | ctx.params.host | child_process-test.js:94:11:94:35 | "ping " ... ms.host | -| child_process-test.js:94:21:94:35 | ctx.params.host | child_process-test.js:94:11:94:35 | "ping " ... ms.host | -| exec-sh2.js:9:17:9:23 | command | exec-sh2.js:10:40:10:46 | command | -| exec-sh2.js:9:17:9:23 | command | exec-sh2.js:10:40:10:46 | command | -| exec-sh2.js:14:9:14:49 | cmd | exec-sh2.js:15:12:15:14 | cmd | -| exec-sh2.js:14:15:14:38 | url.par ... , true) | exec-sh2.js:14:15:14:44 | url.par ... ).query | -| exec-sh2.js:14:15:14:44 | url.par ... ).query | exec-sh2.js:14:15:14:49 | url.par ... ry.path | -| exec-sh2.js:14:15:14:49 | url.par ... ry.path | exec-sh2.js:14:9:14:49 | cmd | -| exec-sh2.js:14:25:14:31 | req.url | exec-sh2.js:14:15:14:38 | url.par ... , true) | -| exec-sh2.js:14:25:14:31 | req.url | exec-sh2.js:14:15:14:38 | url.par ... , true) | -| exec-sh2.js:15:12:15:14 | cmd | exec-sh2.js:9:17:9:23 | command | -| exec-sh.js:13:17:13:23 | command | exec-sh.js:15:44:15:50 | command | -| exec-sh.js:13:17:13:23 | command | exec-sh.js:15:44:15:50 | command | -| exec-sh.js:19:9:19:49 | cmd | exec-sh.js:20:12:20:14 | cmd | -| exec-sh.js:19:15:19:38 | url.par ... , true) | exec-sh.js:19:15:19:44 | url.par ... ).query | -| exec-sh.js:19:15:19:44 | url.par ... ).query | exec-sh.js:19:15:19:49 | url.par ... ry.path | -| exec-sh.js:19:15:19:49 | url.par ... ry.path | exec-sh.js:19:9:19:49 | cmd | -| exec-sh.js:19:25:19:31 | req.url | exec-sh.js:19:15:19:38 | url.par ... , true) | -| exec-sh.js:19:25:19:31 | req.url | exec-sh.js:19:15:19:38 | url.par ... , true) | -| exec-sh.js:20:12:20:14 | cmd | exec-sh.js:13:17:13:23 | command | -| execSeries.js:3:20:3:22 | arr | execSeries.js:6:14:6:16 | arr | -| execSeries.js:6:14:6:16 | arr | execSeries.js:6:14:6:21 | arr[i++] | -| execSeries.js:6:14:6:21 | arr[i++] | execSeries.js:14:24:14:30 | command | -| execSeries.js:13:19:13:26 | commands | execSeries.js:14:13:14:20 | commands | -| execSeries.js:14:13:14:20 | commands | execSeries.js:3:20:3:22 | arr | -| execSeries.js:14:13:14:20 | commands | execSeries.js:14:24:14:30 | command | -| execSeries.js:14:24:14:30 | command | execSeries.js:14:41:14:47 | command | -| execSeries.js:14:24:14:30 | command | execSeries.js:14:41:14:47 | command | -| execSeries.js:18:7:18:58 | cmd | execSeries.js:19:13:19:15 | cmd | -| execSeries.js:18:13:18:47 | require ... , true) | execSeries.js:18:13:18:53 | require ... ).query | -| execSeries.js:18:13:18:53 | require ... ).query | execSeries.js:18:13:18:58 | require ... ry.path | -| execSeries.js:18:13:18:58 | require ... ry.path | execSeries.js:18:7:18:58 | cmd | -| execSeries.js:18:34:18:40 | req.url | execSeries.js:18:13:18:47 | require ... , true) | -| execSeries.js:18:34:18:40 | req.url | execSeries.js:18:13:18:47 | require ... , true) | -| execSeries.js:19:12:19:16 | [cmd] | execSeries.js:13:19:13:26 | commands | -| execSeries.js:19:13:19:15 | cmd | execSeries.js:19:12:19:16 | [cmd] | -| form-parsers.js:9:19:9:26 | req.file | form-parsers.js:9:19:9:39 | req.fil ... nalname | -| form-parsers.js:9:19:9:26 | req.file | form-parsers.js:9:19:9:39 | req.fil ... nalname | -| form-parsers.js:9:19:9:39 | req.fil ... nalname | form-parsers.js:9:8:9:39 | "touch ... nalname | -| form-parsers.js:9:19:9:39 | req.fil ... nalname | form-parsers.js:9:8:9:39 | "touch ... nalname | -| form-parsers.js:13:3:13:11 | req.files | form-parsers.js:13:21:13:24 | file | -| form-parsers.js:13:3:13:11 | req.files | form-parsers.js:13:21:13:24 | file | -| form-parsers.js:13:21:13:24 | file | form-parsers.js:14:21:14:24 | file | -| form-parsers.js:14:21:14:24 | file | form-parsers.js:14:21:14:37 | file.originalname | -| form-parsers.js:14:21:14:37 | file.originalname | form-parsers.js:14:10:14:37 | "touch ... nalname | -| form-parsers.js:14:21:14:37 | file.originalname | form-parsers.js:14:10:14:37 | "touch ... nalname | -| form-parsers.js:24:48:24:55 | filename | form-parsers.js:25:21:25:28 | filename | -| form-parsers.js:24:48:24:55 | filename | form-parsers.js:25:21:25:28 | filename | -| form-parsers.js:25:21:25:28 | filename | form-parsers.js:25:10:25:28 | "touch " + filename | -| form-parsers.js:25:21:25:28 | filename | form-parsers.js:25:10:25:28 | "touch " + filename | -| form-parsers.js:35:25:35:30 | fields | form-parsers.js:36:21:36:26 | fields | -| form-parsers.js:35:25:35:30 | fields | form-parsers.js:36:21:36:26 | fields | -| form-parsers.js:36:21:36:26 | fields | form-parsers.js:36:21:36:31 | fields.name | -| form-parsers.js:36:21:36:31 | fields.name | form-parsers.js:36:10:36:31 | "touch ... ds.name | -| form-parsers.js:36:21:36:31 | fields.name | form-parsers.js:36:10:36:31 | "touch ... ds.name | -| form-parsers.js:40:26:40:31 | fields | form-parsers.js:41:21:41:26 | fields | -| form-parsers.js:40:26:40:31 | fields | form-parsers.js:41:21:41:26 | fields | -| form-parsers.js:41:21:41:26 | fields | form-parsers.js:41:21:41:31 | fields.name | -| form-parsers.js:41:21:41:31 | fields.name | form-parsers.js:41:10:41:31 | "touch ... ds.name | -| form-parsers.js:41:21:41:31 | fields.name | form-parsers.js:41:10:41:31 | "touch ... ds.name | -| form-parsers.js:52:34:52:39 | fields | form-parsers.js:53:21:53:26 | fields | -| form-parsers.js:52:34:52:39 | fields | form-parsers.js:53:21:53:26 | fields | -| form-parsers.js:53:21:53:26 | fields | form-parsers.js:53:21:53:31 | fields.name | -| form-parsers.js:53:21:53:31 | fields.name | form-parsers.js:53:10:53:31 | "touch ... ds.name | -| form-parsers.js:53:21:53:31 | fields.name | form-parsers.js:53:10:53:31 | "touch ... ds.name | -| form-parsers.js:58:30:58:33 | part | form-parsers.js:59:21:59:24 | part | -| form-parsers.js:58:30:58:33 | part | form-parsers.js:59:21:59:24 | part | -| form-parsers.js:59:21:59:24 | part | form-parsers.js:59:21:59:33 | part.filename | -| form-parsers.js:59:21:59:33 | part.filename | form-parsers.js:59:10:59:33 | "touch ... ilename | -| form-parsers.js:59:21:59:33 | part.filename | form-parsers.js:59:10:59:33 | "touch ... ilename | -| other.js:5:9:5:49 | cmd | other.js:7:33:7:35 | cmd | -| other.js:5:9:5:49 | cmd | other.js:7:33:7:35 | cmd | -| other.js:5:9:5:49 | cmd | other.js:8:28:8:30 | cmd | -| other.js:5:9:5:49 | cmd | other.js:8:28:8:30 | cmd | -| other.js:5:9:5:49 | cmd | other.js:9:32:9:34 | cmd | -| other.js:5:9:5:49 | cmd | other.js:9:32:9:34 | cmd | -| other.js:5:9:5:49 | cmd | other.js:10:29:10:31 | cmd | -| other.js:5:9:5:49 | cmd | other.js:10:29:10:31 | cmd | -| other.js:5:9:5:49 | cmd | other.js:11:29:11:31 | cmd | -| other.js:5:9:5:49 | cmd | other.js:11:29:11:31 | cmd | -| other.js:5:9:5:49 | cmd | other.js:12:27:12:29 | cmd | -| other.js:5:9:5:49 | cmd | other.js:12:27:12:29 | cmd | -| other.js:5:9:5:49 | cmd | other.js:14:28:14:30 | cmd | -| other.js:5:9:5:49 | cmd | other.js:14:28:14:30 | cmd | -| other.js:5:9:5:49 | cmd | other.js:15:34:15:36 | cmd | -| other.js:5:9:5:49 | cmd | other.js:15:34:15:36 | cmd | -| other.js:5:9:5:49 | cmd | other.js:16:21:16:23 | cmd | -| other.js:5:9:5:49 | cmd | other.js:16:21:16:23 | cmd | -| other.js:5:9:5:49 | cmd | other.js:17:27:17:29 | cmd | -| other.js:5:9:5:49 | cmd | other.js:17:27:17:29 | cmd | -| other.js:5:9:5:49 | cmd | other.js:18:22:18:24 | cmd | -| other.js:5:9:5:49 | cmd | other.js:18:22:18:24 | cmd | -| other.js:5:9:5:49 | cmd | other.js:19:36:19:38 | cmd | -| other.js:5:9:5:49 | cmd | other.js:19:36:19:38 | cmd | -| other.js:5:9:5:49 | cmd | other.js:22:21:22:23 | cmd | -| other.js:5:9:5:49 | cmd | other.js:22:21:22:23 | cmd | -| other.js:5:9:5:49 | cmd | other.js:23:28:23:30 | cmd | -| other.js:5:9:5:49 | cmd | other.js:23:28:23:30 | cmd | -| other.js:5:9:5:49 | cmd | other.js:26:34:26:36 | cmd | -| other.js:5:9:5:49 | cmd | other.js:26:34:26:36 | cmd | -| other.js:5:9:5:49 | cmd | other.js:28:27:28:29 | cmd | -| other.js:5:9:5:49 | cmd | other.js:28:27:28:29 | cmd | -| other.js:5:9:5:49 | cmd | other.js:30:33:30:35 | cmd | -| other.js:5:9:5:49 | cmd | other.js:30:33:30:35 | cmd | -| other.js:5:9:5:49 | cmd | other.js:34:44:34:46 | cmd | -| other.js:5:9:5:49 | cmd | other.js:34:44:34:46 | cmd | -| other.js:5:15:5:38 | url.par ... , true) | other.js:5:15:5:44 | url.par ... ).query | -| other.js:5:15:5:44 | url.par ... ).query | other.js:5:15:5:49 | url.par ... ry.path | -| other.js:5:15:5:49 | url.par ... ry.path | other.js:5:9:5:49 | cmd | -| other.js:5:25:5:31 | req.url | other.js:5:15:5:38 | url.par ... , true) | -| other.js:5:25:5:31 | req.url | other.js:5:15:5:38 | url.par ... , true) | -| third-party-command-injection.js:5:20:5:26 | command | third-party-command-injection.js:6:21:6:27 | command | -| third-party-command-injection.js:5:20:5:26 | command | third-party-command-injection.js:6:21:6:27 | command | -| third-party-command-injection.js:5:20:5:26 | command | third-party-command-injection.js:6:21:6:27 | command | -| third-party-command-injection.js:5:20:5:26 | command | third-party-command-injection.js:6:21:6:27 | command | +| actions.js:8:9:8:57 | title | actions.js:9:16:9:20 | title | provenance | | +| actions.js:8:17:8:57 | github. ... t.title | actions.js:8:9:8:57 | title | provenance | | +| actions.js:9:16:9:20 | title | actions.js:9:8:9:22 | `echo ${title}` | provenance | | +| actions.js:18:9:18:63 | head_ref | actions.js:19:22:19:29 | head_ref | provenance | | +| actions.js:18:20:18:63 | github. ... ead.ref | actions.js:18:9:18:63 | head_ref | provenance | | +| actions.js:19:22:19:29 | head_ref | actions.js:19:14:19:31 | `echo ${head_ref}` | provenance | | +| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:17:13:17:15 | cmd | provenance | | +| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:18:17:18:19 | cmd | provenance | | +| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:19:17:19:19 | cmd | provenance | | +| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:20:21:20:23 | cmd | provenance | | +| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:21:14:21:16 | cmd | provenance | | +| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:22:18:22:20 | cmd | provenance | | +| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:23:13:23:15 | cmd | provenance | | +| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:25:21:25:23 | cmd | provenance | | +| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:39:26:39:28 | cmd | provenance | | +| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:43:15:43:17 | cmd | provenance | | +| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:48:15:48:17 | cmd | provenance | | +| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:53:15:53:17 | cmd | provenance | | +| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:56:54:56:56 | cmd | provenance | | +| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:56:54:56:56 | cmd | provenance | | +| child_process-test.js:6:9:6:49 | cmd | child_process-test.js:57:46:57:48 | cmd | provenance | | +| child_process-test.js:6:15:6:38 | url.par ... , true) | child_process-test.js:6:9:6:49 | cmd | provenance | | +| child_process-test.js:6:15:6:38 | url.par ... , true) | child_process-test.js:6:15:6:49 | url.par ... ry.path | provenance | | +| child_process-test.js:6:15:6:38 | url.par ... , true) | child_process-test.js:6:15:6:49 | url.par ... ry.path | provenance | | +| child_process-test.js:6:15:6:49 | url.par ... ry.path | child_process-test.js:6:9:6:49 | cmd | provenance | | +| child_process-test.js:6:25:6:31 | req.url | child_process-test.js:6:15:6:38 | url.par ... , true) | provenance | | +| child_process-test.js:25:21:25:23 | cmd | child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" | provenance | | +| child_process-test.js:56:46:56:57 | ["bar", cmd] | child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) | provenance | | +| child_process-test.js:56:46:56:57 | ["bar", cmd] [1] | child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) | provenance | | +| child_process-test.js:56:54:56:56 | cmd | child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) | provenance | | +| child_process-test.js:56:54:56:56 | cmd | child_process-test.js:56:46:56:57 | ["bar", cmd] | provenance | | +| child_process-test.js:56:54:56:56 | cmd | child_process-test.js:56:46:56:57 | ["bar", cmd] [1] | provenance | | +| child_process-test.js:57:46:57:48 | cmd | child_process-test.js:57:25:57:49 | ['/C', ... at(cmd) | provenance | | +| child_process-test.js:73:9:73:49 | cmd | child_process-test.js:75:29:75:31 | cmd | provenance | | +| child_process-test.js:73:15:73:38 | url.par ... , true) | child_process-test.js:73:9:73:49 | cmd | provenance | | +| child_process-test.js:73:25:73:31 | req.url | child_process-test.js:73:15:73:38 | url.par ... , true) | provenance | | +| child_process-test.js:94:21:94:30 | ctx.params | child_process-test.js:94:11:94:35 | "ping " ... ms.host | provenance | | +| exec-sh2.js:9:17:9:23 | command | exec-sh2.js:10:40:10:46 | command | provenance | | +| exec-sh2.js:14:9:14:49 | cmd | exec-sh2.js:15:12:15:14 | cmd | provenance | | +| exec-sh2.js:14:15:14:38 | url.par ... , true) | exec-sh2.js:14:9:14:49 | cmd | provenance | | +| exec-sh2.js:14:25:14:31 | req.url | exec-sh2.js:14:15:14:38 | url.par ... , true) | provenance | | +| exec-sh2.js:15:12:15:14 | cmd | exec-sh2.js:9:17:9:23 | command | provenance | | +| exec-sh.js:13:17:13:23 | command | exec-sh.js:15:44:15:50 | command | provenance | | +| exec-sh.js:19:9:19:49 | cmd | exec-sh.js:20:12:20:14 | cmd | provenance | | +| exec-sh.js:19:15:19:38 | url.par ... , true) | exec-sh.js:19:9:19:49 | cmd | provenance | | +| exec-sh.js:19:25:19:31 | req.url | exec-sh.js:19:15:19:38 | url.par ... , true) | provenance | | +| exec-sh.js:20:12:20:14 | cmd | exec-sh.js:13:17:13:23 | command | provenance | | +| execSeries.js:3:20:3:22 | arr | execSeries.js:5:3:10:4 | (functi ... );\\n }) [arr] | provenance | | +| execSeries.js:3:20:3:22 | arr | execSeries.js:6:14:6:16 | arr | provenance | | +| execSeries.js:3:20:3:22 | arr [0] | execSeries.js:5:3:10:4 | (functi ... );\\n }) [arr, 0] | provenance | | +| execSeries.js:3:20:3:22 | arr [0] | execSeries.js:6:14:6:16 | arr [0] | provenance | | +| execSeries.js:5:3:10:4 | (functi ... );\\n }) [arr, 0] | execSeries.js:6:14:6:16 | arr [0] | provenance | | +| execSeries.js:5:3:10:4 | (functi ... );\\n }) [arr] | execSeries.js:6:14:6:16 | arr | provenance | | +| execSeries.js:6:14:6:16 | arr | execSeries.js:6:14:6:21 | arr[i++] | provenance | | +| execSeries.js:6:14:6:16 | arr [0] | execSeries.js:6:14:6:21 | arr[i++] | provenance | | +| execSeries.js:6:14:6:21 | arr[i++] | execSeries.js:14:24:14:30 | command | provenance | | +| execSeries.js:13:19:13:26 | commands | execSeries.js:14:13:14:20 | commands | provenance | | +| execSeries.js:13:19:13:26 | commands [0] | execSeries.js:14:13:14:20 | commands [0] | provenance | | +| execSeries.js:14:13:14:20 | commands | execSeries.js:3:20:3:22 | arr | provenance | | +| execSeries.js:14:13:14:20 | commands [0] | execSeries.js:3:20:3:22 | arr [0] | provenance | | +| execSeries.js:14:24:14:30 | command | execSeries.js:14:41:14:47 | command | provenance | | +| execSeries.js:18:7:18:58 | cmd | execSeries.js:19:13:19:15 | cmd | provenance | | +| execSeries.js:18:13:18:47 | require ... , true) | execSeries.js:18:7:18:58 | cmd | provenance | | +| execSeries.js:18:34:18:40 | req.url | execSeries.js:18:13:18:47 | require ... , true) | provenance | | +| execSeries.js:19:12:19:16 | [cmd] | execSeries.js:13:19:13:26 | commands | provenance | | +| execSeries.js:19:12:19:16 | [cmd] [0] | execSeries.js:13:19:13:26 | commands [0] | provenance | | +| execSeries.js:19:13:19:15 | cmd | execSeries.js:19:12:19:16 | [cmd] | provenance | | +| execSeries.js:19:13:19:15 | cmd | execSeries.js:19:12:19:16 | [cmd] [0] | provenance | | +| form-parsers.js:9:19:9:26 | req.file | form-parsers.js:9:8:9:39 | "touch ... nalname | provenance | | +| form-parsers.js:13:3:13:11 | req.files | form-parsers.js:13:21:13:24 | file | provenance | | +| form-parsers.js:13:21:13:24 | file | form-parsers.js:14:21:14:24 | file | provenance | | +| form-parsers.js:14:21:14:24 | file | form-parsers.js:14:10:14:37 | "touch ... nalname | provenance | | +| form-parsers.js:24:48:24:55 | filename | form-parsers.js:25:21:25:28 | filename | provenance | | +| form-parsers.js:25:21:25:28 | filename | form-parsers.js:25:10:25:28 | "touch " + filename | provenance | | +| form-parsers.js:35:25:35:30 | fields | form-parsers.js:36:21:36:26 | fields | provenance | | +| form-parsers.js:36:21:36:26 | fields | form-parsers.js:36:10:36:31 | "touch ... ds.name | provenance | | +| form-parsers.js:40:26:40:31 | fields | form-parsers.js:41:21:41:26 | fields | provenance | | +| form-parsers.js:41:21:41:26 | fields | form-parsers.js:41:10:41:31 | "touch ... ds.name | provenance | | +| form-parsers.js:52:34:52:39 | fields | form-parsers.js:53:21:53:26 | fields | provenance | | +| form-parsers.js:53:21:53:26 | fields | form-parsers.js:53:10:53:31 | "touch ... ds.name | provenance | | +| form-parsers.js:58:30:58:33 | part | form-parsers.js:59:21:59:24 | part | provenance | | +| form-parsers.js:59:21:59:24 | part | form-parsers.js:59:10:59:33 | "touch ... ilename | provenance | | +| other.js:5:9:5:49 | cmd | other.js:7:33:7:35 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:8:28:8:30 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:9:32:9:34 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:10:29:10:31 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:11:29:11:31 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:12:27:12:29 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:14:28:14:30 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:15:34:15:36 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:16:21:16:23 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:17:27:17:29 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:18:22:18:24 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:19:36:19:38 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:22:21:22:23 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:23:28:23:30 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:26:34:26:36 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:28:27:28:29 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:30:33:30:35 | cmd | provenance | | +| other.js:5:9:5:49 | cmd | other.js:34:44:34:46 | cmd | provenance | | +| other.js:5:15:5:38 | url.par ... , true) | other.js:5:9:5:49 | cmd | provenance | | +| other.js:5:25:5:31 | req.url | other.js:5:15:5:38 | url.par ... , true) | provenance | | +| third-party-command-injection.js:5:20:5:26 | command | third-party-command-injection.js:6:21:6:27 | command | provenance | | +nodes +| actions.js:8:9:8:57 | title | semmle.label | title | +| actions.js:8:17:8:57 | github. ... t.title | semmle.label | github. ... t.title | +| actions.js:9:8:9:22 | `echo ${title}` | semmle.label | `echo ${title}` | +| actions.js:9:16:9:20 | title | semmle.label | title | +| actions.js:18:9:18:63 | head_ref | semmle.label | head_ref | +| actions.js:18:20:18:63 | github. ... ead.ref | semmle.label | github. ... ead.ref | +| actions.js:19:14:19:31 | `echo ${head_ref}` | semmle.label | `echo ${head_ref}` | +| actions.js:19:22:19:29 | head_ref | semmle.label | head_ref | +| child_process-test.js:6:9:6:49 | cmd | semmle.label | cmd | +| child_process-test.js:6:15:6:38 | url.par ... , true) | semmle.label | url.par ... , true) | +| child_process-test.js:6:15:6:49 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| child_process-test.js:6:15:6:49 | url.par ... ry.path | semmle.label | url.par ... ry.path | +| child_process-test.js:6:25:6:31 | req.url | semmle.label | req.url | +| child_process-test.js:17:13:17:15 | cmd | semmle.label | cmd | +| child_process-test.js:18:17:18:19 | cmd | semmle.label | cmd | +| child_process-test.js:19:17:19:19 | cmd | semmle.label | cmd | +| child_process-test.js:20:21:20:23 | cmd | semmle.label | cmd | +| child_process-test.js:21:14:21:16 | cmd | semmle.label | cmd | +| child_process-test.js:22:18:22:20 | cmd | semmle.label | cmd | +| child_process-test.js:23:13:23:15 | cmd | semmle.label | cmd | +| child_process-test.js:25:13:25:31 | "foo" + cmd + "bar" | semmle.label | "foo" + cmd + "bar" | +| child_process-test.js:25:21:25:23 | cmd | semmle.label | cmd | +| child_process-test.js:39:26:39:28 | cmd | semmle.label | cmd | +| child_process-test.js:43:15:43:17 | cmd | semmle.label | cmd | +| child_process-test.js:48:15:48:17 | cmd | semmle.label | cmd | +| child_process-test.js:53:15:53:17 | cmd | semmle.label | cmd | +| child_process-test.js:56:25:56:58 | ['/C', ... , cmd]) | semmle.label | ['/C', ... , cmd]) | +| child_process-test.js:56:46:56:57 | ["bar", cmd] | semmle.label | ["bar", cmd] | +| child_process-test.js:56:46:56:57 | ["bar", cmd] [1] | semmle.label | ["bar", cmd] [1] | +| child_process-test.js:56:54:56:56 | cmd | semmle.label | cmd | +| child_process-test.js:56:54:56:56 | cmd | semmle.label | cmd | +| child_process-test.js:57:25:57:49 | ['/C', ... at(cmd) | semmle.label | ['/C', ... at(cmd) | +| child_process-test.js:57:46:57:48 | cmd | semmle.label | cmd | +| child_process-test.js:73:9:73:49 | cmd | semmle.label | cmd | +| child_process-test.js:73:15:73:38 | url.par ... , true) | semmle.label | url.par ... , true) | +| child_process-test.js:73:25:73:31 | req.url | semmle.label | req.url | +| child_process-test.js:75:29:75:31 | cmd | semmle.label | cmd | +| child_process-test.js:83:19:83:36 | req.query.fileName | semmle.label | req.query.fileName | +| child_process-test.js:94:11:94:35 | "ping " ... ms.host | semmle.label | "ping " ... ms.host | +| child_process-test.js:94:21:94:30 | ctx.params | semmle.label | ctx.params | +| exec-sh2.js:9:17:9:23 | command | semmle.label | command | +| exec-sh2.js:10:40:10:46 | command | semmle.label | command | +| exec-sh2.js:14:9:14:49 | cmd | semmle.label | cmd | +| exec-sh2.js:14:15:14:38 | url.par ... , true) | semmle.label | url.par ... , true) | +| exec-sh2.js:14:25:14:31 | req.url | semmle.label | req.url | +| exec-sh2.js:15:12:15:14 | cmd | semmle.label | cmd | +| exec-sh.js:13:17:13:23 | command | semmle.label | command | +| exec-sh.js:15:44:15:50 | command | semmle.label | command | +| exec-sh.js:19:9:19:49 | cmd | semmle.label | cmd | +| exec-sh.js:19:15:19:38 | url.par ... , true) | semmle.label | url.par ... , true) | +| exec-sh.js:19:25:19:31 | req.url | semmle.label | req.url | +| exec-sh.js:20:12:20:14 | cmd | semmle.label | cmd | +| execSeries.js:3:20:3:22 | arr | semmle.label | arr | +| execSeries.js:3:20:3:22 | arr [0] | semmle.label | arr [0] | +| execSeries.js:5:3:10:4 | (functi ... );\\n }) [arr, 0] | semmle.label | (functi ... );\\n }) [arr, 0] | +| execSeries.js:5:3:10:4 | (functi ... );\\n }) [arr] | semmle.label | (functi ... );\\n }) [arr] | +| execSeries.js:6:14:6:16 | arr | semmle.label | arr | +| execSeries.js:6:14:6:16 | arr [0] | semmle.label | arr [0] | +| execSeries.js:6:14:6:21 | arr[i++] | semmle.label | arr[i++] | +| execSeries.js:13:19:13:26 | commands | semmle.label | commands | +| execSeries.js:13:19:13:26 | commands [0] | semmle.label | commands [0] | +| execSeries.js:14:13:14:20 | commands | semmle.label | commands | +| execSeries.js:14:13:14:20 | commands [0] | semmle.label | commands [0] | +| execSeries.js:14:24:14:30 | command | semmle.label | command | +| execSeries.js:14:41:14:47 | command | semmle.label | command | +| execSeries.js:18:7:18:58 | cmd | semmle.label | cmd | +| execSeries.js:18:13:18:47 | require ... , true) | semmle.label | require ... , true) | +| execSeries.js:18:34:18:40 | req.url | semmle.label | req.url | +| execSeries.js:19:12:19:16 | [cmd] | semmle.label | [cmd] | +| execSeries.js:19:12:19:16 | [cmd] [0] | semmle.label | [cmd] [0] | +| execSeries.js:19:13:19:15 | cmd | semmle.label | cmd | +| form-parsers.js:9:8:9:39 | "touch ... nalname | semmle.label | "touch ... nalname | +| form-parsers.js:9:19:9:26 | req.file | semmle.label | req.file | +| form-parsers.js:13:3:13:11 | req.files | semmle.label | req.files | +| form-parsers.js:13:21:13:24 | file | semmle.label | file | +| form-parsers.js:14:10:14:37 | "touch ... nalname | semmle.label | "touch ... nalname | +| form-parsers.js:14:21:14:24 | file | semmle.label | file | +| form-parsers.js:24:48:24:55 | filename | semmle.label | filename | +| form-parsers.js:25:10:25:28 | "touch " + filename | semmle.label | "touch " + filename | +| form-parsers.js:25:21:25:28 | filename | semmle.label | filename | +| form-parsers.js:35:25:35:30 | fields | semmle.label | fields | +| form-parsers.js:36:10:36:31 | "touch ... ds.name | semmle.label | "touch ... ds.name | +| form-parsers.js:36:21:36:26 | fields | semmle.label | fields | +| form-parsers.js:40:26:40:31 | fields | semmle.label | fields | +| form-parsers.js:41:10:41:31 | "touch ... ds.name | semmle.label | "touch ... ds.name | +| form-parsers.js:41:21:41:26 | fields | semmle.label | fields | +| form-parsers.js:52:34:52:39 | fields | semmle.label | fields | +| form-parsers.js:53:10:53:31 | "touch ... ds.name | semmle.label | "touch ... ds.name | +| form-parsers.js:53:21:53:26 | fields | semmle.label | fields | +| form-parsers.js:58:30:58:33 | part | semmle.label | part | +| form-parsers.js:59:10:59:33 | "touch ... ilename | semmle.label | "touch ... ilename | +| form-parsers.js:59:21:59:24 | part | semmle.label | part | +| other.js:5:9:5:49 | cmd | semmle.label | cmd | +| other.js:5:15:5:38 | url.par ... , true) | semmle.label | url.par ... , true) | +| other.js:5:25:5:31 | req.url | semmle.label | req.url | +| other.js:7:33:7:35 | cmd | semmle.label | cmd | +| other.js:8:28:8:30 | cmd | semmle.label | cmd | +| other.js:9:32:9:34 | cmd | semmle.label | cmd | +| other.js:10:29:10:31 | cmd | semmle.label | cmd | +| other.js:11:29:11:31 | cmd | semmle.label | cmd | +| other.js:12:27:12:29 | cmd | semmle.label | cmd | +| other.js:14:28:14:30 | cmd | semmle.label | cmd | +| other.js:15:34:15:36 | cmd | semmle.label | cmd | +| other.js:16:21:16:23 | cmd | semmle.label | cmd | +| other.js:17:27:17:29 | cmd | semmle.label | cmd | +| other.js:18:22:18:24 | cmd | semmle.label | cmd | +| other.js:19:36:19:38 | cmd | semmle.label | cmd | +| other.js:22:21:22:23 | cmd | semmle.label | cmd | +| other.js:23:28:23:30 | cmd | semmle.label | cmd | +| other.js:26:34:26:36 | cmd | semmle.label | cmd | +| other.js:28:27:28:29 | cmd | semmle.label | cmd | +| other.js:30:33:30:35 | cmd | semmle.label | cmd | +| other.js:34:44:34:46 | cmd | semmle.label | cmd | +| third-party-command-injection.js:5:20:5:26 | command | semmle.label | command | +| third-party-command-injection.js:6:21:6:27 | command | semmle.label | command | +subpaths #select | actions.js:9:8:9:22 | `echo ${title}` | actions.js:8:17:8:57 | github. ... t.title | actions.js:9:8:9:22 | `echo ${title}` | This command line depends on a $@. | actions.js:8:17:8:57 | github. ... t.title | user-provided value | | actions.js:19:14:19:31 | `echo ${head_ref}` | actions.js:18:20:18:63 | github. ... ead.ref | actions.js:19:14:19:31 | `echo ${head_ref}` | This command line depends on a $@. | actions.js:18:20:18:63 | github. ... ead.ref | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/IndirectCommandInjection.expected b/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/IndirectCommandInjection.expected index 47d8d4adcb11..26416731806e 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/IndirectCommandInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-078/IndirectCommandInjection/IndirectCommandInjection.expected @@ -1,427 +1,258 @@ -nodes -| actions.js:4:6:4:16 | process.env | -| actions.js:4:6:4:16 | process.env | -| actions.js:4:6:4:29 | process ... _DATA'] | -| actions.js:4:6:4:29 | process ... _DATA'] | -| actions.js:7:15:7:15 | e | -| actions.js:8:10:8:10 | e | -| actions.js:8:10:8:23 | e['TEST_DATA'] | -| actions.js:8:10:8:23 | e['TEST_DATA'] | -| actions.js:12:6:12:16 | process.env | -| actions.js:12:6:12:16 | process.env | -| actions.js:14:6:14:21 | getInput('data') | -| actions.js:14:6:14:21 | getInput('data') | -| actions.js:14:6:14:21 | getInput('data') | -| command-line-parameter-command-injection.js:4:10:4:21 | process.argv | -| command-line-parameter-command-injection.js:4:10:4:21 | process.argv | -| command-line-parameter-command-injection.js:4:10:4:21 | process.argv | -| command-line-parameter-command-injection.js:8:10:8:36 | "cmd.sh ... argv[2] | -| command-line-parameter-command-injection.js:8:10:8:36 | "cmd.sh ... argv[2] | -| command-line-parameter-command-injection.js:8:22:8:33 | process.argv | -| command-line-parameter-command-injection.js:8:22:8:33 | process.argv | -| command-line-parameter-command-injection.js:8:22:8:36 | process.argv[2] | -| command-line-parameter-command-injection.js:10:6:10:33 | args | -| command-line-parameter-command-injection.js:10:13:10:24 | process.argv | -| command-line-parameter-command-injection.js:10:13:10:24 | process.argv | -| command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) | -| command-line-parameter-command-injection.js:11:14:11:17 | args | -| command-line-parameter-command-injection.js:11:14:11:20 | args[0] | -| command-line-parameter-command-injection.js:11:14:11:20 | args[0] | -| command-line-parameter-command-injection.js:12:14:12:32 | "cmd.sh " + args[0] | -| command-line-parameter-command-injection.js:12:14:12:32 | "cmd.sh " + args[0] | -| command-line-parameter-command-injection.js:12:26:12:29 | args | -| command-line-parameter-command-injection.js:12:26:12:32 | args[0] | -| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs | -| command-line-parameter-command-injection.js:14:18:14:21 | args | -| command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) | -| command-line-parameter-command-injection.js:15:14:15:22 | fewerArgs | -| command-line-parameter-command-injection.js:15:14:15:25 | fewerArgs[0] | -| command-line-parameter-command-injection.js:15:14:15:25 | fewerArgs[0] | -| command-line-parameter-command-injection.js:16:14:16:37 | "cmd.sh ... Args[0] | -| command-line-parameter-command-injection.js:16:14:16:37 | "cmd.sh ... Args[0] | -| command-line-parameter-command-injection.js:16:26:16:34 | fewerArgs | -| command-line-parameter-command-injection.js:16:26:16:37 | fewerArgs[0] | -| command-line-parameter-command-injection.js:18:6:18:24 | arg0 | -| command-line-parameter-command-injection.js:18:13:18:21 | fewerArgs | -| command-line-parameter-command-injection.js:18:13:18:24 | fewerArgs[0] | -| command-line-parameter-command-injection.js:19:14:19:17 | arg0 | -| command-line-parameter-command-injection.js:19:14:19:17 | arg0 | -| command-line-parameter-command-injection.js:20:14:20:29 | "cmd.sh " + arg0 | -| command-line-parameter-command-injection.js:20:14:20:29 | "cmd.sh " + arg0 | -| command-line-parameter-command-injection.js:20:26:20:29 | arg0 | -| command-line-parameter-command-injection.js:24:8:24:35 | args | -| command-line-parameter-command-injection.js:24:15:24:26 | process.argv | -| command-line-parameter-command-injection.js:24:15:24:26 | process.argv | -| command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) | -| command-line-parameter-command-injection.js:26:14:26:50 | `node $ ... ption"` | -| command-line-parameter-command-injection.js:26:14:26:50 | `node $ ... ption"` | -| command-line-parameter-command-injection.js:26:32:26:35 | args | -| command-line-parameter-command-injection.js:26:32:26:38 | args[0] | -| command-line-parameter-command-injection.js:27:14:27:57 | `node $ ... ption"` | -| command-line-parameter-command-injection.js:27:14:27:57 | `node $ ... ption"` | -| command-line-parameter-command-injection.js:27:32:27:35 | args | -| command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') | -| command-line-parameter-command-injection.js:30:9:30:50 | "cmd.sh ... )().foo | -| command-line-parameter-command-injection.js:30:9:30:50 | "cmd.sh ... )().foo | -| command-line-parameter-command-injection.js:30:21:30:46 | require ... rgs")() | -| command-line-parameter-command-injection.js:30:21:30:46 | require ... rgs")() | -| command-line-parameter-command-injection.js:30:21:30:50 | require ... )().foo | -| command-line-parameter-command-injection.js:32:9:32:45 | "cmd.sh ... rgv.foo | -| command-line-parameter-command-injection.js:32:9:32:45 | "cmd.sh ... rgv.foo | -| command-line-parameter-command-injection.js:32:21:32:41 | require ... ").argv | -| command-line-parameter-command-injection.js:32:21:32:41 | require ... ").argv | -| command-line-parameter-command-injection.js:32:21:32:45 | require ... rgv.foo | -| command-line-parameter-command-injection.js:33:9:33:48 | "cmd.sh ... rgv.foo | -| command-line-parameter-command-injection.js:33:9:33:48 | "cmd.sh ... rgv.foo | -| command-line-parameter-command-injection.js:33:21:33:44 | require ... ").argv | -| command-line-parameter-command-injection.js:33:21:33:44 | require ... ").argv | -| command-line-parameter-command-injection.js:33:21:33:48 | require ... rgv.foo | -| command-line-parameter-command-injection.js:36:6:39:7 | args | -| command-line-parameter-command-injection.js:36:13:39:7 | require ... \\t\\t.argv | -| command-line-parameter-command-injection.js:36:13:39:7 | require ... \\t\\t.argv | -| command-line-parameter-command-injection.js:41:10:41:25 | "cmd.sh " + args | -| command-line-parameter-command-injection.js:41:10:41:25 | "cmd.sh " + args | -| command-line-parameter-command-injection.js:41:22:41:25 | args | -| command-line-parameter-command-injection.js:43:10:43:62 | "cmd.sh ... e().foo | -| command-line-parameter-command-injection.js:43:10:43:62 | "cmd.sh ... e().foo | -| command-line-parameter-command-injection.js:43:22:43:58 | require ... parse() | -| command-line-parameter-command-injection.js:43:22:43:58 | require ... parse() | -| command-line-parameter-command-injection.js:43:22:43:62 | require ... e().foo | -| command-line-parameter-command-injection.js:47:8:53:12 | args | -| command-line-parameter-command-injection.js:48:3:50:3 | argv: { ... rgs\\n\\t\\t} | -| command-line-parameter-command-injection.js:48:3:50:3 | argv: { ... rgs\\n\\t\\t} | -| command-line-parameter-command-injection.js:48:9:50:3 | {\\n\\t\\t\\t...args\\n\\t\\t} | -| command-line-parameter-command-injection.js:55:10:55:25 | "cmd.sh " + args | -| command-line-parameter-command-injection.js:55:10:55:25 | "cmd.sh " + args | -| command-line-parameter-command-injection.js:55:22:55:25 | args | -| command-line-parameter-command-injection.js:57:6:57:37 | tainted1 | -| command-line-parameter-command-injection.js:57:17:57:37 | require ... ').argv | -| command-line-parameter-command-injection.js:57:17:57:37 | require ... ').argv | -| command-line-parameter-command-injection.js:58:6:58:40 | tainted2 | -| command-line-parameter-command-injection.js:58:17:58:40 | require ... parse() | -| command-line-parameter-command-injection.js:58:17:58:40 | require ... parse() | -| command-line-parameter-command-injection.js:60:8:63:2 | taint1rest | -| command-line-parameter-command-injection.js:60:8:63:2 | taint2rest | -| command-line-parameter-command-injection.js:60:9:60:31 | taint1: ... t1rest} | -| command-line-parameter-command-injection.js:60:17:60:31 | {...taint1rest} | -| command-line-parameter-command-injection.js:60:33:60:55 | taint2: ... t2rest} | -| command-line-parameter-command-injection.js:60:41:60:55 | {...taint2rest} | -| command-line-parameter-command-injection.js:61:11:61:18 | tainted1 | -| command-line-parameter-command-injection.js:62:11:62:18 | tainted2 | -| command-line-parameter-command-injection.js:65:10:65:31 | "cmd.sh ... nt1rest | -| command-line-parameter-command-injection.js:65:10:65:31 | "cmd.sh ... nt1rest | -| command-line-parameter-command-injection.js:65:22:65:31 | taint1rest | -| command-line-parameter-command-injection.js:66:10:66:31 | "cmd.sh ... nt2rest | -| command-line-parameter-command-injection.js:66:10:66:31 | "cmd.sh ... nt2rest | -| command-line-parameter-command-injection.js:66:22:66:31 | taint2rest | -| command-line-parameter-command-injection.js:68:6:68:16 | {...taint3} | -| command-line-parameter-command-injection.js:68:6:68:40 | taint3 | -| command-line-parameter-command-injection.js:68:20:68:40 | require ... ').argv | -| command-line-parameter-command-injection.js:68:20:68:40 | require ... ').argv | -| command-line-parameter-command-injection.js:69:10:69:27 | "cmd.sh " + taint3 | -| command-line-parameter-command-injection.js:69:10:69:27 | "cmd.sh " + taint3 | -| command-line-parameter-command-injection.js:69:22:69:27 | taint3 | -| command-line-parameter-command-injection.js:71:6:71:16 | [...taint4] | -| command-line-parameter-command-injection.js:71:6:71:40 | taint4 | -| command-line-parameter-command-injection.js:71:20:71:40 | require ... ').argv | -| command-line-parameter-command-injection.js:71:20:71:40 | require ... ').argv | -| command-line-parameter-command-injection.js:72:10:72:27 | "cmd.sh " + taint4 | -| command-line-parameter-command-injection.js:72:10:72:27 | "cmd.sh " + taint4 | -| command-line-parameter-command-injection.js:72:22:72:27 | taint4 | -| command-line-parameter-command-injection.js:76:8:76:35 | argv | -| command-line-parameter-command-injection.js:76:15:76:26 | process.argv | -| command-line-parameter-command-injection.js:76:15:76:26 | process.argv | -| command-line-parameter-command-injection.js:76:15:76:35 | process ... lice(2) | -| command-line-parameter-command-injection.js:79:10:79:39 | "cmd.sh ... gv).foo | -| command-line-parameter-command-injection.js:79:10:79:39 | "cmd.sh ... gv).foo | -| command-line-parameter-command-injection.js:79:22:79:35 | minimist(argv) | -| command-line-parameter-command-injection.js:79:22:79:39 | minimist(argv).foo | -| command-line-parameter-command-injection.js:79:31:79:34 | argv | -| command-line-parameter-command-injection.js:82:10:82:54 | "cmd.sh ... 2)).foo | -| command-line-parameter-command-injection.js:82:10:82:54 | "cmd.sh ... 2)).foo | -| command-line-parameter-command-injection.js:82:22:82:50 | subarg( ... ice(2)) | -| command-line-parameter-command-injection.js:82:22:82:54 | subarg( ... 2)).foo | -| command-line-parameter-command-injection.js:82:29:82:40 | process.argv | -| command-line-parameter-command-injection.js:82:29:82:40 | process.argv | -| command-line-parameter-command-injection.js:82:29:82:49 | process ... lice(2) | -| command-line-parameter-command-injection.js:85:10:85:59 | "cmd.sh ... 2)).foo | -| command-line-parameter-command-injection.js:85:10:85:59 | "cmd.sh ... 2)).foo | -| command-line-parameter-command-injection.js:85:22:85:55 | yargsPa ... ice(2)) | -| command-line-parameter-command-injection.js:85:22:85:59 | yargsPa ... 2)).foo | -| command-line-parameter-command-injection.js:85:34:85:45 | process.argv | -| command-line-parameter-command-injection.js:85:34:85:45 | process.argv | -| command-line-parameter-command-injection.js:85:34:85:54 | process ... lice(2) | -| command-line-parameter-command-injection.js:88:6:88:37 | flags | -| command-line-parameter-command-injection.js:88:14:88:37 | args.pa ... s.argv) | -| command-line-parameter-command-injection.js:88:25:88:36 | process.argv | -| command-line-parameter-command-injection.js:88:25:88:36 | process.argv | -| command-line-parameter-command-injection.js:89:10:89:30 | "cmd.sh ... ags.foo | -| command-line-parameter-command-injection.js:89:10:89:30 | "cmd.sh ... ags.foo | -| command-line-parameter-command-injection.js:89:22:89:26 | flags | -| command-line-parameter-command-injection.js:89:22:89:30 | flags.foo | -| command-line-parameter-command-injection.js:91:6:91:38 | flags | -| command-line-parameter-command-injection.js:91:14:91:38 | require ... .spec}) | -| command-line-parameter-command-injection.js:91:14:91:38 | require ... .spec}) | -| command-line-parameter-command-injection.js:92:10:92:30 | "cmd.sh ... ags.foo | -| command-line-parameter-command-injection.js:92:10:92:30 | "cmd.sh ... ags.foo | -| command-line-parameter-command-injection.js:92:22:92:26 | flags | -| command-line-parameter-command-injection.js:92:22:92:30 | flags.foo | -| command-line-parameter-command-injection.js:102:10:102:44 | "cmd.sh ... s().foo | -| command-line-parameter-command-injection.js:102:10:102:44 | "cmd.sh ... s().foo | -| command-line-parameter-command-injection.js:102:22:102:40 | parser.parse_args() | -| command-line-parameter-command-injection.js:102:22:102:40 | parser.parse_args() | -| command-line-parameter-command-injection.js:102:22:102:44 | parser. ... s().foo | -| command-line-parameter-command-injection.js:107:8:107:51 | options | -| command-line-parameter-command-injection.js:107:18:107:51 | command ... itions) | -| command-line-parameter-command-injection.js:107:18:107:51 | command ... itions) | -| command-line-parameter-command-injection.js:108:10:108:32 | "cmd.sh ... ons.foo | -| command-line-parameter-command-injection.js:108:10:108:32 | "cmd.sh ... ons.foo | -| command-line-parameter-command-injection.js:108:22:108:28 | options | -| command-line-parameter-command-injection.js:108:22:108:32 | options.foo | -| command-line-parameter-command-injection.js:114:8:114:52 | cli | -| command-line-parameter-command-injection.js:114:14:114:52 | meow(`h ... lags}}) | -| command-line-parameter-command-injection.js:114:14:114:52 | meow(`h ... lags}}) | -| command-line-parameter-command-injection.js:116:10:116:33 | "cmd.sh ... nput[0] | -| command-line-parameter-command-injection.js:116:10:116:33 | "cmd.sh ... nput[0] | -| command-line-parameter-command-injection.js:116:22:116:24 | cli | -| command-line-parameter-command-injection.js:116:22:116:30 | cli.input | -| command-line-parameter-command-injection.js:116:22:116:33 | cli.input[0] | -| command-line-parameter-command-injection.js:122:6:122:46 | opts | -| command-line-parameter-command-injection.js:122:13:122:46 | dashdas ... tions}) | -| command-line-parameter-command-injection.js:122:13:122:46 | dashdas ... tions}) | -| command-line-parameter-command-injection.js:124:10:124:29 | "cmd.sh " + opts.foo | -| command-line-parameter-command-injection.js:124:10:124:29 | "cmd.sh " + opts.foo | -| command-line-parameter-command-injection.js:124:22:124:25 | opts | -| command-line-parameter-command-injection.js:124:22:124:29 | opts.foo | -| command-line-parameter-command-injection.js:127:6:127:26 | opts | -| command-line-parameter-command-injection.js:127:13:127:26 | parser.parse() | -| command-line-parameter-command-injection.js:127:13:127:26 | parser.parse() | -| command-line-parameter-command-injection.js:129:10:129:29 | "cmd.sh " + opts.foo | -| command-line-parameter-command-injection.js:129:10:129:29 | "cmd.sh " + opts.foo | -| command-line-parameter-command-injection.js:129:22:129:25 | opts | -| command-line-parameter-command-injection.js:129:22:129:29 | opts.foo | -| command-line-parameter-command-injection.js:133:8:133:41 | program | -| command-line-parameter-command-injection.js:133:10:133:16 | program | -| command-line-parameter-command-injection.js:133:10:133:16 | program | -| command-line-parameter-command-injection.js:136:10:136:45 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:136:10:136:45 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:136:22:136:35 | program.opts() | -| command-line-parameter-command-injection.js:136:22:136:35 | program.opts() | -| command-line-parameter-command-injection.js:136:22:136:45 | program ... zzaType | -| command-line-parameter-command-injection.js:136:22:136:45 | program ... zzaType | -| command-line-parameter-command-injection.js:137:10:137:38 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:137:10:137:38 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:137:22:137:28 | program | -| command-line-parameter-command-injection.js:137:22:137:38 | program.pizzaType | -| command-line-parameter-command-injection.js:137:22:137:38 | program.pizzaType | -| command-line-parameter-command-injection.js:145:10:145:45 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:145:10:145:45 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:145:22:145:35 | program.opts() | -| command-line-parameter-command-injection.js:145:22:145:35 | program.opts() | -| command-line-parameter-command-injection.js:145:22:145:45 | program ... zzaType | -| command-line-parameter-command-injection.js:145:22:145:45 | program ... zzaType | -| command-line-parameter-command-injection.js:146:10:146:38 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:146:10:146:38 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:146:22:146:38 | program.pizzaType | -| command-line-parameter-command-injection.js:146:22:146:38 | program.pizzaType | edges -| actions.js:4:6:4:16 | process.env | actions.js:4:6:4:29 | process ... _DATA'] | -| actions.js:4:6:4:16 | process.env | actions.js:4:6:4:29 | process ... _DATA'] | -| actions.js:4:6:4:16 | process.env | actions.js:4:6:4:29 | process ... _DATA'] | -| actions.js:4:6:4:16 | process.env | actions.js:4:6:4:29 | process ... _DATA'] | -| actions.js:7:15:7:15 | e | actions.js:8:10:8:10 | e | -| actions.js:8:10:8:10 | e | actions.js:8:10:8:23 | e['TEST_DATA'] | -| actions.js:8:10:8:10 | e | actions.js:8:10:8:23 | e['TEST_DATA'] | -| actions.js:12:6:12:16 | process.env | actions.js:7:15:7:15 | e | -| actions.js:12:6:12:16 | process.env | actions.js:7:15:7:15 | e | -| actions.js:14:6:14:21 | getInput('data') | actions.js:14:6:14:21 | getInput('data') | -| command-line-parameter-command-injection.js:4:10:4:21 | process.argv | command-line-parameter-command-injection.js:4:10:4:21 | process.argv | -| command-line-parameter-command-injection.js:8:22:8:33 | process.argv | command-line-parameter-command-injection.js:8:22:8:36 | process.argv[2] | -| command-line-parameter-command-injection.js:8:22:8:33 | process.argv | command-line-parameter-command-injection.js:8:22:8:36 | process.argv[2] | -| command-line-parameter-command-injection.js:8:22:8:36 | process.argv[2] | command-line-parameter-command-injection.js:8:10:8:36 | "cmd.sh ... argv[2] | -| command-line-parameter-command-injection.js:8:22:8:36 | process.argv[2] | command-line-parameter-command-injection.js:8:10:8:36 | "cmd.sh ... argv[2] | -| command-line-parameter-command-injection.js:10:6:10:33 | args | command-line-parameter-command-injection.js:11:14:11:17 | args | -| command-line-parameter-command-injection.js:10:6:10:33 | args | command-line-parameter-command-injection.js:12:26:12:29 | args | -| command-line-parameter-command-injection.js:10:6:10:33 | args | command-line-parameter-command-injection.js:14:18:14:21 | args | -| command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) | -| command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) | -| command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) | command-line-parameter-command-injection.js:10:6:10:33 | args | -| command-line-parameter-command-injection.js:11:14:11:17 | args | command-line-parameter-command-injection.js:11:14:11:20 | args[0] | -| command-line-parameter-command-injection.js:11:14:11:17 | args | command-line-parameter-command-injection.js:11:14:11:20 | args[0] | -| command-line-parameter-command-injection.js:12:26:12:29 | args | command-line-parameter-command-injection.js:12:26:12:32 | args[0] | -| command-line-parameter-command-injection.js:12:26:12:32 | args[0] | command-line-parameter-command-injection.js:12:14:12:32 | "cmd.sh " + args[0] | -| command-line-parameter-command-injection.js:12:26:12:32 | args[0] | command-line-parameter-command-injection.js:12:14:12:32 | "cmd.sh " + args[0] | -| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs | command-line-parameter-command-injection.js:15:14:15:22 | fewerArgs | -| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs | command-line-parameter-command-injection.js:16:26:16:34 | fewerArgs | -| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs | command-line-parameter-command-injection.js:18:13:18:21 | fewerArgs | -| command-line-parameter-command-injection.js:14:18:14:21 | args | command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) | -| command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) | command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs | -| command-line-parameter-command-injection.js:15:14:15:22 | fewerArgs | command-line-parameter-command-injection.js:15:14:15:25 | fewerArgs[0] | -| command-line-parameter-command-injection.js:15:14:15:22 | fewerArgs | command-line-parameter-command-injection.js:15:14:15:25 | fewerArgs[0] | -| command-line-parameter-command-injection.js:16:26:16:34 | fewerArgs | command-line-parameter-command-injection.js:16:26:16:37 | fewerArgs[0] | -| command-line-parameter-command-injection.js:16:26:16:37 | fewerArgs[0] | command-line-parameter-command-injection.js:16:14:16:37 | "cmd.sh ... Args[0] | -| command-line-parameter-command-injection.js:16:26:16:37 | fewerArgs[0] | command-line-parameter-command-injection.js:16:14:16:37 | "cmd.sh ... Args[0] | -| command-line-parameter-command-injection.js:18:6:18:24 | arg0 | command-line-parameter-command-injection.js:19:14:19:17 | arg0 | -| command-line-parameter-command-injection.js:18:6:18:24 | arg0 | command-line-parameter-command-injection.js:19:14:19:17 | arg0 | -| command-line-parameter-command-injection.js:18:6:18:24 | arg0 | command-line-parameter-command-injection.js:20:26:20:29 | arg0 | -| command-line-parameter-command-injection.js:18:13:18:21 | fewerArgs | command-line-parameter-command-injection.js:18:13:18:24 | fewerArgs[0] | -| command-line-parameter-command-injection.js:18:13:18:24 | fewerArgs[0] | command-line-parameter-command-injection.js:18:6:18:24 | arg0 | -| command-line-parameter-command-injection.js:20:26:20:29 | arg0 | command-line-parameter-command-injection.js:20:14:20:29 | "cmd.sh " + arg0 | -| command-line-parameter-command-injection.js:20:26:20:29 | arg0 | command-line-parameter-command-injection.js:20:14:20:29 | "cmd.sh " + arg0 | -| command-line-parameter-command-injection.js:24:8:24:35 | args | command-line-parameter-command-injection.js:26:32:26:35 | args | -| command-line-parameter-command-injection.js:24:8:24:35 | args | command-line-parameter-command-injection.js:27:32:27:35 | args | -| command-line-parameter-command-injection.js:24:15:24:26 | process.argv | command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) | -| command-line-parameter-command-injection.js:24:15:24:26 | process.argv | command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) | -| command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) | command-line-parameter-command-injection.js:24:8:24:35 | args | -| command-line-parameter-command-injection.js:26:32:26:35 | args | command-line-parameter-command-injection.js:26:32:26:38 | args[0] | -| command-line-parameter-command-injection.js:26:32:26:38 | args[0] | command-line-parameter-command-injection.js:26:14:26:50 | `node $ ... ption"` | -| command-line-parameter-command-injection.js:26:32:26:38 | args[0] | command-line-parameter-command-injection.js:26:14:26:50 | `node $ ... ption"` | -| command-line-parameter-command-injection.js:27:32:27:35 | args | command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') | -| command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') | command-line-parameter-command-injection.js:27:14:27:57 | `node $ ... ption"` | -| command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') | command-line-parameter-command-injection.js:27:14:27:57 | `node $ ... ption"` | -| command-line-parameter-command-injection.js:30:21:30:46 | require ... rgs")() | command-line-parameter-command-injection.js:30:21:30:50 | require ... )().foo | -| command-line-parameter-command-injection.js:30:21:30:46 | require ... rgs")() | command-line-parameter-command-injection.js:30:21:30:50 | require ... )().foo | -| command-line-parameter-command-injection.js:30:21:30:50 | require ... )().foo | command-line-parameter-command-injection.js:30:9:30:50 | "cmd.sh ... )().foo | -| command-line-parameter-command-injection.js:30:21:30:50 | require ... )().foo | command-line-parameter-command-injection.js:30:9:30:50 | "cmd.sh ... )().foo | -| command-line-parameter-command-injection.js:32:21:32:41 | require ... ").argv | command-line-parameter-command-injection.js:32:21:32:45 | require ... rgv.foo | -| command-line-parameter-command-injection.js:32:21:32:41 | require ... ").argv | command-line-parameter-command-injection.js:32:21:32:45 | require ... rgv.foo | -| command-line-parameter-command-injection.js:32:21:32:45 | require ... rgv.foo | command-line-parameter-command-injection.js:32:9:32:45 | "cmd.sh ... rgv.foo | -| command-line-parameter-command-injection.js:32:21:32:45 | require ... rgv.foo | command-line-parameter-command-injection.js:32:9:32:45 | "cmd.sh ... rgv.foo | -| command-line-parameter-command-injection.js:33:21:33:44 | require ... ").argv | command-line-parameter-command-injection.js:33:21:33:48 | require ... rgv.foo | -| command-line-parameter-command-injection.js:33:21:33:44 | require ... ").argv | command-line-parameter-command-injection.js:33:21:33:48 | require ... rgv.foo | -| command-line-parameter-command-injection.js:33:21:33:48 | require ... rgv.foo | command-line-parameter-command-injection.js:33:9:33:48 | "cmd.sh ... rgv.foo | -| command-line-parameter-command-injection.js:33:21:33:48 | require ... rgv.foo | command-line-parameter-command-injection.js:33:9:33:48 | "cmd.sh ... rgv.foo | -| command-line-parameter-command-injection.js:36:6:39:7 | args | command-line-parameter-command-injection.js:41:22:41:25 | args | -| command-line-parameter-command-injection.js:36:13:39:7 | require ... \\t\\t.argv | command-line-parameter-command-injection.js:36:6:39:7 | args | -| command-line-parameter-command-injection.js:36:13:39:7 | require ... \\t\\t.argv | command-line-parameter-command-injection.js:36:6:39:7 | args | -| command-line-parameter-command-injection.js:41:22:41:25 | args | command-line-parameter-command-injection.js:41:10:41:25 | "cmd.sh " + args | -| command-line-parameter-command-injection.js:41:22:41:25 | args | command-line-parameter-command-injection.js:41:10:41:25 | "cmd.sh " + args | -| command-line-parameter-command-injection.js:43:22:43:58 | require ... parse() | command-line-parameter-command-injection.js:43:22:43:62 | require ... e().foo | -| command-line-parameter-command-injection.js:43:22:43:58 | require ... parse() | command-line-parameter-command-injection.js:43:22:43:62 | require ... e().foo | -| command-line-parameter-command-injection.js:43:22:43:62 | require ... e().foo | command-line-parameter-command-injection.js:43:10:43:62 | "cmd.sh ... e().foo | -| command-line-parameter-command-injection.js:43:22:43:62 | require ... e().foo | command-line-parameter-command-injection.js:43:10:43:62 | "cmd.sh ... e().foo | -| command-line-parameter-command-injection.js:47:8:53:12 | args | command-line-parameter-command-injection.js:55:22:55:25 | args | -| command-line-parameter-command-injection.js:48:3:50:3 | argv: { ... rgs\\n\\t\\t} | command-line-parameter-command-injection.js:48:9:50:3 | {\\n\\t\\t\\t...args\\n\\t\\t} | -| command-line-parameter-command-injection.js:48:3:50:3 | argv: { ... rgs\\n\\t\\t} | command-line-parameter-command-injection.js:48:9:50:3 | {\\n\\t\\t\\t...args\\n\\t\\t} | -| command-line-parameter-command-injection.js:48:9:50:3 | {\\n\\t\\t\\t...args\\n\\t\\t} | command-line-parameter-command-injection.js:47:8:53:12 | args | -| command-line-parameter-command-injection.js:55:22:55:25 | args | command-line-parameter-command-injection.js:55:10:55:25 | "cmd.sh " + args | -| command-line-parameter-command-injection.js:55:22:55:25 | args | command-line-parameter-command-injection.js:55:10:55:25 | "cmd.sh " + args | -| command-line-parameter-command-injection.js:57:6:57:37 | tainted1 | command-line-parameter-command-injection.js:61:11:61:18 | tainted1 | -| command-line-parameter-command-injection.js:57:17:57:37 | require ... ').argv | command-line-parameter-command-injection.js:57:6:57:37 | tainted1 | -| command-line-parameter-command-injection.js:57:17:57:37 | require ... ').argv | command-line-parameter-command-injection.js:57:6:57:37 | tainted1 | -| command-line-parameter-command-injection.js:58:6:58:40 | tainted2 | command-line-parameter-command-injection.js:62:11:62:18 | tainted2 | -| command-line-parameter-command-injection.js:58:17:58:40 | require ... parse() | command-line-parameter-command-injection.js:58:6:58:40 | tainted2 | -| command-line-parameter-command-injection.js:58:17:58:40 | require ... parse() | command-line-parameter-command-injection.js:58:6:58:40 | tainted2 | -| command-line-parameter-command-injection.js:60:8:63:2 | taint1rest | command-line-parameter-command-injection.js:65:22:65:31 | taint1rest | -| command-line-parameter-command-injection.js:60:8:63:2 | taint2rest | command-line-parameter-command-injection.js:66:22:66:31 | taint2rest | -| command-line-parameter-command-injection.js:60:9:60:31 | taint1: ... t1rest} | command-line-parameter-command-injection.js:60:17:60:31 | {...taint1rest} | -| command-line-parameter-command-injection.js:60:17:60:31 | {...taint1rest} | command-line-parameter-command-injection.js:60:8:63:2 | taint1rest | -| command-line-parameter-command-injection.js:60:33:60:55 | taint2: ... t2rest} | command-line-parameter-command-injection.js:60:41:60:55 | {...taint2rest} | -| command-line-parameter-command-injection.js:60:41:60:55 | {...taint2rest} | command-line-parameter-command-injection.js:60:8:63:2 | taint2rest | -| command-line-parameter-command-injection.js:61:11:61:18 | tainted1 | command-line-parameter-command-injection.js:60:9:60:31 | taint1: ... t1rest} | -| command-line-parameter-command-injection.js:62:11:62:18 | tainted2 | command-line-parameter-command-injection.js:60:33:60:55 | taint2: ... t2rest} | -| command-line-parameter-command-injection.js:65:22:65:31 | taint1rest | command-line-parameter-command-injection.js:65:10:65:31 | "cmd.sh ... nt1rest | -| command-line-parameter-command-injection.js:65:22:65:31 | taint1rest | command-line-parameter-command-injection.js:65:10:65:31 | "cmd.sh ... nt1rest | -| command-line-parameter-command-injection.js:66:22:66:31 | taint2rest | command-line-parameter-command-injection.js:66:10:66:31 | "cmd.sh ... nt2rest | -| command-line-parameter-command-injection.js:66:22:66:31 | taint2rest | command-line-parameter-command-injection.js:66:10:66:31 | "cmd.sh ... nt2rest | -| command-line-parameter-command-injection.js:68:6:68:16 | {...taint3} | command-line-parameter-command-injection.js:68:6:68:40 | taint3 | -| command-line-parameter-command-injection.js:68:6:68:40 | taint3 | command-line-parameter-command-injection.js:69:22:69:27 | taint3 | -| command-line-parameter-command-injection.js:68:20:68:40 | require ... ').argv | command-line-parameter-command-injection.js:68:6:68:16 | {...taint3} | -| command-line-parameter-command-injection.js:68:20:68:40 | require ... ').argv | command-line-parameter-command-injection.js:68:6:68:16 | {...taint3} | -| command-line-parameter-command-injection.js:69:22:69:27 | taint3 | command-line-parameter-command-injection.js:69:10:69:27 | "cmd.sh " + taint3 | -| command-line-parameter-command-injection.js:69:22:69:27 | taint3 | command-line-parameter-command-injection.js:69:10:69:27 | "cmd.sh " + taint3 | -| command-line-parameter-command-injection.js:71:6:71:16 | [...taint4] | command-line-parameter-command-injection.js:71:6:71:40 | taint4 | -| command-line-parameter-command-injection.js:71:6:71:40 | taint4 | command-line-parameter-command-injection.js:72:22:72:27 | taint4 | -| command-line-parameter-command-injection.js:71:20:71:40 | require ... ').argv | command-line-parameter-command-injection.js:71:6:71:16 | [...taint4] | -| command-line-parameter-command-injection.js:71:20:71:40 | require ... ').argv | command-line-parameter-command-injection.js:71:6:71:16 | [...taint4] | -| command-line-parameter-command-injection.js:72:22:72:27 | taint4 | command-line-parameter-command-injection.js:72:10:72:27 | "cmd.sh " + taint4 | -| command-line-parameter-command-injection.js:72:22:72:27 | taint4 | command-line-parameter-command-injection.js:72:10:72:27 | "cmd.sh " + taint4 | -| command-line-parameter-command-injection.js:76:8:76:35 | argv | command-line-parameter-command-injection.js:79:31:79:34 | argv | -| command-line-parameter-command-injection.js:76:15:76:26 | process.argv | command-line-parameter-command-injection.js:76:15:76:35 | process ... lice(2) | -| command-line-parameter-command-injection.js:76:15:76:26 | process.argv | command-line-parameter-command-injection.js:76:15:76:35 | process ... lice(2) | -| command-line-parameter-command-injection.js:76:15:76:35 | process ... lice(2) | command-line-parameter-command-injection.js:76:8:76:35 | argv | -| command-line-parameter-command-injection.js:79:22:79:35 | minimist(argv) | command-line-parameter-command-injection.js:79:22:79:39 | minimist(argv).foo | -| command-line-parameter-command-injection.js:79:22:79:39 | minimist(argv).foo | command-line-parameter-command-injection.js:79:10:79:39 | "cmd.sh ... gv).foo | -| command-line-parameter-command-injection.js:79:22:79:39 | minimist(argv).foo | command-line-parameter-command-injection.js:79:10:79:39 | "cmd.sh ... gv).foo | -| command-line-parameter-command-injection.js:79:31:79:34 | argv | command-line-parameter-command-injection.js:79:22:79:35 | minimist(argv) | -| command-line-parameter-command-injection.js:82:22:82:50 | subarg( ... ice(2)) | command-line-parameter-command-injection.js:82:22:82:54 | subarg( ... 2)).foo | -| command-line-parameter-command-injection.js:82:22:82:54 | subarg( ... 2)).foo | command-line-parameter-command-injection.js:82:10:82:54 | "cmd.sh ... 2)).foo | -| command-line-parameter-command-injection.js:82:22:82:54 | subarg( ... 2)).foo | command-line-parameter-command-injection.js:82:10:82:54 | "cmd.sh ... 2)).foo | -| command-line-parameter-command-injection.js:82:29:82:40 | process.argv | command-line-parameter-command-injection.js:82:29:82:49 | process ... lice(2) | -| command-line-parameter-command-injection.js:82:29:82:40 | process.argv | command-line-parameter-command-injection.js:82:29:82:49 | process ... lice(2) | -| command-line-parameter-command-injection.js:82:29:82:49 | process ... lice(2) | command-line-parameter-command-injection.js:82:22:82:50 | subarg( ... ice(2)) | -| command-line-parameter-command-injection.js:85:22:85:55 | yargsPa ... ice(2)) | command-line-parameter-command-injection.js:85:22:85:59 | yargsPa ... 2)).foo | -| command-line-parameter-command-injection.js:85:22:85:59 | yargsPa ... 2)).foo | command-line-parameter-command-injection.js:85:10:85:59 | "cmd.sh ... 2)).foo | -| command-line-parameter-command-injection.js:85:22:85:59 | yargsPa ... 2)).foo | command-line-parameter-command-injection.js:85:10:85:59 | "cmd.sh ... 2)).foo | -| command-line-parameter-command-injection.js:85:34:85:45 | process.argv | command-line-parameter-command-injection.js:85:34:85:54 | process ... lice(2) | -| command-line-parameter-command-injection.js:85:34:85:45 | process.argv | command-line-parameter-command-injection.js:85:34:85:54 | process ... lice(2) | -| command-line-parameter-command-injection.js:85:34:85:54 | process ... lice(2) | command-line-parameter-command-injection.js:85:22:85:55 | yargsPa ... ice(2)) | -| command-line-parameter-command-injection.js:88:6:88:37 | flags | command-line-parameter-command-injection.js:89:22:89:26 | flags | -| command-line-parameter-command-injection.js:88:14:88:37 | args.pa ... s.argv) | command-line-parameter-command-injection.js:88:6:88:37 | flags | -| command-line-parameter-command-injection.js:88:25:88:36 | process.argv | command-line-parameter-command-injection.js:88:14:88:37 | args.pa ... s.argv) | -| command-line-parameter-command-injection.js:88:25:88:36 | process.argv | command-line-parameter-command-injection.js:88:14:88:37 | args.pa ... s.argv) | -| command-line-parameter-command-injection.js:89:22:89:26 | flags | command-line-parameter-command-injection.js:89:22:89:30 | flags.foo | -| command-line-parameter-command-injection.js:89:22:89:30 | flags.foo | command-line-parameter-command-injection.js:89:10:89:30 | "cmd.sh ... ags.foo | -| command-line-parameter-command-injection.js:89:22:89:30 | flags.foo | command-line-parameter-command-injection.js:89:10:89:30 | "cmd.sh ... ags.foo | -| command-line-parameter-command-injection.js:91:6:91:38 | flags | command-line-parameter-command-injection.js:92:22:92:26 | flags | -| command-line-parameter-command-injection.js:91:14:91:38 | require ... .spec}) | command-line-parameter-command-injection.js:91:6:91:38 | flags | -| command-line-parameter-command-injection.js:91:14:91:38 | require ... .spec}) | command-line-parameter-command-injection.js:91:6:91:38 | flags | -| command-line-parameter-command-injection.js:92:22:92:26 | flags | command-line-parameter-command-injection.js:92:22:92:30 | flags.foo | -| command-line-parameter-command-injection.js:92:22:92:30 | flags.foo | command-line-parameter-command-injection.js:92:10:92:30 | "cmd.sh ... ags.foo | -| command-line-parameter-command-injection.js:92:22:92:30 | flags.foo | command-line-parameter-command-injection.js:92:10:92:30 | "cmd.sh ... ags.foo | -| command-line-parameter-command-injection.js:102:22:102:40 | parser.parse_args() | command-line-parameter-command-injection.js:102:22:102:44 | parser. ... s().foo | -| command-line-parameter-command-injection.js:102:22:102:40 | parser.parse_args() | command-line-parameter-command-injection.js:102:22:102:44 | parser. ... s().foo | -| command-line-parameter-command-injection.js:102:22:102:44 | parser. ... s().foo | command-line-parameter-command-injection.js:102:10:102:44 | "cmd.sh ... s().foo | -| command-line-parameter-command-injection.js:102:22:102:44 | parser. ... s().foo | command-line-parameter-command-injection.js:102:10:102:44 | "cmd.sh ... s().foo | -| command-line-parameter-command-injection.js:107:8:107:51 | options | command-line-parameter-command-injection.js:108:22:108:28 | options | -| command-line-parameter-command-injection.js:107:18:107:51 | command ... itions) | command-line-parameter-command-injection.js:107:8:107:51 | options | -| command-line-parameter-command-injection.js:107:18:107:51 | command ... itions) | command-line-parameter-command-injection.js:107:8:107:51 | options | -| command-line-parameter-command-injection.js:108:22:108:28 | options | command-line-parameter-command-injection.js:108:22:108:32 | options.foo | -| command-line-parameter-command-injection.js:108:22:108:32 | options.foo | command-line-parameter-command-injection.js:108:10:108:32 | "cmd.sh ... ons.foo | -| command-line-parameter-command-injection.js:108:22:108:32 | options.foo | command-line-parameter-command-injection.js:108:10:108:32 | "cmd.sh ... ons.foo | -| command-line-parameter-command-injection.js:114:8:114:52 | cli | command-line-parameter-command-injection.js:116:22:116:24 | cli | -| command-line-parameter-command-injection.js:114:14:114:52 | meow(`h ... lags}}) | command-line-parameter-command-injection.js:114:8:114:52 | cli | -| command-line-parameter-command-injection.js:114:14:114:52 | meow(`h ... lags}}) | command-line-parameter-command-injection.js:114:8:114:52 | cli | -| command-line-parameter-command-injection.js:116:22:116:24 | cli | command-line-parameter-command-injection.js:116:22:116:30 | cli.input | -| command-line-parameter-command-injection.js:116:22:116:30 | cli.input | command-line-parameter-command-injection.js:116:22:116:33 | cli.input[0] | -| command-line-parameter-command-injection.js:116:22:116:33 | cli.input[0] | command-line-parameter-command-injection.js:116:10:116:33 | "cmd.sh ... nput[0] | -| command-line-parameter-command-injection.js:116:22:116:33 | cli.input[0] | command-line-parameter-command-injection.js:116:10:116:33 | "cmd.sh ... nput[0] | -| command-line-parameter-command-injection.js:122:6:122:46 | opts | command-line-parameter-command-injection.js:124:22:124:25 | opts | -| command-line-parameter-command-injection.js:122:13:122:46 | dashdas ... tions}) | command-line-parameter-command-injection.js:122:6:122:46 | opts | -| command-line-parameter-command-injection.js:122:13:122:46 | dashdas ... tions}) | command-line-parameter-command-injection.js:122:6:122:46 | opts | -| command-line-parameter-command-injection.js:124:22:124:25 | opts | command-line-parameter-command-injection.js:124:22:124:29 | opts.foo | -| command-line-parameter-command-injection.js:124:22:124:29 | opts.foo | command-line-parameter-command-injection.js:124:10:124:29 | "cmd.sh " + opts.foo | -| command-line-parameter-command-injection.js:124:22:124:29 | opts.foo | command-line-parameter-command-injection.js:124:10:124:29 | "cmd.sh " + opts.foo | -| command-line-parameter-command-injection.js:127:6:127:26 | opts | command-line-parameter-command-injection.js:129:22:129:25 | opts | -| command-line-parameter-command-injection.js:127:13:127:26 | parser.parse() | command-line-parameter-command-injection.js:127:6:127:26 | opts | -| command-line-parameter-command-injection.js:127:13:127:26 | parser.parse() | command-line-parameter-command-injection.js:127:6:127:26 | opts | -| command-line-parameter-command-injection.js:129:22:129:25 | opts | command-line-parameter-command-injection.js:129:22:129:29 | opts.foo | -| command-line-parameter-command-injection.js:129:22:129:29 | opts.foo | command-line-parameter-command-injection.js:129:10:129:29 | "cmd.sh " + opts.foo | -| command-line-parameter-command-injection.js:129:22:129:29 | opts.foo | command-line-parameter-command-injection.js:129:10:129:29 | "cmd.sh " + opts.foo | -| command-line-parameter-command-injection.js:133:8:133:41 | program | command-line-parameter-command-injection.js:137:22:137:28 | program | -| command-line-parameter-command-injection.js:133:10:133:16 | program | command-line-parameter-command-injection.js:133:8:133:41 | program | -| command-line-parameter-command-injection.js:133:10:133:16 | program | command-line-parameter-command-injection.js:133:8:133:41 | program | -| command-line-parameter-command-injection.js:136:22:136:35 | program.opts() | command-line-parameter-command-injection.js:136:22:136:45 | program ... zzaType | -| command-line-parameter-command-injection.js:136:22:136:35 | program.opts() | command-line-parameter-command-injection.js:136:22:136:45 | program ... zzaType | -| command-line-parameter-command-injection.js:136:22:136:45 | program ... zzaType | command-line-parameter-command-injection.js:136:10:136:45 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:136:22:136:45 | program ... zzaType | command-line-parameter-command-injection.js:136:10:136:45 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:136:22:136:45 | program ... zzaType | command-line-parameter-command-injection.js:136:10:136:45 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:136:22:136:45 | program ... zzaType | command-line-parameter-command-injection.js:136:10:136:45 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:137:22:137:28 | program | command-line-parameter-command-injection.js:137:22:137:38 | program.pizzaType | -| command-line-parameter-command-injection.js:137:22:137:38 | program.pizzaType | command-line-parameter-command-injection.js:137:10:137:38 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:137:22:137:38 | program.pizzaType | command-line-parameter-command-injection.js:137:10:137:38 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:137:22:137:38 | program.pizzaType | command-line-parameter-command-injection.js:137:10:137:38 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:137:22:137:38 | program.pizzaType | command-line-parameter-command-injection.js:137:10:137:38 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:145:22:145:35 | program.opts() | command-line-parameter-command-injection.js:145:22:145:45 | program ... zzaType | -| command-line-parameter-command-injection.js:145:22:145:35 | program.opts() | command-line-parameter-command-injection.js:145:22:145:45 | program ... zzaType | -| command-line-parameter-command-injection.js:145:22:145:45 | program ... zzaType | command-line-parameter-command-injection.js:145:10:145:45 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:145:22:145:45 | program ... zzaType | command-line-parameter-command-injection.js:145:10:145:45 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:145:22:145:45 | program ... zzaType | command-line-parameter-command-injection.js:145:10:145:45 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:145:22:145:45 | program ... zzaType | command-line-parameter-command-injection.js:145:10:145:45 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:146:22:146:38 | program.pizzaType | command-line-parameter-command-injection.js:146:10:146:38 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:146:22:146:38 | program.pizzaType | command-line-parameter-command-injection.js:146:10:146:38 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:146:22:146:38 | program.pizzaType | command-line-parameter-command-injection.js:146:10:146:38 | "cmd.sh ... zzaType | -| command-line-parameter-command-injection.js:146:22:146:38 | program.pizzaType | command-line-parameter-command-injection.js:146:10:146:38 | "cmd.sh ... zzaType | +| actions.js:4:6:4:16 | process.env | actions.js:4:6:4:29 | process ... _DATA'] | provenance | | +| actions.js:7:15:7:15 | e | actions.js:8:10:8:10 | e | provenance | | +| actions.js:8:10:8:10 | e | actions.js:8:10:8:23 | e['TEST_DATA'] | provenance | | +| actions.js:12:6:12:16 | process.env | actions.js:7:15:7:15 | e | provenance | | +| command-line-parameter-command-injection.js:8:22:8:33 | process.argv | command-line-parameter-command-injection.js:8:10:8:36 | "cmd.sh ... argv[2] | provenance | | +| command-line-parameter-command-injection.js:10:6:10:33 | args | command-line-parameter-command-injection.js:11:14:11:17 | args | provenance | | +| command-line-parameter-command-injection.js:10:6:10:33 | args | command-line-parameter-command-injection.js:12:26:12:29 | args | provenance | | +| command-line-parameter-command-injection.js:10:6:10:33 | args | command-line-parameter-command-injection.js:14:18:14:21 | args | provenance | | +| command-line-parameter-command-injection.js:10:6:10:33 | args [ArrayElement] | command-line-parameter-command-injection.js:14:18:14:21 | args [ArrayElement] | provenance | | +| command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) | provenance | | +| command-line-parameter-command-injection.js:10:13:10:24 | process.argv | command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) [ArrayElement] | provenance | | +| command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) | command-line-parameter-command-injection.js:10:6:10:33 | args | provenance | | +| command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) [ArrayElement] | command-line-parameter-command-injection.js:10:6:10:33 | args [ArrayElement] | provenance | | +| command-line-parameter-command-injection.js:11:14:11:17 | args | command-line-parameter-command-injection.js:11:14:11:20 | args[0] | provenance | | +| command-line-parameter-command-injection.js:12:26:12:29 | args | command-line-parameter-command-injection.js:12:14:12:32 | "cmd.sh " + args[0] | provenance | | +| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs | command-line-parameter-command-injection.js:15:14:15:22 | fewerArgs | provenance | | +| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs | command-line-parameter-command-injection.js:16:26:16:34 | fewerArgs | provenance | | +| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs | command-line-parameter-command-injection.js:18:13:18:21 | fewerArgs | provenance | | +| command-line-parameter-command-injection.js:14:18:14:21 | args | command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) | provenance | | +| command-line-parameter-command-injection.js:14:18:14:21 | args [ArrayElement] | command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) | provenance | | +| command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) | command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs | provenance | | +| command-line-parameter-command-injection.js:15:14:15:22 | fewerArgs | command-line-parameter-command-injection.js:15:14:15:25 | fewerArgs[0] | provenance | | +| command-line-parameter-command-injection.js:16:26:16:34 | fewerArgs | command-line-parameter-command-injection.js:16:14:16:37 | "cmd.sh ... Args[0] | provenance | | +| command-line-parameter-command-injection.js:18:6:18:24 | arg0 | command-line-parameter-command-injection.js:19:14:19:17 | arg0 | provenance | | +| command-line-parameter-command-injection.js:18:6:18:24 | arg0 | command-line-parameter-command-injection.js:20:26:20:29 | arg0 | provenance | | +| command-line-parameter-command-injection.js:18:13:18:21 | fewerArgs | command-line-parameter-command-injection.js:18:6:18:24 | arg0 | provenance | | +| command-line-parameter-command-injection.js:20:26:20:29 | arg0 | command-line-parameter-command-injection.js:20:14:20:29 | "cmd.sh " + arg0 | provenance | | +| command-line-parameter-command-injection.js:24:8:24:35 | args | command-line-parameter-command-injection.js:26:32:26:35 | args | provenance | | +| command-line-parameter-command-injection.js:24:8:24:35 | args | command-line-parameter-command-injection.js:27:32:27:35 | args | provenance | | +| command-line-parameter-command-injection.js:24:15:24:26 | process.argv | command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) | provenance | | +| command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) | command-line-parameter-command-injection.js:24:8:24:35 | args | provenance | | +| command-line-parameter-command-injection.js:26:32:26:35 | args | command-line-parameter-command-injection.js:26:14:26:50 | `node $ ... ption"` | provenance | | +| command-line-parameter-command-injection.js:27:32:27:35 | args | command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') | provenance | | +| command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') | command-line-parameter-command-injection.js:27:14:27:57 | `node $ ... ption"` | provenance | | +| command-line-parameter-command-injection.js:30:21:30:46 | require ... rgs")() | command-line-parameter-command-injection.js:30:9:30:50 | "cmd.sh ... )().foo | provenance | | +| command-line-parameter-command-injection.js:32:21:32:41 | require ... ").argv | command-line-parameter-command-injection.js:32:9:32:45 | "cmd.sh ... rgv.foo | provenance | | +| command-line-parameter-command-injection.js:33:21:33:44 | require ... ").argv | command-line-parameter-command-injection.js:33:9:33:48 | "cmd.sh ... rgv.foo | provenance | | +| command-line-parameter-command-injection.js:36:6:39:7 | args | command-line-parameter-command-injection.js:41:22:41:25 | args | provenance | | +| command-line-parameter-command-injection.js:36:13:39:7 | require ... \\t\\t.argv | command-line-parameter-command-injection.js:36:6:39:7 | args | provenance | | +| command-line-parameter-command-injection.js:41:22:41:25 | args | command-line-parameter-command-injection.js:41:10:41:25 | "cmd.sh " + args | provenance | | +| command-line-parameter-command-injection.js:43:22:43:58 | require ... parse() | command-line-parameter-command-injection.js:43:10:43:62 | "cmd.sh ... e().foo | provenance | | +| command-line-parameter-command-injection.js:47:8:53:12 | args | command-line-parameter-command-injection.js:55:22:55:25 | args | provenance | | +| command-line-parameter-command-injection.js:48:3:50:3 | argv: { ... rgs\\n\\t\\t} | command-line-parameter-command-injection.js:48:9:50:3 | {\\n\\t\\t\\t...args\\n\\t\\t} | provenance | | +| command-line-parameter-command-injection.js:48:9:50:3 | {\\n\\t\\t\\t...args\\n\\t\\t} | command-line-parameter-command-injection.js:47:8:53:12 | args | provenance | | +| command-line-parameter-command-injection.js:55:22:55:25 | args | command-line-parameter-command-injection.js:55:10:55:25 | "cmd.sh " + args | provenance | | +| command-line-parameter-command-injection.js:57:6:57:37 | tainted1 | command-line-parameter-command-injection.js:61:11:61:18 | tainted1 | provenance | | +| command-line-parameter-command-injection.js:57:17:57:37 | require ... ').argv | command-line-parameter-command-injection.js:57:6:57:37 | tainted1 | provenance | | +| command-line-parameter-command-injection.js:58:6:58:40 | tainted2 | command-line-parameter-command-injection.js:62:11:62:18 | tainted2 | provenance | | +| command-line-parameter-command-injection.js:58:17:58:40 | require ... parse() | command-line-parameter-command-injection.js:58:6:58:40 | tainted2 | provenance | | +| command-line-parameter-command-injection.js:60:8:60:56 | {taint1 ... 2rest}} [taint1] | command-line-parameter-command-injection.js:60:9:60:31 | taint1: ... t1rest} | provenance | | +| command-line-parameter-command-injection.js:60:8:60:56 | {taint1 ... 2rest}} [taint2] | command-line-parameter-command-injection.js:60:33:60:55 | taint2: ... t2rest} | provenance | | +| command-line-parameter-command-injection.js:60:8:63:2 | taint1rest | command-line-parameter-command-injection.js:65:22:65:31 | taint1rest | provenance | | +| command-line-parameter-command-injection.js:60:8:63:2 | taint2rest | command-line-parameter-command-injection.js:66:22:66:31 | taint2rest | provenance | | +| command-line-parameter-command-injection.js:60:9:60:31 | taint1: ... t1rest} | command-line-parameter-command-injection.js:60:17:60:31 | {...taint1rest} | provenance | | +| command-line-parameter-command-injection.js:60:17:60:31 | {...taint1rest} | command-line-parameter-command-injection.js:60:8:63:2 | taint1rest | provenance | | +| command-line-parameter-command-injection.js:60:33:60:55 | taint2: ... t2rest} | command-line-parameter-command-injection.js:60:41:60:55 | {...taint2rest} | provenance | | +| command-line-parameter-command-injection.js:60:41:60:55 | {...taint2rest} | command-line-parameter-command-injection.js:60:8:63:2 | taint2rest | provenance | | +| command-line-parameter-command-injection.js:60:60:63:2 | {\\n\\t\\ttai ... ted2\\n\\t} [taint1] | command-line-parameter-command-injection.js:60:8:60:56 | {taint1 ... 2rest}} [taint1] | provenance | | +| command-line-parameter-command-injection.js:60:60:63:2 | {\\n\\t\\ttai ... ted2\\n\\t} [taint2] | command-line-parameter-command-injection.js:60:8:60:56 | {taint1 ... 2rest}} [taint2] | provenance | | +| command-line-parameter-command-injection.js:61:11:61:18 | tainted1 | command-line-parameter-command-injection.js:60:60:63:2 | {\\n\\t\\ttai ... ted2\\n\\t} [taint1] | provenance | | +| command-line-parameter-command-injection.js:62:11:62:18 | tainted2 | command-line-parameter-command-injection.js:60:60:63:2 | {\\n\\t\\ttai ... ted2\\n\\t} [taint2] | provenance | | +| command-line-parameter-command-injection.js:65:22:65:31 | taint1rest | command-line-parameter-command-injection.js:65:10:65:31 | "cmd.sh ... nt1rest | provenance | | +| command-line-parameter-command-injection.js:66:22:66:31 | taint2rest | command-line-parameter-command-injection.js:66:10:66:31 | "cmd.sh ... nt2rest | provenance | | +| command-line-parameter-command-injection.js:68:6:68:16 | {...taint3} | command-line-parameter-command-injection.js:68:6:68:40 | taint3 | provenance | | +| command-line-parameter-command-injection.js:68:6:68:40 | taint3 | command-line-parameter-command-injection.js:69:22:69:27 | taint3 | provenance | | +| command-line-parameter-command-injection.js:68:20:68:40 | require ... ').argv | command-line-parameter-command-injection.js:68:6:68:16 | {...taint3} | provenance | | +| command-line-parameter-command-injection.js:69:22:69:27 | taint3 | command-line-parameter-command-injection.js:69:10:69:27 | "cmd.sh " + taint3 | provenance | | +| command-line-parameter-command-injection.js:71:6:71:16 | [...taint4] | command-line-parameter-command-injection.js:71:6:71:40 | taint4 | provenance | | +| command-line-parameter-command-injection.js:71:6:71:40 | taint4 | command-line-parameter-command-injection.js:72:22:72:27 | taint4 | provenance | | +| command-line-parameter-command-injection.js:71:20:71:40 | require ... ').argv | command-line-parameter-command-injection.js:71:6:71:16 | [...taint4] | provenance | | +| command-line-parameter-command-injection.js:72:22:72:27 | taint4 | command-line-parameter-command-injection.js:72:10:72:27 | "cmd.sh " + taint4 | provenance | | +| command-line-parameter-command-injection.js:76:8:76:35 | argv | command-line-parameter-command-injection.js:79:31:79:34 | argv | provenance | | +| command-line-parameter-command-injection.js:76:15:76:26 | process.argv | command-line-parameter-command-injection.js:76:15:76:35 | process ... lice(2) | provenance | | +| command-line-parameter-command-injection.js:76:15:76:35 | process ... lice(2) | command-line-parameter-command-injection.js:76:8:76:35 | argv | provenance | | +| command-line-parameter-command-injection.js:79:22:79:35 | minimist(argv) | command-line-parameter-command-injection.js:79:10:79:39 | "cmd.sh ... gv).foo | provenance | | +| command-line-parameter-command-injection.js:79:31:79:34 | argv | command-line-parameter-command-injection.js:79:22:79:35 | minimist(argv) | provenance | Config | +| command-line-parameter-command-injection.js:82:22:82:50 | subarg( ... ice(2)) | command-line-parameter-command-injection.js:82:10:82:54 | "cmd.sh ... 2)).foo | provenance | | +| command-line-parameter-command-injection.js:82:29:82:40 | process.argv | command-line-parameter-command-injection.js:82:29:82:49 | process ... lice(2) | provenance | | +| command-line-parameter-command-injection.js:82:29:82:49 | process ... lice(2) | command-line-parameter-command-injection.js:82:22:82:50 | subarg( ... ice(2)) | provenance | Config | +| command-line-parameter-command-injection.js:85:22:85:55 | yargsPa ... ice(2)) | command-line-parameter-command-injection.js:85:10:85:59 | "cmd.sh ... 2)).foo | provenance | | +| command-line-parameter-command-injection.js:85:34:85:45 | process.argv | command-line-parameter-command-injection.js:85:34:85:54 | process ... lice(2) | provenance | | +| command-line-parameter-command-injection.js:85:34:85:54 | process ... lice(2) | command-line-parameter-command-injection.js:85:22:85:55 | yargsPa ... ice(2)) | provenance | Config | +| command-line-parameter-command-injection.js:88:6:88:37 | flags | command-line-parameter-command-injection.js:89:22:89:26 | flags | provenance | | +| command-line-parameter-command-injection.js:88:14:88:37 | args.pa ... s.argv) | command-line-parameter-command-injection.js:88:6:88:37 | flags | provenance | | +| command-line-parameter-command-injection.js:88:25:88:36 | process.argv | command-line-parameter-command-injection.js:88:14:88:37 | args.pa ... s.argv) | provenance | Config | +| command-line-parameter-command-injection.js:89:22:89:26 | flags | command-line-parameter-command-injection.js:89:10:89:30 | "cmd.sh ... ags.foo | provenance | | +| command-line-parameter-command-injection.js:91:6:91:38 | flags | command-line-parameter-command-injection.js:92:22:92:26 | flags | provenance | | +| command-line-parameter-command-injection.js:91:14:91:38 | require ... .spec}) | command-line-parameter-command-injection.js:91:6:91:38 | flags | provenance | | +| command-line-parameter-command-injection.js:92:22:92:26 | flags | command-line-parameter-command-injection.js:92:10:92:30 | "cmd.sh ... ags.foo | provenance | | +| command-line-parameter-command-injection.js:102:22:102:40 | parser.parse_args() | command-line-parameter-command-injection.js:102:10:102:44 | "cmd.sh ... s().foo | provenance | | +| command-line-parameter-command-injection.js:107:8:107:51 | options | command-line-parameter-command-injection.js:108:22:108:28 | options | provenance | | +| command-line-parameter-command-injection.js:107:18:107:51 | command ... itions) | command-line-parameter-command-injection.js:107:8:107:51 | options | provenance | | +| command-line-parameter-command-injection.js:108:22:108:28 | options | command-line-parameter-command-injection.js:108:10:108:32 | "cmd.sh ... ons.foo | provenance | | +| command-line-parameter-command-injection.js:114:8:114:52 | cli | command-line-parameter-command-injection.js:116:22:116:24 | cli | provenance | | +| command-line-parameter-command-injection.js:114:14:114:52 | meow(`h ... lags}}) | command-line-parameter-command-injection.js:114:8:114:52 | cli | provenance | | +| command-line-parameter-command-injection.js:116:22:116:24 | cli | command-line-parameter-command-injection.js:116:10:116:33 | "cmd.sh ... nput[0] | provenance | | +| command-line-parameter-command-injection.js:122:6:122:46 | opts | command-line-parameter-command-injection.js:124:22:124:25 | opts | provenance | | +| command-line-parameter-command-injection.js:122:13:122:46 | dashdas ... tions}) | command-line-parameter-command-injection.js:122:6:122:46 | opts | provenance | | +| command-line-parameter-command-injection.js:124:22:124:25 | opts | command-line-parameter-command-injection.js:124:10:124:29 | "cmd.sh " + opts.foo | provenance | | +| command-line-parameter-command-injection.js:127:6:127:26 | opts | command-line-parameter-command-injection.js:129:22:129:25 | opts | provenance | | +| command-line-parameter-command-injection.js:127:13:127:26 | parser.parse() | command-line-parameter-command-injection.js:127:6:127:26 | opts | provenance | | +| command-line-parameter-command-injection.js:129:22:129:25 | opts | command-line-parameter-command-injection.js:129:10:129:29 | "cmd.sh " + opts.foo | provenance | | +| command-line-parameter-command-injection.js:133:8:133:41 | program | command-line-parameter-command-injection.js:137:22:137:28 | program | provenance | | +| command-line-parameter-command-injection.js:133:10:133:16 | program | command-line-parameter-command-injection.js:133:8:133:41 | program | provenance | | +| command-line-parameter-command-injection.js:136:22:136:35 | program.opts() | command-line-parameter-command-injection.js:136:10:136:45 | "cmd.sh ... zzaType | provenance | | +| command-line-parameter-command-injection.js:136:22:136:45 | program ... zzaType | command-line-parameter-command-injection.js:136:10:136:45 | "cmd.sh ... zzaType | provenance | | +| command-line-parameter-command-injection.js:137:22:137:28 | program | command-line-parameter-command-injection.js:137:10:137:38 | "cmd.sh ... zzaType | provenance | | +| command-line-parameter-command-injection.js:137:22:137:38 | program.pizzaType | command-line-parameter-command-injection.js:137:10:137:38 | "cmd.sh ... zzaType | provenance | | +| command-line-parameter-command-injection.js:145:22:145:35 | program.opts() | command-line-parameter-command-injection.js:145:10:145:45 | "cmd.sh ... zzaType | provenance | | +| command-line-parameter-command-injection.js:145:22:145:45 | program ... zzaType | command-line-parameter-command-injection.js:145:10:145:45 | "cmd.sh ... zzaType | provenance | | +| command-line-parameter-command-injection.js:146:22:146:38 | program.pizzaType | command-line-parameter-command-injection.js:146:10:146:38 | "cmd.sh ... zzaType | provenance | | +nodes +| actions.js:4:6:4:16 | process.env | semmle.label | process.env | +| actions.js:4:6:4:29 | process ... _DATA'] | semmle.label | process ... _DATA'] | +| actions.js:7:15:7:15 | e | semmle.label | e | +| actions.js:8:10:8:10 | e | semmle.label | e | +| actions.js:8:10:8:23 | e['TEST_DATA'] | semmle.label | e['TEST_DATA'] | +| actions.js:12:6:12:16 | process.env | semmle.label | process.env | +| actions.js:14:6:14:21 | getInput('data') | semmle.label | getInput('data') | +| command-line-parameter-command-injection.js:4:10:4:21 | process.argv | semmle.label | process.argv | +| command-line-parameter-command-injection.js:8:10:8:36 | "cmd.sh ... argv[2] | semmle.label | "cmd.sh ... argv[2] | +| command-line-parameter-command-injection.js:8:22:8:33 | process.argv | semmle.label | process.argv | +| command-line-parameter-command-injection.js:10:6:10:33 | args | semmle.label | args | +| command-line-parameter-command-injection.js:10:6:10:33 | args [ArrayElement] | semmle.label | args [ArrayElement] | +| command-line-parameter-command-injection.js:10:13:10:24 | process.argv | semmle.label | process.argv | +| command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) | semmle.label | process ... lice(2) | +| command-line-parameter-command-injection.js:10:13:10:33 | process ... lice(2) [ArrayElement] | semmle.label | process ... lice(2) [ArrayElement] | +| command-line-parameter-command-injection.js:11:14:11:17 | args | semmle.label | args | +| command-line-parameter-command-injection.js:11:14:11:20 | args[0] | semmle.label | args[0] | +| command-line-parameter-command-injection.js:12:14:12:32 | "cmd.sh " + args[0] | semmle.label | "cmd.sh " + args[0] | +| command-line-parameter-command-injection.js:12:26:12:29 | args | semmle.label | args | +| command-line-parameter-command-injection.js:14:6:14:30 | fewerArgs | semmle.label | fewerArgs | +| command-line-parameter-command-injection.js:14:18:14:21 | args | semmle.label | args | +| command-line-parameter-command-injection.js:14:18:14:21 | args [ArrayElement] | semmle.label | args [ArrayElement] | +| command-line-parameter-command-injection.js:14:18:14:30 | args.slice(1) | semmle.label | args.slice(1) | +| command-line-parameter-command-injection.js:15:14:15:22 | fewerArgs | semmle.label | fewerArgs | +| command-line-parameter-command-injection.js:15:14:15:25 | fewerArgs[0] | semmle.label | fewerArgs[0] | +| command-line-parameter-command-injection.js:16:14:16:37 | "cmd.sh ... Args[0] | semmle.label | "cmd.sh ... Args[0] | +| command-line-parameter-command-injection.js:16:26:16:34 | fewerArgs | semmle.label | fewerArgs | +| command-line-parameter-command-injection.js:18:6:18:24 | arg0 | semmle.label | arg0 | +| command-line-parameter-command-injection.js:18:13:18:21 | fewerArgs | semmle.label | fewerArgs | +| command-line-parameter-command-injection.js:19:14:19:17 | arg0 | semmle.label | arg0 | +| command-line-parameter-command-injection.js:20:14:20:29 | "cmd.sh " + arg0 | semmle.label | "cmd.sh " + arg0 | +| command-line-parameter-command-injection.js:20:26:20:29 | arg0 | semmle.label | arg0 | +| command-line-parameter-command-injection.js:24:8:24:35 | args | semmle.label | args | +| command-line-parameter-command-injection.js:24:15:24:26 | process.argv | semmle.label | process.argv | +| command-line-parameter-command-injection.js:24:15:24:35 | process ... lice(2) | semmle.label | process ... lice(2) | +| command-line-parameter-command-injection.js:26:14:26:50 | `node $ ... ption"` | semmle.label | `node $ ... ption"` | +| command-line-parameter-command-injection.js:26:32:26:35 | args | semmle.label | args | +| command-line-parameter-command-injection.js:27:14:27:57 | `node $ ... ption"` | semmle.label | `node $ ... ption"` | +| command-line-parameter-command-injection.js:27:32:27:35 | args | semmle.label | args | +| command-line-parameter-command-injection.js:27:32:27:45 | args.join(' ') | semmle.label | args.join(' ') | +| command-line-parameter-command-injection.js:30:9:30:50 | "cmd.sh ... )().foo | semmle.label | "cmd.sh ... )().foo | +| command-line-parameter-command-injection.js:30:21:30:46 | require ... rgs")() | semmle.label | require ... rgs")() | +| command-line-parameter-command-injection.js:32:9:32:45 | "cmd.sh ... rgv.foo | semmle.label | "cmd.sh ... rgv.foo | +| command-line-parameter-command-injection.js:32:21:32:41 | require ... ").argv | semmle.label | require ... ").argv | +| command-line-parameter-command-injection.js:33:9:33:48 | "cmd.sh ... rgv.foo | semmle.label | "cmd.sh ... rgv.foo | +| command-line-parameter-command-injection.js:33:21:33:44 | require ... ").argv | semmle.label | require ... ").argv | +| command-line-parameter-command-injection.js:36:6:39:7 | args | semmle.label | args | +| command-line-parameter-command-injection.js:36:13:39:7 | require ... \\t\\t.argv | semmle.label | require ... \\t\\t.argv | +| command-line-parameter-command-injection.js:41:10:41:25 | "cmd.sh " + args | semmle.label | "cmd.sh " + args | +| command-line-parameter-command-injection.js:41:22:41:25 | args | semmle.label | args | +| command-line-parameter-command-injection.js:43:10:43:62 | "cmd.sh ... e().foo | semmle.label | "cmd.sh ... e().foo | +| command-line-parameter-command-injection.js:43:22:43:58 | require ... parse() | semmle.label | require ... parse() | +| command-line-parameter-command-injection.js:47:8:53:12 | args | semmle.label | args | +| command-line-parameter-command-injection.js:48:3:50:3 | argv: { ... rgs\\n\\t\\t} | semmle.label | argv: { ... rgs\\n\\t\\t} | +| command-line-parameter-command-injection.js:48:9:50:3 | {\\n\\t\\t\\t...args\\n\\t\\t} | semmle.label | {\\n\\t\\t\\t...args\\n\\t\\t} | +| command-line-parameter-command-injection.js:55:10:55:25 | "cmd.sh " + args | semmle.label | "cmd.sh " + args | +| command-line-parameter-command-injection.js:55:22:55:25 | args | semmle.label | args | +| command-line-parameter-command-injection.js:57:6:57:37 | tainted1 | semmle.label | tainted1 | +| command-line-parameter-command-injection.js:57:17:57:37 | require ... ').argv | semmle.label | require ... ').argv | +| command-line-parameter-command-injection.js:58:6:58:40 | tainted2 | semmle.label | tainted2 | +| command-line-parameter-command-injection.js:58:17:58:40 | require ... parse() | semmle.label | require ... parse() | +| command-line-parameter-command-injection.js:60:8:60:56 | {taint1 ... 2rest}} [taint1] | semmle.label | {taint1 ... 2rest}} [taint1] | +| command-line-parameter-command-injection.js:60:8:60:56 | {taint1 ... 2rest}} [taint2] | semmle.label | {taint1 ... 2rest}} [taint2] | +| command-line-parameter-command-injection.js:60:8:63:2 | taint1rest | semmle.label | taint1rest | +| command-line-parameter-command-injection.js:60:8:63:2 | taint2rest | semmle.label | taint2rest | +| command-line-parameter-command-injection.js:60:9:60:31 | taint1: ... t1rest} | semmle.label | taint1: ... t1rest} | +| command-line-parameter-command-injection.js:60:17:60:31 | {...taint1rest} | semmle.label | {...taint1rest} | +| command-line-parameter-command-injection.js:60:33:60:55 | taint2: ... t2rest} | semmle.label | taint2: ... t2rest} | +| command-line-parameter-command-injection.js:60:41:60:55 | {...taint2rest} | semmle.label | {...taint2rest} | +| command-line-parameter-command-injection.js:60:60:63:2 | {\\n\\t\\ttai ... ted2\\n\\t} [taint1] | semmle.label | {\\n\\t\\ttai ... ted2\\n\\t} [taint1] | +| command-line-parameter-command-injection.js:60:60:63:2 | {\\n\\t\\ttai ... ted2\\n\\t} [taint2] | semmle.label | {\\n\\t\\ttai ... ted2\\n\\t} [taint2] | +| command-line-parameter-command-injection.js:61:11:61:18 | tainted1 | semmle.label | tainted1 | +| command-line-parameter-command-injection.js:62:11:62:18 | tainted2 | semmle.label | tainted2 | +| command-line-parameter-command-injection.js:65:10:65:31 | "cmd.sh ... nt1rest | semmle.label | "cmd.sh ... nt1rest | +| command-line-parameter-command-injection.js:65:22:65:31 | taint1rest | semmle.label | taint1rest | +| command-line-parameter-command-injection.js:66:10:66:31 | "cmd.sh ... nt2rest | semmle.label | "cmd.sh ... nt2rest | +| command-line-parameter-command-injection.js:66:22:66:31 | taint2rest | semmle.label | taint2rest | +| command-line-parameter-command-injection.js:68:6:68:16 | {...taint3} | semmle.label | {...taint3} | +| command-line-parameter-command-injection.js:68:6:68:40 | taint3 | semmle.label | taint3 | +| command-line-parameter-command-injection.js:68:20:68:40 | require ... ').argv | semmle.label | require ... ').argv | +| command-line-parameter-command-injection.js:69:10:69:27 | "cmd.sh " + taint3 | semmle.label | "cmd.sh " + taint3 | +| command-line-parameter-command-injection.js:69:22:69:27 | taint3 | semmle.label | taint3 | +| command-line-parameter-command-injection.js:71:6:71:16 | [...taint4] | semmle.label | [...taint4] | +| command-line-parameter-command-injection.js:71:6:71:40 | taint4 | semmle.label | taint4 | +| command-line-parameter-command-injection.js:71:20:71:40 | require ... ').argv | semmle.label | require ... ').argv | +| command-line-parameter-command-injection.js:72:10:72:27 | "cmd.sh " + taint4 | semmle.label | "cmd.sh " + taint4 | +| command-line-parameter-command-injection.js:72:22:72:27 | taint4 | semmle.label | taint4 | +| command-line-parameter-command-injection.js:76:8:76:35 | argv | semmle.label | argv | +| command-line-parameter-command-injection.js:76:15:76:26 | process.argv | semmle.label | process.argv | +| command-line-parameter-command-injection.js:76:15:76:35 | process ... lice(2) | semmle.label | process ... lice(2) | +| command-line-parameter-command-injection.js:79:10:79:39 | "cmd.sh ... gv).foo | semmle.label | "cmd.sh ... gv).foo | +| command-line-parameter-command-injection.js:79:22:79:35 | minimist(argv) | semmle.label | minimist(argv) | +| command-line-parameter-command-injection.js:79:31:79:34 | argv | semmle.label | argv | +| command-line-parameter-command-injection.js:82:10:82:54 | "cmd.sh ... 2)).foo | semmle.label | "cmd.sh ... 2)).foo | +| command-line-parameter-command-injection.js:82:22:82:50 | subarg( ... ice(2)) | semmle.label | subarg( ... ice(2)) | +| command-line-parameter-command-injection.js:82:29:82:40 | process.argv | semmle.label | process.argv | +| command-line-parameter-command-injection.js:82:29:82:49 | process ... lice(2) | semmle.label | process ... lice(2) | +| command-line-parameter-command-injection.js:85:10:85:59 | "cmd.sh ... 2)).foo | semmle.label | "cmd.sh ... 2)).foo | +| command-line-parameter-command-injection.js:85:22:85:55 | yargsPa ... ice(2)) | semmle.label | yargsPa ... ice(2)) | +| command-line-parameter-command-injection.js:85:34:85:45 | process.argv | semmle.label | process.argv | +| command-line-parameter-command-injection.js:85:34:85:54 | process ... lice(2) | semmle.label | process ... lice(2) | +| command-line-parameter-command-injection.js:88:6:88:37 | flags | semmle.label | flags | +| command-line-parameter-command-injection.js:88:14:88:37 | args.pa ... s.argv) | semmle.label | args.pa ... s.argv) | +| command-line-parameter-command-injection.js:88:25:88:36 | process.argv | semmle.label | process.argv | +| command-line-parameter-command-injection.js:89:10:89:30 | "cmd.sh ... ags.foo | semmle.label | "cmd.sh ... ags.foo | +| command-line-parameter-command-injection.js:89:22:89:26 | flags | semmle.label | flags | +| command-line-parameter-command-injection.js:91:6:91:38 | flags | semmle.label | flags | +| command-line-parameter-command-injection.js:91:14:91:38 | require ... .spec}) | semmle.label | require ... .spec}) | +| command-line-parameter-command-injection.js:92:10:92:30 | "cmd.sh ... ags.foo | semmle.label | "cmd.sh ... ags.foo | +| command-line-parameter-command-injection.js:92:22:92:26 | flags | semmle.label | flags | +| command-line-parameter-command-injection.js:102:10:102:44 | "cmd.sh ... s().foo | semmle.label | "cmd.sh ... s().foo | +| command-line-parameter-command-injection.js:102:22:102:40 | parser.parse_args() | semmle.label | parser.parse_args() | +| command-line-parameter-command-injection.js:107:8:107:51 | options | semmle.label | options | +| command-line-parameter-command-injection.js:107:18:107:51 | command ... itions) | semmle.label | command ... itions) | +| command-line-parameter-command-injection.js:108:10:108:32 | "cmd.sh ... ons.foo | semmle.label | "cmd.sh ... ons.foo | +| command-line-parameter-command-injection.js:108:22:108:28 | options | semmle.label | options | +| command-line-parameter-command-injection.js:114:8:114:52 | cli | semmle.label | cli | +| command-line-parameter-command-injection.js:114:14:114:52 | meow(`h ... lags}}) | semmle.label | meow(`h ... lags}}) | +| command-line-parameter-command-injection.js:116:10:116:33 | "cmd.sh ... nput[0] | semmle.label | "cmd.sh ... nput[0] | +| command-line-parameter-command-injection.js:116:22:116:24 | cli | semmle.label | cli | +| command-line-parameter-command-injection.js:122:6:122:46 | opts | semmle.label | opts | +| command-line-parameter-command-injection.js:122:13:122:46 | dashdas ... tions}) | semmle.label | dashdas ... tions}) | +| command-line-parameter-command-injection.js:124:10:124:29 | "cmd.sh " + opts.foo | semmle.label | "cmd.sh " + opts.foo | +| command-line-parameter-command-injection.js:124:22:124:25 | opts | semmle.label | opts | +| command-line-parameter-command-injection.js:127:6:127:26 | opts | semmle.label | opts | +| command-line-parameter-command-injection.js:127:13:127:26 | parser.parse() | semmle.label | parser.parse() | +| command-line-parameter-command-injection.js:129:10:129:29 | "cmd.sh " + opts.foo | semmle.label | "cmd.sh " + opts.foo | +| command-line-parameter-command-injection.js:129:22:129:25 | opts | semmle.label | opts | +| command-line-parameter-command-injection.js:133:8:133:41 | program | semmle.label | program | +| command-line-parameter-command-injection.js:133:10:133:16 | program | semmle.label | program | +| command-line-parameter-command-injection.js:136:10:136:45 | "cmd.sh ... zzaType | semmle.label | "cmd.sh ... zzaType | +| command-line-parameter-command-injection.js:136:22:136:35 | program.opts() | semmle.label | program.opts() | +| command-line-parameter-command-injection.js:136:22:136:45 | program ... zzaType | semmle.label | program ... zzaType | +| command-line-parameter-command-injection.js:137:10:137:38 | "cmd.sh ... zzaType | semmle.label | "cmd.sh ... zzaType | +| command-line-parameter-command-injection.js:137:22:137:28 | program | semmle.label | program | +| command-line-parameter-command-injection.js:137:22:137:38 | program.pizzaType | semmle.label | program.pizzaType | +| command-line-parameter-command-injection.js:145:10:145:45 | "cmd.sh ... zzaType | semmle.label | "cmd.sh ... zzaType | +| command-line-parameter-command-injection.js:145:22:145:35 | program.opts() | semmle.label | program.opts() | +| command-line-parameter-command-injection.js:145:22:145:45 | program ... zzaType | semmle.label | program ... zzaType | +| command-line-parameter-command-injection.js:146:10:146:38 | "cmd.sh ... zzaType | semmle.label | "cmd.sh ... zzaType | +| command-line-parameter-command-injection.js:146:22:146:38 | program.pizzaType | semmle.label | program.pizzaType | +subpaths #select | actions.js:4:6:4:29 | process ... _DATA'] | actions.js:4:6:4:16 | process.env | actions.js:4:6:4:29 | process ... _DATA'] | This command depends on an unsanitized $@. | actions.js:4:6:4:16 | process.env | environment variable | | actions.js:8:10:8:23 | e['TEST_DATA'] | actions.js:12:6:12:16 | process.env | actions.js:8:10:8:23 | e['TEST_DATA'] | This command depends on an unsanitized $@. | actions.js:12:6:12:16 | process.env | environment variable | diff --git a/javascript/ql/test/query-tests/Security/CWE-078/SecondOrderCommandInjection/SecondOrderCommandInjection.expected b/javascript/ql/test/query-tests/Security/CWE-078/SecondOrderCommandInjection/SecondOrderCommandInjection.expected index 653a4dcff9be..e449f163d463 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/SecondOrderCommandInjection/SecondOrderCommandInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-078/SecondOrderCommandInjection/SecondOrderCommandInjection.expected @@ -1,51 +1,26 @@ nodes -| second-order.js:6:9:6:33 | remote | -| second-order.js:6:18:6:33 | req.query.remote | -| second-order.js:6:18:6:33 | req.query.remote | -| second-order.js:7:33:7:38 | remote | -| second-order.js:7:33:7:38 | remote | -| second-order.js:9:29:9:34 | remote | -| second-order.js:9:29:9:34 | remote | -| second-order.js:11:33:11:38 | remote | -| second-order.js:11:33:11:38 | remote | -| second-order.js:13:9:13:31 | myArgs | -| second-order.js:13:18:13:31 | req.query.args | -| second-order.js:13:18:13:31 | req.query.args | -| second-order.js:15:19:15:24 | myArgs | -| second-order.js:15:19:15:24 | myArgs | -| second-order.js:26:35:26:40 | remote | -| second-order.js:26:35:26:40 | remote | -| second-order.js:29:19:29:32 | req.query.args | -| second-order.js:29:19:29:32 | req.query.args | -| second-order.js:29:19:29:32 | req.query.args | -| second-order.js:40:28:40:43 | req.query.remote | -| second-order.js:40:28:40:43 | req.query.remote | -| second-order.js:40:28:40:43 | req.query.remote | -| second-order.js:42:31:42:46 | req.query.remote | -| second-order.js:42:31:42:46 | req.query.remote | -| second-order.js:42:31:42:46 | req.query.remote | -| second-order.js:44:18:44:31 | req.query.args | -| second-order.js:44:18:44:31 | req.query.args | -| second-order.js:44:18:44:31 | req.query.args | +| second-order.js:6:9:6:33 | remote | semmle.label | remote | +| second-order.js:6:18:6:33 | req.query.remote | semmle.label | req.query.remote | +| second-order.js:7:33:7:38 | remote | semmle.label | remote | +| second-order.js:9:29:9:34 | remote | semmle.label | remote | +| second-order.js:11:33:11:38 | remote | semmle.label | remote | +| second-order.js:13:9:13:31 | myArgs | semmle.label | myArgs | +| second-order.js:13:18:13:31 | req.query.args | semmle.label | req.query.args | +| second-order.js:15:19:15:24 | myArgs | semmle.label | myArgs | +| second-order.js:26:35:26:40 | remote | semmle.label | remote | +| second-order.js:29:19:29:32 | req.query.args | semmle.label | req.query.args | +| second-order.js:40:28:40:43 | req.query.remote | semmle.label | req.query.remote | +| second-order.js:42:31:42:46 | req.query.remote | semmle.label | req.query.remote | +| second-order.js:44:18:44:31 | req.query.args | semmle.label | req.query.args | edges -| second-order.js:6:9:6:33 | remote | second-order.js:7:33:7:38 | remote | -| second-order.js:6:9:6:33 | remote | second-order.js:7:33:7:38 | remote | -| second-order.js:6:9:6:33 | remote | second-order.js:9:29:9:34 | remote | -| second-order.js:6:9:6:33 | remote | second-order.js:9:29:9:34 | remote | -| second-order.js:6:9:6:33 | remote | second-order.js:11:33:11:38 | remote | -| second-order.js:6:9:6:33 | remote | second-order.js:11:33:11:38 | remote | -| second-order.js:6:9:6:33 | remote | second-order.js:26:35:26:40 | remote | -| second-order.js:6:9:6:33 | remote | second-order.js:26:35:26:40 | remote | -| second-order.js:6:18:6:33 | req.query.remote | second-order.js:6:9:6:33 | remote | -| second-order.js:6:18:6:33 | req.query.remote | second-order.js:6:9:6:33 | remote | -| second-order.js:13:9:13:31 | myArgs | second-order.js:15:19:15:24 | myArgs | -| second-order.js:13:9:13:31 | myArgs | second-order.js:15:19:15:24 | myArgs | -| second-order.js:13:18:13:31 | req.query.args | second-order.js:13:9:13:31 | myArgs | -| second-order.js:13:18:13:31 | req.query.args | second-order.js:13:9:13:31 | myArgs | -| second-order.js:29:19:29:32 | req.query.args | second-order.js:29:19:29:32 | req.query.args | -| second-order.js:40:28:40:43 | req.query.remote | second-order.js:40:28:40:43 | req.query.remote | -| second-order.js:42:31:42:46 | req.query.remote | second-order.js:42:31:42:46 | req.query.remote | -| second-order.js:44:18:44:31 | req.query.args | second-order.js:44:18:44:31 | req.query.args | +| second-order.js:6:9:6:33 | remote | second-order.js:7:33:7:38 | remote | provenance | | +| second-order.js:6:9:6:33 | remote | second-order.js:9:29:9:34 | remote | provenance | | +| second-order.js:6:9:6:33 | remote | second-order.js:11:33:11:38 | remote | provenance | | +| second-order.js:6:9:6:33 | remote | second-order.js:26:35:26:40 | remote | provenance | | +| second-order.js:6:18:6:33 | req.query.remote | second-order.js:6:9:6:33 | remote | provenance | | +| second-order.js:13:9:13:31 | myArgs | second-order.js:15:19:15:24 | myArgs | provenance | | +| second-order.js:13:18:13:31 | req.query.args | second-order.js:13:9:13:31 | myArgs | provenance | | +subpaths #select | second-order.js:7:33:7:38 | remote | second-order.js:6:18:6:33 | req.query.remote | second-order.js:7:33:7:38 | remote | Command line argument that depends on $@ can execute an arbitrary command if --upload-pack is used with git. | second-order.js:6:18:6:33 | req.query.remote | a user-provided value | | second-order.js:9:29:9:34 | remote | second-order.js:6:18:6:33 | req.query.remote | second-order.js:9:29:9:34 | remote | Command line argument that depends on $@ can execute an arbitrary command if --upload-pack is used with git. | second-order.js:6:18:6:33 | req.query.remote | a user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-078/ShellCommandInjectionFromEnvironment/ShellCommandInjectionFromEnvironment.expected b/javascript/ql/test/query-tests/Security/CWE-078/ShellCommandInjectionFromEnvironment/ShellCommandInjectionFromEnvironment.expected index 7bea597fc28e..046d83da0588 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/ShellCommandInjectionFromEnvironment/ShellCommandInjectionFromEnvironment.expected +++ b/javascript/ql/test/query-tests/Security/CWE-078/ShellCommandInjectionFromEnvironment/ShellCommandInjectionFromEnvironment.expected @@ -1,32 +1,21 @@ -nodes -| tst_shell-command-injection-from-environment.js:6:14:6:53 | 'rm -rf ... "temp") | -| tst_shell-command-injection-from-environment.js:6:14:6:53 | 'rm -rf ... "temp") | -| tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") | -| tst_shell-command-injection-from-environment.js:6:36:6:44 | __dirname | -| tst_shell-command-injection-from-environment.js:6:36:6:44 | __dirname | -| tst_shell-command-injection-from-environment.js:8:14:8:53 | 'rm -rf ... "temp") | -| tst_shell-command-injection-from-environment.js:8:14:8:53 | 'rm -rf ... "temp") | -| tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") | -| tst_shell-command-injection-from-environment.js:8:36:8:44 | __dirname | -| tst_shell-command-injection-from-environment.js:8:36:8:44 | __dirname | -| tst_shell-command-injection-from-environment.js:9:18:9:57 | 'rm -rf ... "temp") | -| tst_shell-command-injection-from-environment.js:9:18:9:57 | 'rm -rf ... "temp") | -| tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") | -| tst_shell-command-injection-from-environment.js:9:40:9:48 | __dirname | -| tst_shell-command-injection-from-environment.js:9:40:9:48 | __dirname | edges -| tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:6:14:6:53 | 'rm -rf ... "temp") | -| tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:6:14:6:53 | 'rm -rf ... "temp") | -| tst_shell-command-injection-from-environment.js:6:36:6:44 | __dirname | tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") | -| tst_shell-command-injection-from-environment.js:6:36:6:44 | __dirname | tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") | -| tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:8:14:8:53 | 'rm -rf ... "temp") | -| tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:8:14:8:53 | 'rm -rf ... "temp") | -| tst_shell-command-injection-from-environment.js:8:36:8:44 | __dirname | tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") | -| tst_shell-command-injection-from-environment.js:8:36:8:44 | __dirname | tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") | -| tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:9:18:9:57 | 'rm -rf ... "temp") | -| tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:9:18:9:57 | 'rm -rf ... "temp") | -| tst_shell-command-injection-from-environment.js:9:40:9:48 | __dirname | tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") | -| tst_shell-command-injection-from-environment.js:9:40:9:48 | __dirname | tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") | +| tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:6:14:6:53 | 'rm -rf ... "temp") | provenance | | +| tst_shell-command-injection-from-environment.js:6:36:6:44 | __dirname | tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") | provenance | | +| tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:8:14:8:53 | 'rm -rf ... "temp") | provenance | | +| tst_shell-command-injection-from-environment.js:8:36:8:44 | __dirname | tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") | provenance | | +| tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") | tst_shell-command-injection-from-environment.js:9:18:9:57 | 'rm -rf ... "temp") | provenance | | +| tst_shell-command-injection-from-environment.js:9:40:9:48 | __dirname | tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") | provenance | | +nodes +| tst_shell-command-injection-from-environment.js:6:14:6:53 | 'rm -rf ... "temp") | semmle.label | 'rm -rf ... "temp") | +| tst_shell-command-injection-from-environment.js:6:26:6:53 | path.jo ... "temp") | semmle.label | path.jo ... "temp") | +| tst_shell-command-injection-from-environment.js:6:36:6:44 | __dirname | semmle.label | __dirname | +| tst_shell-command-injection-from-environment.js:8:14:8:53 | 'rm -rf ... "temp") | semmle.label | 'rm -rf ... "temp") | +| tst_shell-command-injection-from-environment.js:8:26:8:53 | path.jo ... "temp") | semmle.label | path.jo ... "temp") | +| tst_shell-command-injection-from-environment.js:8:36:8:44 | __dirname | semmle.label | __dirname | +| tst_shell-command-injection-from-environment.js:9:18:9:57 | 'rm -rf ... "temp") | semmle.label | 'rm -rf ... "temp") | +| tst_shell-command-injection-from-environment.js:9:30:9:57 | path.jo ... "temp") | semmle.label | path.jo ... "temp") | +| tst_shell-command-injection-from-environment.js:9:40:9:48 | __dirname | semmle.label | __dirname | +subpaths #select | tst_shell-command-injection-from-environment.js:6:14:6:53 | 'rm -rf ... "temp") | tst_shell-command-injection-from-environment.js:6:36:6:44 | __dirname | tst_shell-command-injection-from-environment.js:6:14:6:53 | 'rm -rf ... "temp") | This shell command depends on an uncontrolled $@. | tst_shell-command-injection-from-environment.js:6:36:6:44 | __dirname | absolute path | | tst_shell-command-injection-from-environment.js:8:14:8:53 | 'rm -rf ... "temp") | tst_shell-command-injection-from-environment.js:8:36:8:44 | __dirname | tst_shell-command-injection-from-environment.js:8:14:8:53 | 'rm -rf ... "temp") | This shell command depends on an uncontrolled $@. | tst_shell-command-injection-from-environment.js:8:36:8:44 | __dirname | absolute path | diff --git a/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/UnsafeShellCommandConstruction.expected b/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/UnsafeShellCommandConstruction.expected index b4022c8550c3..cf74ed305476 100644 --- a/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/UnsafeShellCommandConstruction.expected +++ b/javascript/ql/test/query-tests/Security/CWE-078/UnsafeShellCommandConstruction/UnsafeShellCommandConstruction.expected @@ -1,787 +1,346 @@ -nodes -| lib/isImported.js:5:49:5:52 | name | -| lib/isImported.js:5:49:5:52 | name | -| lib/isImported.js:6:22:6:25 | name | -| lib/isImported.js:6:22:6:25 | name | -| lib/lib2.js:3:28:3:31 | name | -| lib/lib2.js:3:28:3:31 | name | -| lib/lib2.js:4:22:4:25 | name | -| lib/lib2.js:4:22:4:25 | name | -| lib/lib2.js:7:32:7:35 | name | -| lib/lib2.js:7:32:7:35 | name | -| lib/lib2.js:8:22:8:25 | name | -| lib/lib2.js:8:22:8:25 | name | -| lib/lib.js:3:28:3:31 | name | -| lib/lib.js:3:28:3:31 | name | -| lib/lib.js:4:22:4:25 | name | -| lib/lib.js:4:22:4:25 | name | -| lib/lib.js:10:32:10:35 | name | -| lib/lib.js:10:32:10:35 | name | -| lib/lib.js:11:22:11:25 | name | -| lib/lib.js:11:22:11:25 | name | -| lib/lib.js:14:36:14:39 | name | -| lib/lib.js:14:36:14:39 | name | -| lib/lib.js:15:22:15:25 | name | -| lib/lib.js:15:22:15:25 | name | -| lib/lib.js:19:34:19:37 | name | -| lib/lib.js:19:34:19:37 | name | -| lib/lib.js:20:22:20:25 | name | -| lib/lib.js:20:22:20:25 | name | -| lib/lib.js:26:35:26:38 | name | -| lib/lib.js:26:35:26:38 | name | -| lib/lib.js:27:22:27:25 | name | -| lib/lib.js:27:22:27:25 | name | -| lib/lib.js:34:14:34:17 | name | -| lib/lib.js:34:14:34:17 | name | -| lib/lib.js:35:23:35:26 | name | -| lib/lib.js:35:23:35:26 | name | -| lib/lib.js:37:13:37:16 | name | -| lib/lib.js:37:13:37:16 | name | -| lib/lib.js:38:23:38:26 | name | -| lib/lib.js:38:23:38:26 | name | -| lib/lib.js:40:6:40:9 | name | -| lib/lib.js:40:6:40:9 | name | -| lib/lib.js:41:23:41:26 | name | -| lib/lib.js:41:23:41:26 | name | -| lib/lib.js:49:31:49:34 | name | -| lib/lib.js:49:31:49:34 | name | -| lib/lib.js:50:47:50:50 | name | -| lib/lib.js:50:47:50:50 | name | -| lib/lib.js:53:33:53:36 | name | -| lib/lib.js:53:33:53:36 | name | -| lib/lib.js:54:25:54:28 | name | -| lib/lib.js:54:25:54:28 | name | -| lib/lib.js:57:25:57:28 | name | -| lib/lib.js:57:25:57:28 | name | -| lib/lib.js:64:41:64:44 | name | -| lib/lib.js:64:41:64:44 | name | -| lib/lib.js:65:22:65:25 | name | -| lib/lib.js:65:22:65:25 | name | -| lib/lib.js:69:27:69:30 | name | -| lib/lib.js:69:27:69:30 | name | -| lib/lib.js:71:28:71:31 | name | -| lib/lib.js:71:28:71:31 | name | -| lib/lib.js:73:21:73:24 | name | -| lib/lib.js:73:21:73:24 | name | -| lib/lib.js:75:20:75:23 | name | -| lib/lib.js:75:20:75:23 | name | -| lib/lib.js:77:28:77:31 | name | -| lib/lib.js:77:28:77:31 | name | -| lib/lib.js:82:35:82:38 | name | -| lib/lib.js:82:35:82:38 | name | -| lib/lib.js:83:22:83:25 | name | -| lib/lib.js:83:22:83:25 | name | -| lib/lib.js:86:13:86:16 | name | -| lib/lib.js:86:13:86:16 | name | -| lib/lib.js:89:21:89:24 | name | -| lib/lib.js:89:21:89:24 | name | -| lib/lib.js:91:21:91:38 | "\\"" + name + "\\"" | -| lib/lib.js:91:21:91:38 | "\\"" + name + "\\"" | -| lib/lib.js:91:28:91:31 | name | -| lib/lib.js:97:35:97:38 | name | -| lib/lib.js:97:35:97:38 | name | -| lib/lib.js:98:35:98:38 | name | -| lib/lib.js:98:35:98:38 | name | -| lib/lib.js:100:37:100:40 | name | -| lib/lib.js:100:37:100:40 | name | -| lib/lib.js:102:46:102:49 | name | -| lib/lib.js:102:46:102:49 | name | -| lib/lib.js:108:41:108:44 | name | -| lib/lib.js:108:41:108:44 | name | -| lib/lib.js:111:34:111:37 | name | -| lib/lib.js:111:34:111:37 | name | -| lib/lib.js:112:22:112:25 | name | -| lib/lib.js:112:22:112:25 | name | -| lib/lib.js:120:33:120:36 | name | -| lib/lib.js:120:33:120:36 | name | -| lib/lib.js:121:22:121:25 | name | -| lib/lib.js:121:22:121:25 | name | -| lib/lib.js:130:6:130:9 | name | -| lib/lib.js:130:6:130:9 | name | -| lib/lib.js:131:23:131:26 | name | -| lib/lib.js:131:23:131:26 | name | -| lib/lib.js:148:37:148:40 | name | -| lib/lib.js:148:37:148:40 | name | -| lib/lib.js:149:24:149:27 | name | -| lib/lib.js:149:24:149:27 | name | -| lib/lib.js:155:38:155:41 | name | -| lib/lib.js:155:38:155:41 | name | -| lib/lib.js:161:25:161:28 | name | -| lib/lib.js:161:25:161:28 | name | -| lib/lib.js:170:41:170:44 | name | -| lib/lib.js:170:41:170:44 | name | -| lib/lib.js:173:20:173:23 | name | -| lib/lib.js:173:20:173:23 | name | -| lib/lib.js:177:38:177:41 | name | -| lib/lib.js:177:38:177:41 | name | -| lib/lib.js:181:6:181:52 | broken | -| lib/lib.js:181:15:181:52 | "'" + n ... ) + "'" | -| lib/lib.js:181:21:181:24 | name | -| lib/lib.js:181:21:181:46 | name.re ... "'\\''") | -| lib/lib.js:181:21:181:46 | name.re ... "'\\''") | -| lib/lib.js:182:22:182:27 | broken | -| lib/lib.js:182:22:182:27 | broken | -| lib/lib.js:186:34:186:37 | name | -| lib/lib.js:186:34:186:37 | name | -| lib/lib.js:187:22:187:25 | name | -| lib/lib.js:187:22:187:25 | name | -| lib/lib.js:190:23:190:26 | name | -| lib/lib.js:190:23:190:26 | name | -| lib/lib.js:196:45:196:48 | name | -| lib/lib.js:196:45:196:48 | name | -| lib/lib.js:197:22:197:25 | name | -| lib/lib.js:197:22:197:25 | name | -| lib/lib.js:200:23:200:26 | name | -| lib/lib.js:200:23:200:26 | name | -| lib/lib.js:206:45:206:48 | name | -| lib/lib.js:206:45:206:48 | name | -| lib/lib.js:207:22:207:25 | name | -| lib/lib.js:207:22:207:25 | name | -| lib/lib.js:212:23:212:26 | name | -| lib/lib.js:212:23:212:26 | name | -| lib/lib.js:216:39:216:42 | name | -| lib/lib.js:216:39:216:42 | name | -| lib/lib.js:217:22:217:25 | name | -| lib/lib.js:217:22:217:25 | name | -| lib/lib.js:220:23:220:26 | name | -| lib/lib.js:220:23:220:26 | name | -| lib/lib.js:224:22:224:25 | name | -| lib/lib.js:224:22:224:25 | name | -| lib/lib.js:227:39:227:42 | name | -| lib/lib.js:227:39:227:42 | name | -| lib/lib.js:228:22:228:25 | name | -| lib/lib.js:228:22:228:25 | name | -| lib/lib.js:236:22:236:25 | name | -| lib/lib.js:236:22:236:25 | name | -| lib/lib.js:248:42:248:45 | name | -| lib/lib.js:248:42:248:45 | name | -| lib/lib.js:249:22:249:25 | name | -| lib/lib.js:249:22:249:25 | name | -| lib/lib.js:257:35:257:38 | name | -| lib/lib.js:257:35:257:38 | name | -| lib/lib.js:258:22:258:25 | name | -| lib/lib.js:258:22:258:25 | name | -| lib/lib.js:261:30:261:33 | name | -| lib/lib.js:261:30:261:33 | name | -| lib/lib.js:267:46:267:48 | obj | -| lib/lib.js:267:46:267:48 | obj | -| lib/lib.js:268:22:268:24 | obj | -| lib/lib.js:268:22:268:32 | obj.version | -| lib/lib.js:268:22:268:32 | obj.version | -| lib/lib.js:276:8:276:11 | opts | -| lib/lib.js:276:8:276:11 | opts | -| lib/lib.js:277:23:277:26 | opts | -| lib/lib.js:277:23:277:30 | opts.bla | -| lib/lib.js:277:23:277:30 | opts.bla | -| lib/lib.js:279:19:279:22 | opts | -| lib/lib.js:279:19:279:26 | opts.bla | -| lib/lib.js:281:23:281:35 | this.opts.bla | -| lib/lib.js:281:23:281:35 | this.opts.bla | -| lib/lib.js:307:39:307:42 | name | -| lib/lib.js:307:39:307:42 | name | -| lib/lib.js:308:23:308:26 | name | -| lib/lib.js:308:23:308:26 | name | -| lib/lib.js:314:40:314:43 | name | -| lib/lib.js:314:40:314:43 | name | -| lib/lib.js:315:22:315:25 | name | -| lib/lib.js:315:22:315:25 | name | -| lib/lib.js:320:23:320:26 | name | -| lib/lib.js:320:23:320:26 | name | -| lib/lib.js:324:40:324:42 | arg | -| lib/lib.js:324:40:324:42 | arg | -| lib/lib.js:325:49:325:51 | arg | -| lib/lib.js:325:49:325:51 | arg | -| lib/lib.js:329:13:329:13 | x | -| lib/lib.js:329:13:329:13 | x | -| lib/lib.js:330:9:330:9 | x | -| lib/lib.js:336:22:336:31 | id("test") | -| lib/lib.js:336:22:336:31 | id("test") | -| lib/lib.js:339:39:339:39 | n | -| lib/lib.js:339:39:339:39 | n | -| lib/lib.js:340:22:340:26 | id(n) | -| lib/lib.js:340:22:340:26 | id(n) | -| lib/lib.js:340:22:340:26 | id(n) | -| lib/lib.js:340:25:340:25 | n | -| lib/lib.js:349:29:349:34 | unsafe | -| lib/lib.js:349:29:349:34 | unsafe | -| lib/lib.js:351:22:351:27 | unsafe | -| lib/lib.js:351:22:351:27 | unsafe | -| lib/lib.js:360:20:360:23 | opts | -| lib/lib.js:360:20:360:23 | opts | -| lib/lib.js:361:20:361:23 | opts | -| lib/lib.js:361:20:361:34 | opts.learn_args | -| lib/lib.js:366:28:366:42 | this.learn_args | -| lib/lib.js:366:28:366:42 | this.learn_args | -| lib/lib.js:405:39:405:42 | name | -| lib/lib.js:405:39:405:42 | name | -| lib/lib.js:406:22:406:25 | name | -| lib/lib.js:406:22:406:25 | name | -| lib/lib.js:414:40:414:43 | name | -| lib/lib.js:414:40:414:43 | name | -| lib/lib.js:415:22:415:25 | name | -| lib/lib.js:415:22:415:25 | name | -| lib/lib.js:417:28:417:31 | name | -| lib/lib.js:417:28:417:31 | name | -| lib/lib.js:418:25:418:28 | name | -| lib/lib.js:418:25:418:28 | name | -| lib/lib.js:419:32:419:35 | name | -| lib/lib.js:419:32:419:35 | name | -| lib/lib.js:420:29:420:32 | name | -| lib/lib.js:420:29:420:32 | name | -| lib/lib.js:424:24:424:27 | name | -| lib/lib.js:424:24:424:27 | name | -| lib/lib.js:425:6:425:13 | arr | -| lib/lib.js:425:12:425:13 | [] | -| lib/lib.js:426:11:426:14 | name | -| lib/lib.js:426:11:426:14 | name | -| lib/lib.js:427:14:427:16 | arr | -| lib/lib.js:427:14:427:16 | arr | -| lib/lib.js:428:14:428:58 | build(" ... + '-') | -| lib/lib.js:428:14:428:58 | build(" ... + '-') | -| lib/lib.js:428:28:428:51 | (name ? ... ' : '') | -| lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | -| lib/lib.js:428:29:428:50 | name ? ... :' : '' | -| lib/lib.js:428:36:428:39 | name | -| lib/lib.js:428:36:428:45 | name + ':' | -| lib/lib.js:431:23:431:26 | last | -| lib/lib.js:436:19:436:22 | last | -| lib/lib.js:436:19:436:22 | last | -| lib/lib.js:441:39:441:42 | name | -| lib/lib.js:441:39:441:42 | name | -| lib/lib.js:442:24:442:27 | name | -| lib/lib.js:442:24:442:27 | name | -| lib/lib.js:446:20:446:23 | name | -| lib/lib.js:446:20:446:23 | name | -| lib/lib.js:447:25:447:28 | name | -| lib/lib.js:447:25:447:28 | name | -| lib/lib.js:477:33:477:38 | config | -| lib/lib.js:477:33:477:38 | config | -| lib/lib.js:478:27:478:32 | config | -| lib/lib.js:478:27:478:46 | config.installedPath | -| lib/lib.js:478:27:478:46 | config.installedPath | -| lib/lib.js:482:40:482:43 | name | -| lib/lib.js:482:40:482:43 | name | -| lib/lib.js:483:30:483:33 | name | -| lib/lib.js:483:30:483:33 | name | -| lib/lib.js:498:45:498:48 | name | -| lib/lib.js:498:45:498:48 | name | -| lib/lib.js:499:31:499:34 | name | -| lib/lib.js:499:31:499:34 | name | -| lib/lib.js:509:39:509:42 | name | -| lib/lib.js:509:39:509:42 | name | -| lib/lib.js:510:22:510:25 | name | -| lib/lib.js:510:22:510:25 | name | -| lib/lib.js:513:23:513:26 | name | -| lib/lib.js:513:23:513:26 | name | -| lib/lib.js:519:23:519:26 | name | -| lib/lib.js:519:23:519:26 | name | -| lib/lib.js:525:23:525:26 | name | -| lib/lib.js:525:23:525:26 | name | -| lib/lib.js:531:23:531:26 | name | -| lib/lib.js:531:23:531:26 | name | -| lib/lib.js:537:23:537:26 | name | -| lib/lib.js:537:23:537:26 | name | -| lib/lib.js:543:23:543:26 | name | -| lib/lib.js:543:23:543:26 | name | -| lib/lib.js:545:23:545:26 | name | -| lib/lib.js:545:23:545:26 | name | -| lib/lib.js:550:39:550:42 | name | -| lib/lib.js:550:39:550:42 | name | -| lib/lib.js:551:33:551:36 | args | -| lib/lib.js:552:23:552:26 | args | -| lib/lib.js:552:23:552:26 | args | -| lib/lib.js:555:25:555:37 | ["-rf", name] | -| lib/lib.js:555:33:555:36 | name | -| lib/lib.js:555:33:555:36 | name | -| lib/lib.js:558:41:558:44 | name | -| lib/lib.js:558:41:558:44 | name | -| lib/lib.js:560:26:560:29 | name | -| lib/lib.js:560:26:560:29 | name | -| lib/lib.js:562:26:562:29 | name | -| lib/lib.js:562:26:562:29 | name | -| lib/lib.js:566:26:566:29 | name | -| lib/lib.js:566:26:566:29 | name | -| lib/lib.js:572:41:572:44 | name | -| lib/lib.js:572:41:572:44 | name | -| lib/lib.js:573:22:573:25 | name | -| lib/lib.js:573:22:573:25 | name | -| lib/lib.js:579:25:579:28 | name | -| lib/lib.js:579:25:579:28 | name | -| lib/lib.js:590:29:590:32 | name | -| lib/lib.js:590:29:590:32 | name | -| lib/lib.js:593:25:593:28 | name | -| lib/lib.js:593:25:593:28 | name | -| lib/lib.js:608:42:608:45 | name | -| lib/lib.js:608:42:608:45 | name | -| lib/lib.js:609:22:609:25 | name | -| lib/lib.js:609:22:609:25 | name | -| lib/lib.js:626:29:626:32 | name | -| lib/lib.js:626:29:626:32 | name | -| lib/lib.js:629:25:629:28 | name | -| lib/lib.js:629:25:629:28 | name | -| lib/subLib2/compiled-file.ts:3:26:3:29 | name | -| lib/subLib2/compiled-file.ts:3:26:3:29 | name | -| lib/subLib2/compiled-file.ts:4:25:4:28 | name | -| lib/subLib2/compiled-file.ts:4:25:4:28 | name | -| lib/subLib2/special-file.js:3:28:3:31 | name | -| lib/subLib2/special-file.js:3:28:3:31 | name | -| lib/subLib2/special-file.js:4:22:4:25 | name | -| lib/subLib2/special-file.js:4:22:4:25 | name | -| lib/subLib3/my-file.ts:3:28:3:31 | name | -| lib/subLib3/my-file.ts:3:28:3:31 | name | -| lib/subLib3/my-file.ts:4:22:4:25 | name | -| lib/subLib3/my-file.ts:4:22:4:25 | name | -| lib/subLib4/index.js:6:32:6:35 | name | -| lib/subLib4/index.js:6:32:6:35 | name | -| lib/subLib4/index.js:7:18:7:21 | name | -| lib/subLib4/subsub.js:3:28:3:31 | name | -| lib/subLib4/subsub.js:4:22:4:25 | name | -| lib/subLib4/subsub.js:4:22:4:25 | name | -| lib/subLib/amdSub.js:3:28:3:31 | name | -| lib/subLib/amdSub.js:3:28:3:31 | name | -| lib/subLib/amdSub.js:4:22:4:25 | name | -| lib/subLib/amdSub.js:4:22:4:25 | name | -| lib/subLib/index.js:3:28:3:31 | name | -| lib/subLib/index.js:3:28:3:31 | name | -| lib/subLib/index.js:4:22:4:25 | name | -| lib/subLib/index.js:4:22:4:25 | name | -| lib/subLib/index.js:7:32:7:35 | name | -| lib/subLib/index.js:7:32:7:35 | name | -| lib/subLib/index.js:8:22:8:25 | name | -| lib/subLib/index.js:8:22:8:25 | name | -| lib/subLib/index.js:13:44:13:46 | arr | -| lib/subLib/index.js:13:44:13:46 | arr | -| lib/subLib/index.js:14:22:14:24 | arr | -| lib/subLib/index.js:14:22:14:24 | arr | edges -| lib/isImported.js:5:49:5:52 | name | lib/isImported.js:6:22:6:25 | name | -| lib/isImported.js:5:49:5:52 | name | lib/isImported.js:6:22:6:25 | name | -| lib/isImported.js:5:49:5:52 | name | lib/isImported.js:6:22:6:25 | name | -| lib/isImported.js:5:49:5:52 | name | lib/isImported.js:6:22:6:25 | name | -| lib/lib2.js:3:28:3:31 | name | lib/lib2.js:4:22:4:25 | name | -| lib/lib2.js:3:28:3:31 | name | lib/lib2.js:4:22:4:25 | name | -| lib/lib2.js:3:28:3:31 | name | lib/lib2.js:4:22:4:25 | name | -| lib/lib2.js:3:28:3:31 | name | lib/lib2.js:4:22:4:25 | name | -| lib/lib2.js:7:32:7:35 | name | lib/lib2.js:8:22:8:25 | name | -| lib/lib2.js:7:32:7:35 | name | lib/lib2.js:8:22:8:25 | name | -| lib/lib2.js:7:32:7:35 | name | lib/lib2.js:8:22:8:25 | name | -| lib/lib2.js:7:32:7:35 | name | lib/lib2.js:8:22:8:25 | name | -| lib/lib.js:3:28:3:31 | name | lib/lib.js:4:22:4:25 | name | -| lib/lib.js:3:28:3:31 | name | lib/lib.js:4:22:4:25 | name | -| lib/lib.js:3:28:3:31 | name | lib/lib.js:4:22:4:25 | name | -| lib/lib.js:3:28:3:31 | name | lib/lib.js:4:22:4:25 | name | -| lib/lib.js:10:32:10:35 | name | lib/lib.js:11:22:11:25 | name | -| lib/lib.js:10:32:10:35 | name | lib/lib.js:11:22:11:25 | name | -| lib/lib.js:10:32:10:35 | name | lib/lib.js:11:22:11:25 | name | -| lib/lib.js:10:32:10:35 | name | lib/lib.js:11:22:11:25 | name | -| lib/lib.js:14:36:14:39 | name | lib/lib.js:15:22:15:25 | name | -| lib/lib.js:14:36:14:39 | name | lib/lib.js:15:22:15:25 | name | -| lib/lib.js:14:36:14:39 | name | lib/lib.js:15:22:15:25 | name | -| lib/lib.js:14:36:14:39 | name | lib/lib.js:15:22:15:25 | name | -| lib/lib.js:19:34:19:37 | name | lib/lib.js:20:22:20:25 | name | -| lib/lib.js:19:34:19:37 | name | lib/lib.js:20:22:20:25 | name | -| lib/lib.js:19:34:19:37 | name | lib/lib.js:20:22:20:25 | name | -| lib/lib.js:19:34:19:37 | name | lib/lib.js:20:22:20:25 | name | -| lib/lib.js:26:35:26:38 | name | lib/lib.js:27:22:27:25 | name | -| lib/lib.js:26:35:26:38 | name | lib/lib.js:27:22:27:25 | name | -| lib/lib.js:26:35:26:38 | name | lib/lib.js:27:22:27:25 | name | -| lib/lib.js:26:35:26:38 | name | lib/lib.js:27:22:27:25 | name | -| lib/lib.js:34:14:34:17 | name | lib/lib.js:35:23:35:26 | name | -| lib/lib.js:34:14:34:17 | name | lib/lib.js:35:23:35:26 | name | -| lib/lib.js:34:14:34:17 | name | lib/lib.js:35:23:35:26 | name | -| lib/lib.js:34:14:34:17 | name | lib/lib.js:35:23:35:26 | name | -| lib/lib.js:37:13:37:16 | name | lib/lib.js:38:23:38:26 | name | -| lib/lib.js:37:13:37:16 | name | lib/lib.js:38:23:38:26 | name | -| lib/lib.js:37:13:37:16 | name | lib/lib.js:38:23:38:26 | name | -| lib/lib.js:37:13:37:16 | name | lib/lib.js:38:23:38:26 | name | -| lib/lib.js:40:6:40:9 | name | lib/lib.js:41:23:41:26 | name | -| lib/lib.js:40:6:40:9 | name | lib/lib.js:41:23:41:26 | name | -| lib/lib.js:40:6:40:9 | name | lib/lib.js:41:23:41:26 | name | -| lib/lib.js:40:6:40:9 | name | lib/lib.js:41:23:41:26 | name | -| lib/lib.js:49:31:49:34 | name | lib/lib.js:50:47:50:50 | name | -| lib/lib.js:49:31:49:34 | name | lib/lib.js:50:47:50:50 | name | -| lib/lib.js:49:31:49:34 | name | lib/lib.js:50:47:50:50 | name | -| lib/lib.js:49:31:49:34 | name | lib/lib.js:50:47:50:50 | name | -| lib/lib.js:53:33:53:36 | name | lib/lib.js:54:25:54:28 | name | -| lib/lib.js:53:33:53:36 | name | lib/lib.js:54:25:54:28 | name | -| lib/lib.js:53:33:53:36 | name | lib/lib.js:54:25:54:28 | name | -| lib/lib.js:53:33:53:36 | name | lib/lib.js:54:25:54:28 | name | -| lib/lib.js:53:33:53:36 | name | lib/lib.js:57:25:57:28 | name | -| lib/lib.js:53:33:53:36 | name | lib/lib.js:57:25:57:28 | name | -| lib/lib.js:53:33:53:36 | name | lib/lib.js:57:25:57:28 | name | -| lib/lib.js:53:33:53:36 | name | lib/lib.js:57:25:57:28 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:65:22:65:25 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:65:22:65:25 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:65:22:65:25 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:65:22:65:25 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:69:27:69:30 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:69:27:69:30 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:69:27:69:30 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:69:27:69:30 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:71:28:71:31 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:71:28:71:31 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:71:28:71:31 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:71:28:71:31 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:73:21:73:24 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:73:21:73:24 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:73:21:73:24 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:73:21:73:24 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:75:20:75:23 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:75:20:75:23 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:75:20:75:23 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:75:20:75:23 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:77:28:77:31 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:77:28:77:31 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:77:28:77:31 | name | -| lib/lib.js:64:41:64:44 | name | lib/lib.js:77:28:77:31 | name | -| lib/lib.js:82:35:82:38 | name | lib/lib.js:83:22:83:25 | name | -| lib/lib.js:82:35:82:38 | name | lib/lib.js:83:22:83:25 | name | -| lib/lib.js:82:35:82:38 | name | lib/lib.js:83:22:83:25 | name | -| lib/lib.js:82:35:82:38 | name | lib/lib.js:83:22:83:25 | name | -| lib/lib.js:82:35:82:38 | name | lib/lib.js:86:13:86:16 | name | -| lib/lib.js:82:35:82:38 | name | lib/lib.js:86:13:86:16 | name | -| lib/lib.js:82:35:82:38 | name | lib/lib.js:86:13:86:16 | name | -| lib/lib.js:82:35:82:38 | name | lib/lib.js:86:13:86:16 | name | -| lib/lib.js:82:35:82:38 | name | lib/lib.js:89:21:89:24 | name | -| lib/lib.js:82:35:82:38 | name | lib/lib.js:89:21:89:24 | name | -| lib/lib.js:82:35:82:38 | name | lib/lib.js:89:21:89:24 | name | -| lib/lib.js:82:35:82:38 | name | lib/lib.js:89:21:89:24 | name | -| lib/lib.js:82:35:82:38 | name | lib/lib.js:91:28:91:31 | name | -| lib/lib.js:82:35:82:38 | name | lib/lib.js:91:28:91:31 | name | -| lib/lib.js:91:28:91:31 | name | lib/lib.js:91:21:91:38 | "\\"" + name + "\\"" | -| lib/lib.js:91:28:91:31 | name | lib/lib.js:91:21:91:38 | "\\"" + name + "\\"" | -| lib/lib.js:97:35:97:38 | name | lib/lib.js:98:35:98:38 | name | -| lib/lib.js:97:35:97:38 | name | lib/lib.js:98:35:98:38 | name | -| lib/lib.js:97:35:97:38 | name | lib/lib.js:98:35:98:38 | name | -| lib/lib.js:97:35:97:38 | name | lib/lib.js:98:35:98:38 | name | -| lib/lib.js:97:35:97:38 | name | lib/lib.js:100:37:100:40 | name | -| lib/lib.js:97:35:97:38 | name | lib/lib.js:100:37:100:40 | name | -| lib/lib.js:97:35:97:38 | name | lib/lib.js:100:37:100:40 | name | -| lib/lib.js:97:35:97:38 | name | lib/lib.js:100:37:100:40 | name | -| lib/lib.js:97:35:97:38 | name | lib/lib.js:102:46:102:49 | name | -| lib/lib.js:97:35:97:38 | name | lib/lib.js:102:46:102:49 | name | -| lib/lib.js:97:35:97:38 | name | lib/lib.js:102:46:102:49 | name | -| lib/lib.js:97:35:97:38 | name | lib/lib.js:102:46:102:49 | name | -| lib/lib.js:97:35:97:38 | name | lib/lib.js:108:41:108:44 | name | -| lib/lib.js:97:35:97:38 | name | lib/lib.js:108:41:108:44 | name | -| lib/lib.js:97:35:97:38 | name | lib/lib.js:108:41:108:44 | name | -| lib/lib.js:97:35:97:38 | name | lib/lib.js:108:41:108:44 | name | -| lib/lib.js:111:34:111:37 | name | lib/lib.js:112:22:112:25 | name | -| lib/lib.js:111:34:111:37 | name | lib/lib.js:112:22:112:25 | name | -| lib/lib.js:111:34:111:37 | name | lib/lib.js:112:22:112:25 | name | -| lib/lib.js:111:34:111:37 | name | lib/lib.js:112:22:112:25 | name | -| lib/lib.js:120:33:120:36 | name | lib/lib.js:121:22:121:25 | name | -| lib/lib.js:120:33:120:36 | name | lib/lib.js:121:22:121:25 | name | -| lib/lib.js:120:33:120:36 | name | lib/lib.js:121:22:121:25 | name | -| lib/lib.js:120:33:120:36 | name | lib/lib.js:121:22:121:25 | name | -| lib/lib.js:130:6:130:9 | name | lib/lib.js:131:23:131:26 | name | -| lib/lib.js:130:6:130:9 | name | lib/lib.js:131:23:131:26 | name | -| lib/lib.js:130:6:130:9 | name | lib/lib.js:131:23:131:26 | name | -| lib/lib.js:130:6:130:9 | name | lib/lib.js:131:23:131:26 | name | -| lib/lib.js:148:37:148:40 | name | lib/lib.js:149:24:149:27 | name | -| lib/lib.js:148:37:148:40 | name | lib/lib.js:149:24:149:27 | name | -| lib/lib.js:148:37:148:40 | name | lib/lib.js:149:24:149:27 | name | -| lib/lib.js:148:37:148:40 | name | lib/lib.js:149:24:149:27 | name | -| lib/lib.js:155:38:155:41 | name | lib/lib.js:161:25:161:28 | name | -| lib/lib.js:155:38:155:41 | name | lib/lib.js:161:25:161:28 | name | -| lib/lib.js:155:38:155:41 | name | lib/lib.js:161:25:161:28 | name | -| lib/lib.js:155:38:155:41 | name | lib/lib.js:161:25:161:28 | name | -| lib/lib.js:170:41:170:44 | name | lib/lib.js:173:20:173:23 | name | -| lib/lib.js:170:41:170:44 | name | lib/lib.js:173:20:173:23 | name | -| lib/lib.js:170:41:170:44 | name | lib/lib.js:173:20:173:23 | name | -| lib/lib.js:170:41:170:44 | name | lib/lib.js:173:20:173:23 | name | -| lib/lib.js:177:38:177:41 | name | lib/lib.js:181:21:181:24 | name | -| lib/lib.js:177:38:177:41 | name | lib/lib.js:181:21:181:24 | name | -| lib/lib.js:181:6:181:52 | broken | lib/lib.js:182:22:182:27 | broken | -| lib/lib.js:181:6:181:52 | broken | lib/lib.js:182:22:182:27 | broken | -| lib/lib.js:181:15:181:52 | "'" + n ... ) + "'" | lib/lib.js:181:6:181:52 | broken | -| lib/lib.js:181:21:181:24 | name | lib/lib.js:181:21:181:46 | name.re ... "'\\''") | -| lib/lib.js:181:21:181:24 | name | lib/lib.js:181:21:181:46 | name.re ... "'\\''") | -| lib/lib.js:181:21:181:46 | name.re ... "'\\''") | lib/lib.js:181:15:181:52 | "'" + n ... ) + "'" | -| lib/lib.js:186:34:186:37 | name | lib/lib.js:187:22:187:25 | name | -| lib/lib.js:186:34:186:37 | name | lib/lib.js:187:22:187:25 | name | -| lib/lib.js:186:34:186:37 | name | lib/lib.js:187:22:187:25 | name | -| lib/lib.js:186:34:186:37 | name | lib/lib.js:187:22:187:25 | name | -| lib/lib.js:186:34:186:37 | name | lib/lib.js:190:23:190:26 | name | -| lib/lib.js:186:34:186:37 | name | lib/lib.js:190:23:190:26 | name | -| lib/lib.js:186:34:186:37 | name | lib/lib.js:190:23:190:26 | name | -| lib/lib.js:186:34:186:37 | name | lib/lib.js:190:23:190:26 | name | -| lib/lib.js:196:45:196:48 | name | lib/lib.js:197:22:197:25 | name | -| lib/lib.js:196:45:196:48 | name | lib/lib.js:197:22:197:25 | name | -| lib/lib.js:196:45:196:48 | name | lib/lib.js:197:22:197:25 | name | -| lib/lib.js:196:45:196:48 | name | lib/lib.js:197:22:197:25 | name | -| lib/lib.js:196:45:196:48 | name | lib/lib.js:200:23:200:26 | name | -| lib/lib.js:196:45:196:48 | name | lib/lib.js:200:23:200:26 | name | -| lib/lib.js:196:45:196:48 | name | lib/lib.js:200:23:200:26 | name | -| lib/lib.js:196:45:196:48 | name | lib/lib.js:200:23:200:26 | name | -| lib/lib.js:206:45:206:48 | name | lib/lib.js:207:22:207:25 | name | -| lib/lib.js:206:45:206:48 | name | lib/lib.js:207:22:207:25 | name | -| lib/lib.js:206:45:206:48 | name | lib/lib.js:207:22:207:25 | name | -| lib/lib.js:206:45:206:48 | name | lib/lib.js:207:22:207:25 | name | -| lib/lib.js:206:45:206:48 | name | lib/lib.js:212:23:212:26 | name | -| lib/lib.js:206:45:206:48 | name | lib/lib.js:212:23:212:26 | name | -| lib/lib.js:206:45:206:48 | name | lib/lib.js:212:23:212:26 | name | -| lib/lib.js:206:45:206:48 | name | lib/lib.js:212:23:212:26 | name | -| lib/lib.js:216:39:216:42 | name | lib/lib.js:217:22:217:25 | name | -| lib/lib.js:216:39:216:42 | name | lib/lib.js:217:22:217:25 | name | -| lib/lib.js:216:39:216:42 | name | lib/lib.js:217:22:217:25 | name | -| lib/lib.js:216:39:216:42 | name | lib/lib.js:217:22:217:25 | name | -| lib/lib.js:216:39:216:42 | name | lib/lib.js:220:23:220:26 | name | -| lib/lib.js:216:39:216:42 | name | lib/lib.js:220:23:220:26 | name | -| lib/lib.js:216:39:216:42 | name | lib/lib.js:220:23:220:26 | name | -| lib/lib.js:216:39:216:42 | name | lib/lib.js:220:23:220:26 | name | -| lib/lib.js:216:39:216:42 | name | lib/lib.js:224:22:224:25 | name | -| lib/lib.js:216:39:216:42 | name | lib/lib.js:224:22:224:25 | name | -| lib/lib.js:216:39:216:42 | name | lib/lib.js:224:22:224:25 | name | -| lib/lib.js:216:39:216:42 | name | lib/lib.js:224:22:224:25 | name | -| lib/lib.js:227:39:227:42 | name | lib/lib.js:228:22:228:25 | name | -| lib/lib.js:227:39:227:42 | name | lib/lib.js:228:22:228:25 | name | -| lib/lib.js:227:39:227:42 | name | lib/lib.js:228:22:228:25 | name | -| lib/lib.js:227:39:227:42 | name | lib/lib.js:228:22:228:25 | name | -| lib/lib.js:227:39:227:42 | name | lib/lib.js:236:22:236:25 | name | -| lib/lib.js:227:39:227:42 | name | lib/lib.js:236:22:236:25 | name | -| lib/lib.js:227:39:227:42 | name | lib/lib.js:236:22:236:25 | name | -| lib/lib.js:227:39:227:42 | name | lib/lib.js:236:22:236:25 | name | -| lib/lib.js:248:42:248:45 | name | lib/lib.js:249:22:249:25 | name | -| lib/lib.js:248:42:248:45 | name | lib/lib.js:249:22:249:25 | name | -| lib/lib.js:248:42:248:45 | name | lib/lib.js:249:22:249:25 | name | -| lib/lib.js:248:42:248:45 | name | lib/lib.js:249:22:249:25 | name | -| lib/lib.js:257:35:257:38 | name | lib/lib.js:258:22:258:25 | name | -| lib/lib.js:257:35:257:38 | name | lib/lib.js:258:22:258:25 | name | -| lib/lib.js:257:35:257:38 | name | lib/lib.js:258:22:258:25 | name | -| lib/lib.js:257:35:257:38 | name | lib/lib.js:258:22:258:25 | name | -| lib/lib.js:257:35:257:38 | name | lib/lib.js:261:30:261:33 | name | -| lib/lib.js:257:35:257:38 | name | lib/lib.js:261:30:261:33 | name | -| lib/lib.js:257:35:257:38 | name | lib/lib.js:261:30:261:33 | name | -| lib/lib.js:257:35:257:38 | name | lib/lib.js:261:30:261:33 | name | -| lib/lib.js:267:46:267:48 | obj | lib/lib.js:268:22:268:24 | obj | -| lib/lib.js:267:46:267:48 | obj | lib/lib.js:268:22:268:24 | obj | -| lib/lib.js:268:22:268:24 | obj | lib/lib.js:268:22:268:32 | obj.version | -| lib/lib.js:268:22:268:24 | obj | lib/lib.js:268:22:268:32 | obj.version | -| lib/lib.js:276:8:276:11 | opts | lib/lib.js:277:23:277:26 | opts | -| lib/lib.js:276:8:276:11 | opts | lib/lib.js:277:23:277:26 | opts | -| lib/lib.js:276:8:276:11 | opts | lib/lib.js:279:19:279:22 | opts | -| lib/lib.js:276:8:276:11 | opts | lib/lib.js:279:19:279:22 | opts | -| lib/lib.js:277:23:277:26 | opts | lib/lib.js:277:23:277:30 | opts.bla | -| lib/lib.js:277:23:277:26 | opts | lib/lib.js:277:23:277:30 | opts.bla | -| lib/lib.js:279:19:279:22 | opts | lib/lib.js:279:19:279:26 | opts.bla | -| lib/lib.js:279:19:279:26 | opts.bla | lib/lib.js:281:23:281:35 | this.opts.bla | -| lib/lib.js:279:19:279:26 | opts.bla | lib/lib.js:281:23:281:35 | this.opts.bla | -| lib/lib.js:307:39:307:42 | name | lib/lib.js:308:23:308:26 | name | -| lib/lib.js:307:39:307:42 | name | lib/lib.js:308:23:308:26 | name | -| lib/lib.js:307:39:307:42 | name | lib/lib.js:308:23:308:26 | name | -| lib/lib.js:307:39:307:42 | name | lib/lib.js:308:23:308:26 | name | -| lib/lib.js:314:40:314:43 | name | lib/lib.js:315:22:315:25 | name | -| lib/lib.js:314:40:314:43 | name | lib/lib.js:315:22:315:25 | name | -| lib/lib.js:314:40:314:43 | name | lib/lib.js:315:22:315:25 | name | -| lib/lib.js:314:40:314:43 | name | lib/lib.js:315:22:315:25 | name | -| lib/lib.js:314:40:314:43 | name | lib/lib.js:320:23:320:26 | name | -| lib/lib.js:314:40:314:43 | name | lib/lib.js:320:23:320:26 | name | -| lib/lib.js:314:40:314:43 | name | lib/lib.js:320:23:320:26 | name | -| lib/lib.js:314:40:314:43 | name | lib/lib.js:320:23:320:26 | name | -| lib/lib.js:324:40:324:42 | arg | lib/lib.js:325:49:325:51 | arg | -| lib/lib.js:324:40:324:42 | arg | lib/lib.js:325:49:325:51 | arg | -| lib/lib.js:324:40:324:42 | arg | lib/lib.js:325:49:325:51 | arg | -| lib/lib.js:324:40:324:42 | arg | lib/lib.js:325:49:325:51 | arg | -| lib/lib.js:329:13:329:13 | x | lib/lib.js:330:9:330:9 | x | -| lib/lib.js:329:13:329:13 | x | lib/lib.js:330:9:330:9 | x | -| lib/lib.js:330:9:330:9 | x | lib/lib.js:336:22:336:31 | id("test") | -| lib/lib.js:330:9:330:9 | x | lib/lib.js:336:22:336:31 | id("test") | -| lib/lib.js:330:9:330:9 | x | lib/lib.js:340:22:340:26 | id(n) | -| lib/lib.js:330:9:330:9 | x | lib/lib.js:340:22:340:26 | id(n) | -| lib/lib.js:339:39:339:39 | n | lib/lib.js:340:25:340:25 | n | -| lib/lib.js:339:39:339:39 | n | lib/lib.js:340:25:340:25 | n | -| lib/lib.js:340:25:340:25 | n | lib/lib.js:340:22:340:26 | id(n) | -| lib/lib.js:340:25:340:25 | n | lib/lib.js:340:22:340:26 | id(n) | -| lib/lib.js:349:29:349:34 | unsafe | lib/lib.js:351:22:351:27 | unsafe | -| lib/lib.js:349:29:349:34 | unsafe | lib/lib.js:351:22:351:27 | unsafe | -| lib/lib.js:349:29:349:34 | unsafe | lib/lib.js:351:22:351:27 | unsafe | -| lib/lib.js:349:29:349:34 | unsafe | lib/lib.js:351:22:351:27 | unsafe | -| lib/lib.js:360:20:360:23 | opts | lib/lib.js:361:20:361:23 | opts | -| lib/lib.js:360:20:360:23 | opts | lib/lib.js:361:20:361:23 | opts | -| lib/lib.js:361:20:361:23 | opts | lib/lib.js:361:20:361:34 | opts.learn_args | -| lib/lib.js:361:20:361:34 | opts.learn_args | lib/lib.js:366:28:366:42 | this.learn_args | -| lib/lib.js:361:20:361:34 | opts.learn_args | lib/lib.js:366:28:366:42 | this.learn_args | -| lib/lib.js:405:39:405:42 | name | lib/lib.js:406:22:406:25 | name | -| lib/lib.js:405:39:405:42 | name | lib/lib.js:406:22:406:25 | name | -| lib/lib.js:405:39:405:42 | name | lib/lib.js:406:22:406:25 | name | -| lib/lib.js:405:39:405:42 | name | lib/lib.js:406:22:406:25 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:415:22:415:25 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:415:22:415:25 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:415:22:415:25 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:415:22:415:25 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:417:28:417:31 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:417:28:417:31 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:417:28:417:31 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:417:28:417:31 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:418:25:418:28 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:418:25:418:28 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:418:25:418:28 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:418:25:418:28 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:419:32:419:35 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:419:32:419:35 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:419:32:419:35 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:419:32:419:35 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:420:29:420:32 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:420:29:420:32 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:420:29:420:32 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:420:29:420:32 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:424:24:424:27 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:424:24:424:27 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:424:24:424:27 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:424:24:424:27 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:426:11:426:14 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:426:11:426:14 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:426:11:426:14 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:426:11:426:14 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:428:36:428:39 | name | -| lib/lib.js:414:40:414:43 | name | lib/lib.js:428:36:428:39 | name | -| lib/lib.js:425:6:425:13 | arr | lib/lib.js:427:14:427:16 | arr | -| lib/lib.js:425:6:425:13 | arr | lib/lib.js:427:14:427:16 | arr | -| lib/lib.js:425:12:425:13 | [] | lib/lib.js:425:6:425:13 | arr | -| lib/lib.js:426:11:426:14 | name | lib/lib.js:425:12:425:13 | [] | -| lib/lib.js:428:28:428:51 | (name ? ... ' : '') | lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | -| lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | lib/lib.js:428:14:428:58 | build(" ... + '-') | -| lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | lib/lib.js:428:14:428:58 | build(" ... + '-') | -| lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | lib/lib.js:431:23:431:26 | last | -| lib/lib.js:428:29:428:50 | name ? ... :' : '' | lib/lib.js:428:28:428:51 | (name ? ... ' : '') | -| lib/lib.js:428:36:428:39 | name | lib/lib.js:428:36:428:45 | name + ':' | -| lib/lib.js:428:36:428:45 | name + ':' | lib/lib.js:428:29:428:50 | name ? ... :' : '' | -| lib/lib.js:431:23:431:26 | last | lib/lib.js:436:19:436:22 | last | -| lib/lib.js:431:23:431:26 | last | lib/lib.js:436:19:436:22 | last | -| lib/lib.js:441:39:441:42 | name | lib/lib.js:442:24:442:27 | name | -| lib/lib.js:441:39:441:42 | name | lib/lib.js:442:24:442:27 | name | -| lib/lib.js:441:39:441:42 | name | lib/lib.js:442:24:442:27 | name | -| lib/lib.js:441:39:441:42 | name | lib/lib.js:442:24:442:27 | name | -| lib/lib.js:446:20:446:23 | name | lib/lib.js:447:25:447:28 | name | -| lib/lib.js:446:20:446:23 | name | lib/lib.js:447:25:447:28 | name | -| lib/lib.js:446:20:446:23 | name | lib/lib.js:447:25:447:28 | name | -| lib/lib.js:446:20:446:23 | name | lib/lib.js:447:25:447:28 | name | -| lib/lib.js:477:33:477:38 | config | lib/lib.js:478:27:478:32 | config | -| lib/lib.js:477:33:477:38 | config | lib/lib.js:478:27:478:32 | config | -| lib/lib.js:478:27:478:32 | config | lib/lib.js:478:27:478:46 | config.installedPath | -| lib/lib.js:478:27:478:32 | config | lib/lib.js:478:27:478:46 | config.installedPath | -| lib/lib.js:482:40:482:43 | name | lib/lib.js:483:30:483:33 | name | -| lib/lib.js:482:40:482:43 | name | lib/lib.js:483:30:483:33 | name | -| lib/lib.js:482:40:482:43 | name | lib/lib.js:483:30:483:33 | name | -| lib/lib.js:482:40:482:43 | name | lib/lib.js:483:30:483:33 | name | -| lib/lib.js:498:45:498:48 | name | lib/lib.js:499:31:499:34 | name | -| lib/lib.js:498:45:498:48 | name | lib/lib.js:499:31:499:34 | name | -| lib/lib.js:498:45:498:48 | name | lib/lib.js:499:31:499:34 | name | -| lib/lib.js:498:45:498:48 | name | lib/lib.js:499:31:499:34 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:510:22:510:25 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:510:22:510:25 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:510:22:510:25 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:510:22:510:25 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:513:23:513:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:513:23:513:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:513:23:513:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:513:23:513:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:519:23:519:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:519:23:519:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:519:23:519:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:519:23:519:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:525:23:525:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:525:23:525:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:525:23:525:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:525:23:525:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:531:23:531:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:531:23:531:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:531:23:531:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:531:23:531:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:537:23:537:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:537:23:537:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:537:23:537:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:537:23:537:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:543:23:543:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:543:23:543:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:543:23:543:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:543:23:543:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:545:23:545:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:545:23:545:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:545:23:545:26 | name | -| lib/lib.js:509:39:509:42 | name | lib/lib.js:545:23:545:26 | name | -| lib/lib.js:550:39:550:42 | name | lib/lib.js:555:33:555:36 | name | -| lib/lib.js:550:39:550:42 | name | lib/lib.js:555:33:555:36 | name | -| lib/lib.js:550:39:550:42 | name | lib/lib.js:555:33:555:36 | name | -| lib/lib.js:550:39:550:42 | name | lib/lib.js:555:33:555:36 | name | -| lib/lib.js:551:33:551:36 | args | lib/lib.js:552:23:552:26 | args | -| lib/lib.js:551:33:551:36 | args | lib/lib.js:552:23:552:26 | args | -| lib/lib.js:555:25:555:37 | ["-rf", name] | lib/lib.js:551:33:551:36 | args | -| lib/lib.js:555:33:555:36 | name | lib/lib.js:555:25:555:37 | ["-rf", name] | -| lib/lib.js:558:41:558:44 | name | lib/lib.js:560:26:560:29 | name | -| lib/lib.js:558:41:558:44 | name | lib/lib.js:560:26:560:29 | name | -| lib/lib.js:558:41:558:44 | name | lib/lib.js:560:26:560:29 | name | -| lib/lib.js:558:41:558:44 | name | lib/lib.js:560:26:560:29 | name | -| lib/lib.js:558:41:558:44 | name | lib/lib.js:562:26:562:29 | name | -| lib/lib.js:558:41:558:44 | name | lib/lib.js:562:26:562:29 | name | -| lib/lib.js:558:41:558:44 | name | lib/lib.js:562:26:562:29 | name | -| lib/lib.js:558:41:558:44 | name | lib/lib.js:562:26:562:29 | name | -| lib/lib.js:558:41:558:44 | name | lib/lib.js:566:26:566:29 | name | -| lib/lib.js:558:41:558:44 | name | lib/lib.js:566:26:566:29 | name | -| lib/lib.js:558:41:558:44 | name | lib/lib.js:566:26:566:29 | name | -| lib/lib.js:558:41:558:44 | name | lib/lib.js:566:26:566:29 | name | -| lib/lib.js:572:41:572:44 | name | lib/lib.js:573:22:573:25 | name | -| lib/lib.js:572:41:572:44 | name | lib/lib.js:573:22:573:25 | name | -| lib/lib.js:572:41:572:44 | name | lib/lib.js:573:22:573:25 | name | -| lib/lib.js:572:41:572:44 | name | lib/lib.js:573:22:573:25 | name | -| lib/lib.js:572:41:572:44 | name | lib/lib.js:579:25:579:28 | name | -| lib/lib.js:572:41:572:44 | name | lib/lib.js:579:25:579:28 | name | -| lib/lib.js:572:41:572:44 | name | lib/lib.js:579:25:579:28 | name | -| lib/lib.js:572:41:572:44 | name | lib/lib.js:579:25:579:28 | name | -| lib/lib.js:572:41:572:44 | name | lib/lib.js:590:29:590:32 | name | -| lib/lib.js:572:41:572:44 | name | lib/lib.js:590:29:590:32 | name | -| lib/lib.js:572:41:572:44 | name | lib/lib.js:590:29:590:32 | name | -| lib/lib.js:572:41:572:44 | name | lib/lib.js:590:29:590:32 | name | -| lib/lib.js:572:41:572:44 | name | lib/lib.js:593:25:593:28 | name | -| lib/lib.js:572:41:572:44 | name | lib/lib.js:593:25:593:28 | name | -| lib/lib.js:572:41:572:44 | name | lib/lib.js:593:25:593:28 | name | -| lib/lib.js:572:41:572:44 | name | lib/lib.js:593:25:593:28 | name | -| lib/lib.js:608:42:608:45 | name | lib/lib.js:609:22:609:25 | name | -| lib/lib.js:608:42:608:45 | name | lib/lib.js:609:22:609:25 | name | -| lib/lib.js:608:42:608:45 | name | lib/lib.js:609:22:609:25 | name | -| lib/lib.js:608:42:608:45 | name | lib/lib.js:609:22:609:25 | name | -| lib/lib.js:608:42:608:45 | name | lib/lib.js:626:29:626:32 | name | -| lib/lib.js:608:42:608:45 | name | lib/lib.js:626:29:626:32 | name | -| lib/lib.js:608:42:608:45 | name | lib/lib.js:626:29:626:32 | name | -| lib/lib.js:608:42:608:45 | name | lib/lib.js:626:29:626:32 | name | -| lib/lib.js:608:42:608:45 | name | lib/lib.js:629:25:629:28 | name | -| lib/lib.js:608:42:608:45 | name | lib/lib.js:629:25:629:28 | name | -| lib/lib.js:608:42:608:45 | name | lib/lib.js:629:25:629:28 | name | -| lib/lib.js:608:42:608:45 | name | lib/lib.js:629:25:629:28 | name | -| lib/subLib2/compiled-file.ts:3:26:3:29 | name | lib/subLib2/compiled-file.ts:4:25:4:28 | name | -| lib/subLib2/compiled-file.ts:3:26:3:29 | name | lib/subLib2/compiled-file.ts:4:25:4:28 | name | -| lib/subLib2/compiled-file.ts:3:26:3:29 | name | lib/subLib2/compiled-file.ts:4:25:4:28 | name | -| lib/subLib2/compiled-file.ts:3:26:3:29 | name | lib/subLib2/compiled-file.ts:4:25:4:28 | name | -| lib/subLib2/special-file.js:3:28:3:31 | name | lib/subLib2/special-file.js:4:22:4:25 | name | -| lib/subLib2/special-file.js:3:28:3:31 | name | lib/subLib2/special-file.js:4:22:4:25 | name | -| lib/subLib2/special-file.js:3:28:3:31 | name | lib/subLib2/special-file.js:4:22:4:25 | name | -| lib/subLib2/special-file.js:3:28:3:31 | name | lib/subLib2/special-file.js:4:22:4:25 | name | -| lib/subLib3/my-file.ts:3:28:3:31 | name | lib/subLib3/my-file.ts:4:22:4:25 | name | -| lib/subLib3/my-file.ts:3:28:3:31 | name | lib/subLib3/my-file.ts:4:22:4:25 | name | -| lib/subLib3/my-file.ts:3:28:3:31 | name | lib/subLib3/my-file.ts:4:22:4:25 | name | -| lib/subLib3/my-file.ts:3:28:3:31 | name | lib/subLib3/my-file.ts:4:22:4:25 | name | -| lib/subLib4/index.js:6:32:6:35 | name | lib/subLib4/index.js:7:18:7:21 | name | -| lib/subLib4/index.js:6:32:6:35 | name | lib/subLib4/index.js:7:18:7:21 | name | -| lib/subLib4/index.js:7:18:7:21 | name | lib/subLib4/subsub.js:3:28:3:31 | name | -| lib/subLib4/subsub.js:3:28:3:31 | name | lib/subLib4/subsub.js:4:22:4:25 | name | -| lib/subLib4/subsub.js:3:28:3:31 | name | lib/subLib4/subsub.js:4:22:4:25 | name | -| lib/subLib/amdSub.js:3:28:3:31 | name | lib/subLib/amdSub.js:4:22:4:25 | name | -| lib/subLib/amdSub.js:3:28:3:31 | name | lib/subLib/amdSub.js:4:22:4:25 | name | -| lib/subLib/amdSub.js:3:28:3:31 | name | lib/subLib/amdSub.js:4:22:4:25 | name | -| lib/subLib/amdSub.js:3:28:3:31 | name | lib/subLib/amdSub.js:4:22:4:25 | name | -| lib/subLib/index.js:3:28:3:31 | name | lib/subLib/index.js:4:22:4:25 | name | -| lib/subLib/index.js:3:28:3:31 | name | lib/subLib/index.js:4:22:4:25 | name | -| lib/subLib/index.js:3:28:3:31 | name | lib/subLib/index.js:4:22:4:25 | name | -| lib/subLib/index.js:3:28:3:31 | name | lib/subLib/index.js:4:22:4:25 | name | -| lib/subLib/index.js:7:32:7:35 | name | lib/subLib/index.js:8:22:8:25 | name | -| lib/subLib/index.js:7:32:7:35 | name | lib/subLib/index.js:8:22:8:25 | name | -| lib/subLib/index.js:7:32:7:35 | name | lib/subLib/index.js:8:22:8:25 | name | -| lib/subLib/index.js:7:32:7:35 | name | lib/subLib/index.js:8:22:8:25 | name | -| lib/subLib/index.js:13:44:13:46 | arr | lib/subLib/index.js:14:22:14:24 | arr | -| lib/subLib/index.js:13:44:13:46 | arr | lib/subLib/index.js:14:22:14:24 | arr | -| lib/subLib/index.js:13:44:13:46 | arr | lib/subLib/index.js:14:22:14:24 | arr | -| lib/subLib/index.js:13:44:13:46 | arr | lib/subLib/index.js:14:22:14:24 | arr | +| lib/isImported.js:5:49:5:52 | name | lib/isImported.js:6:22:6:25 | name | provenance | | +| lib/lib2.js:3:28:3:31 | name | lib/lib2.js:4:22:4:25 | name | provenance | | +| lib/lib2.js:7:32:7:35 | name | lib/lib2.js:8:22:8:25 | name | provenance | | +| lib/lib.js:3:28:3:31 | name | lib/lib.js:4:22:4:25 | name | provenance | | +| lib/lib.js:10:32:10:35 | name | lib/lib.js:11:22:11:25 | name | provenance | | +| lib/lib.js:14:36:14:39 | name | lib/lib.js:15:22:15:25 | name | provenance | | +| lib/lib.js:19:34:19:37 | name | lib/lib.js:20:22:20:25 | name | provenance | | +| lib/lib.js:26:35:26:38 | name | lib/lib.js:27:22:27:25 | name | provenance | | +| lib/lib.js:34:14:34:17 | name | lib/lib.js:35:23:35:26 | name | provenance | | +| lib/lib.js:37:13:37:16 | name | lib/lib.js:38:23:38:26 | name | provenance | | +| lib/lib.js:40:6:40:9 | name | lib/lib.js:41:23:41:26 | name | provenance | | +| lib/lib.js:49:31:49:34 | name | lib/lib.js:50:47:50:50 | name | provenance | | +| lib/lib.js:53:33:53:36 | name | lib/lib.js:54:25:54:28 | name | provenance | | +| lib/lib.js:53:33:53:36 | name | lib/lib.js:57:25:57:28 | name | provenance | | +| lib/lib.js:64:41:64:44 | name | lib/lib.js:65:22:65:25 | name | provenance | | +| lib/lib.js:64:41:64:44 | name | lib/lib.js:69:27:69:30 | name | provenance | | +| lib/lib.js:64:41:64:44 | name | lib/lib.js:71:28:71:31 | name | provenance | | +| lib/lib.js:64:41:64:44 | name | lib/lib.js:73:21:73:24 | name | provenance | | +| lib/lib.js:64:41:64:44 | name | lib/lib.js:75:20:75:23 | name | provenance | | +| lib/lib.js:64:41:64:44 | name | lib/lib.js:77:28:77:31 | name | provenance | | +| lib/lib.js:82:35:82:38 | name | lib/lib.js:83:22:83:25 | name | provenance | | +| lib/lib.js:82:35:82:38 | name | lib/lib.js:86:13:86:16 | name | provenance | | +| lib/lib.js:82:35:82:38 | name | lib/lib.js:89:21:89:24 | name | provenance | | +| lib/lib.js:82:35:82:38 | name | lib/lib.js:91:28:91:31 | name | provenance | | +| lib/lib.js:91:28:91:31 | name | lib/lib.js:91:21:91:38 | "\\"" + name + "\\"" | provenance | | +| lib/lib.js:97:35:97:38 | name | lib/lib.js:98:35:98:38 | name | provenance | | +| lib/lib.js:97:35:97:38 | name | lib/lib.js:100:37:100:40 | name | provenance | | +| lib/lib.js:97:35:97:38 | name | lib/lib.js:102:46:102:49 | name | provenance | | +| lib/lib.js:97:35:97:38 | name | lib/lib.js:108:41:108:44 | name | provenance | | +| lib/lib.js:111:34:111:37 | name | lib/lib.js:112:22:112:25 | name | provenance | | +| lib/lib.js:120:33:120:36 | name | lib/lib.js:121:22:121:25 | name | provenance | | +| lib/lib.js:130:6:130:9 | name | lib/lib.js:131:23:131:26 | name | provenance | | +| lib/lib.js:148:37:148:40 | name | lib/lib.js:149:24:149:27 | name | provenance | | +| lib/lib.js:155:38:155:41 | name | lib/lib.js:161:25:161:28 | name | provenance | | +| lib/lib.js:170:41:170:44 | name | lib/lib.js:173:20:173:23 | name | provenance | | +| lib/lib.js:177:38:177:41 | name | lib/lib.js:181:21:181:24 | name | provenance | | +| lib/lib.js:181:6:181:52 | broken | lib/lib.js:182:22:182:27 | broken | provenance | | +| lib/lib.js:181:21:181:24 | name | lib/lib.js:181:21:181:46 | name.re ... "'\\''") | provenance | | +| lib/lib.js:181:21:181:24 | name | lib/lib.js:181:21:181:46 | name.re ... "'\\''") | provenance | | +| lib/lib.js:181:21:181:46 | name.re ... "'\\''") | lib/lib.js:181:6:181:52 | broken | provenance | | +| lib/lib.js:186:34:186:37 | name | lib/lib.js:187:22:187:25 | name | provenance | | +| lib/lib.js:186:34:186:37 | name | lib/lib.js:190:23:190:26 | name | provenance | | +| lib/lib.js:196:45:196:48 | name | lib/lib.js:197:22:197:25 | name | provenance | | +| lib/lib.js:196:45:196:48 | name | lib/lib.js:200:23:200:26 | name | provenance | | +| lib/lib.js:206:45:206:48 | name | lib/lib.js:207:22:207:25 | name | provenance | | +| lib/lib.js:206:45:206:48 | name | lib/lib.js:212:23:212:26 | name | provenance | | +| lib/lib.js:216:39:216:42 | name | lib/lib.js:217:22:217:25 | name | provenance | | +| lib/lib.js:216:39:216:42 | name | lib/lib.js:220:23:220:26 | name | provenance | | +| lib/lib.js:216:39:216:42 | name | lib/lib.js:224:22:224:25 | name | provenance | | +| lib/lib.js:227:39:227:42 | name | lib/lib.js:228:22:228:25 | name | provenance | | +| lib/lib.js:227:39:227:42 | name | lib/lib.js:236:22:236:25 | name | provenance | | +| lib/lib.js:239:28:239:28 | s | lib/lib.js:245:9:245:9 | s | provenance | | +| lib/lib.js:248:42:248:45 | name | lib/lib.js:249:22:249:25 | name | provenance | | +| lib/lib.js:248:42:248:45 | name | lib/lib.js:251:27:251:30 | name | provenance | | +| lib/lib.js:251:6:251:31 | cleaned | lib/lib.js:253:22:253:28 | cleaned | provenance | | +| lib/lib.js:251:16:251:31 | cleanInput(name) | lib/lib.js:251:6:251:31 | cleaned | provenance | | +| lib/lib.js:251:27:251:30 | name | lib/lib.js:239:28:239:28 | s | provenance | | +| lib/lib.js:251:27:251:30 | name | lib/lib.js:251:16:251:31 | cleanInput(name) | provenance | | +| lib/lib.js:257:35:257:38 | name | lib/lib.js:258:22:258:25 | name | provenance | | +| lib/lib.js:257:35:257:38 | name | lib/lib.js:261:30:261:33 | name | provenance | | +| lib/lib.js:267:46:267:48 | obj | lib/lib.js:268:22:268:24 | obj | provenance | | +| lib/lib.js:268:22:268:24 | obj | lib/lib.js:268:22:268:32 | obj.version | provenance | | +| lib/lib.js:276:8:276:11 | opts | lib/lib.js:277:23:277:26 | opts | provenance | | +| lib/lib.js:276:8:276:11 | opts | lib/lib.js:279:19:279:22 | opts | provenance | | +| lib/lib.js:277:23:277:26 | opts | lib/lib.js:277:23:277:30 | opts.bla | provenance | | +| lib/lib.js:279:3:279:6 | [post update] this [opts, bla] | lib/lib.js:281:23:281:26 | this [opts, bla] | provenance | | +| lib/lib.js:279:3:279:11 | [post update] this.opts [bla] | lib/lib.js:279:3:279:6 | [post update] this [opts, bla] | provenance | | +| lib/lib.js:279:19:279:22 | opts | lib/lib.js:279:19:279:26 | opts.bla | provenance | | +| lib/lib.js:279:19:279:26 | opts.bla | lib/lib.js:279:3:279:11 | [post update] this.opts [bla] | provenance | | +| lib/lib.js:281:23:281:26 | this [opts, bla] | lib/lib.js:281:23:281:31 | this.opts [bla] | provenance | | +| lib/lib.js:281:23:281:31 | this.opts [bla] | lib/lib.js:281:23:281:35 | this.opts.bla | provenance | | +| lib/lib.js:307:39:307:42 | name | lib/lib.js:308:23:308:26 | name | provenance | | +| lib/lib.js:314:40:314:43 | name | lib/lib.js:315:22:315:25 | name | provenance | | +| lib/lib.js:314:40:314:43 | name | lib/lib.js:320:23:320:26 | name | provenance | | +| lib/lib.js:324:40:324:42 | arg | lib/lib.js:325:49:325:51 | arg | provenance | | +| lib/lib.js:329:13:329:13 | x | lib/lib.js:330:9:330:9 | x | provenance | | +| lib/lib.js:339:39:339:39 | n | lib/lib.js:340:25:340:25 | n | provenance | | +| lib/lib.js:340:25:340:25 | n | lib/lib.js:329:13:329:13 | x | provenance | | +| lib/lib.js:340:25:340:25 | n | lib/lib.js:340:22:340:26 | id(n) | provenance | | +| lib/lib.js:349:29:349:34 | unsafe | lib/lib.js:351:22:351:27 | unsafe | provenance | | +| lib/lib.js:405:39:405:42 | name | lib/lib.js:406:22:406:25 | name | provenance | | +| lib/lib.js:414:40:414:43 | name | lib/lib.js:415:22:415:25 | name | provenance | | +| lib/lib.js:414:40:414:43 | name | lib/lib.js:417:28:417:31 | name | provenance | | +| lib/lib.js:414:40:414:43 | name | lib/lib.js:418:25:418:28 | name | provenance | | +| lib/lib.js:414:40:414:43 | name | lib/lib.js:419:32:419:35 | name | provenance | | +| lib/lib.js:414:40:414:43 | name | lib/lib.js:420:29:420:32 | name | provenance | | +| lib/lib.js:414:40:414:43 | name | lib/lib.js:424:24:424:27 | name | provenance | | +| lib/lib.js:414:40:414:43 | name | lib/lib.js:426:11:426:14 | name | provenance | | +| lib/lib.js:414:40:414:43 | name | lib/lib.js:426:11:426:14 | name | provenance | | +| lib/lib.js:414:40:414:43 | name | lib/lib.js:428:36:428:39 | name | provenance | | +| lib/lib.js:425:6:425:13 | arr | lib/lib.js:427:14:427:16 | arr | provenance | | +| lib/lib.js:426:2:426:4 | [post update] arr | lib/lib.js:425:6:425:13 | arr | provenance | | +| lib/lib.js:426:11:426:14 | name | lib/lib.js:426:2:426:4 | [post update] arr | provenance | | +| lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | lib/lib.js:428:14:428:58 | build(" ... + '-') | provenance | | +| lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | lib/lib.js:431:23:431:26 | last | provenance | | +| lib/lib.js:428:36:428:39 | name | lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | provenance | | +| lib/lib.js:431:23:431:26 | last | lib/lib.js:436:19:436:22 | last | provenance | | +| lib/lib.js:431:23:431:26 | last | lib/lib.js:436:19:436:22 | last | provenance | | +| lib/lib.js:432:6:432:13 | arr | lib/lib.js:437:9:437:11 | arr | provenance | | +| lib/lib.js:436:10:436:12 | [post update] arr | lib/lib.js:432:6:432:13 | arr | provenance | | +| lib/lib.js:436:19:436:22 | last | lib/lib.js:436:10:436:12 | [post update] arr | provenance | | +| lib/lib.js:441:39:441:42 | name | lib/lib.js:442:24:442:27 | name | provenance | | +| lib/lib.js:446:20:446:23 | name | lib/lib.js:447:25:447:28 | name | provenance | | +| lib/lib.js:477:33:477:38 | config | lib/lib.js:478:27:478:32 | config | provenance | | +| lib/lib.js:478:27:478:32 | config | lib/lib.js:478:27:478:46 | config.installedPath | provenance | | +| lib/lib.js:482:40:482:43 | name | lib/lib.js:483:30:483:33 | name | provenance | | +| lib/lib.js:498:45:498:48 | name | lib/lib.js:499:31:499:34 | name | provenance | | +| lib/lib.js:509:39:509:42 | name | lib/lib.js:510:22:510:25 | name | provenance | | +| lib/lib.js:509:39:509:42 | name | lib/lib.js:513:23:513:26 | name | provenance | | +| lib/lib.js:509:39:509:42 | name | lib/lib.js:519:23:519:26 | name | provenance | | +| lib/lib.js:509:39:509:42 | name | lib/lib.js:525:23:525:26 | name | provenance | | +| lib/lib.js:509:39:509:42 | name | lib/lib.js:531:23:531:26 | name | provenance | | +| lib/lib.js:509:39:509:42 | name | lib/lib.js:537:23:537:26 | name | provenance | | +| lib/lib.js:509:39:509:42 | name | lib/lib.js:543:23:543:26 | name | provenance | | +| lib/lib.js:509:39:509:42 | name | lib/lib.js:545:23:545:26 | name | provenance | | +| lib/lib.js:550:39:550:42 | name | lib/lib.js:555:33:555:36 | name | provenance | | +| lib/lib.js:550:39:550:42 | name | lib/lib.js:555:33:555:36 | name | provenance | | +| lib/lib.js:551:33:551:36 | args | lib/lib.js:552:23:552:26 | args | provenance | | +| lib/lib.js:555:25:555:37 | ["-rf", name] | lib/lib.js:551:33:551:36 | args | provenance | | +| lib/lib.js:555:33:555:36 | name | lib/lib.js:555:25:555:37 | ["-rf", name] | provenance | | +| lib/lib.js:558:41:558:44 | name | lib/lib.js:560:26:560:29 | name | provenance | | +| lib/lib.js:558:41:558:44 | name | lib/lib.js:562:26:562:29 | name | provenance | | +| lib/lib.js:558:41:558:44 | name | lib/lib.js:566:26:566:29 | name | provenance | | +| lib/lib.js:572:41:572:44 | name | lib/lib.js:573:22:573:25 | name | provenance | | +| lib/lib.js:572:41:572:44 | name | lib/lib.js:579:25:579:28 | name | provenance | | +| lib/lib.js:572:41:572:44 | name | lib/lib.js:590:29:590:32 | name | provenance | | +| lib/lib.js:572:41:572:44 | name | lib/lib.js:593:25:593:28 | name | provenance | | +| lib/lib.js:608:42:608:45 | name | lib/lib.js:609:22:609:25 | name | provenance | | +| lib/lib.js:608:42:608:45 | name | lib/lib.js:626:29:626:32 | name | provenance | | +| lib/lib.js:608:42:608:45 | name | lib/lib.js:629:25:629:28 | name | provenance | | +| lib/subLib2/compiled-file.ts:3:26:3:29 | name | lib/subLib2/compiled-file.ts:4:25:4:28 | name | provenance | | +| lib/subLib2/special-file.js:3:28:3:31 | name | lib/subLib2/special-file.js:4:22:4:25 | name | provenance | | +| lib/subLib3/my-file.ts:3:28:3:31 | name | lib/subLib3/my-file.ts:4:22:4:25 | name | provenance | | +| lib/subLib4/index.js:6:32:6:35 | name | lib/subLib4/index.js:7:18:7:21 | name | provenance | | +| lib/subLib4/index.js:7:18:7:21 | name | lib/subLib4/subsub.js:3:28:3:31 | name | provenance | | +| lib/subLib4/subsub.js:3:28:3:31 | name | lib/subLib4/subsub.js:4:22:4:25 | name | provenance | | +| lib/subLib/amdSub.js:3:28:3:31 | name | lib/subLib/amdSub.js:4:22:4:25 | name | provenance | | +| lib/subLib/index.js:3:28:3:31 | name | lib/subLib/index.js:4:22:4:25 | name | provenance | | +| lib/subLib/index.js:7:32:7:35 | name | lib/subLib/index.js:8:22:8:25 | name | provenance | | +| lib/subLib/index.js:13:44:13:46 | arr | lib/subLib/index.js:14:22:14:24 | arr | provenance | | +nodes +| lib/isImported.js:5:49:5:52 | name | semmle.label | name | +| lib/isImported.js:6:22:6:25 | name | semmle.label | name | +| lib/lib2.js:3:28:3:31 | name | semmle.label | name | +| lib/lib2.js:4:22:4:25 | name | semmle.label | name | +| lib/lib2.js:7:32:7:35 | name | semmle.label | name | +| lib/lib2.js:8:22:8:25 | name | semmle.label | name | +| lib/lib.js:3:28:3:31 | name | semmle.label | name | +| lib/lib.js:4:22:4:25 | name | semmle.label | name | +| lib/lib.js:10:32:10:35 | name | semmle.label | name | +| lib/lib.js:11:22:11:25 | name | semmle.label | name | +| lib/lib.js:14:36:14:39 | name | semmle.label | name | +| lib/lib.js:15:22:15:25 | name | semmle.label | name | +| lib/lib.js:19:34:19:37 | name | semmle.label | name | +| lib/lib.js:20:22:20:25 | name | semmle.label | name | +| lib/lib.js:26:35:26:38 | name | semmle.label | name | +| lib/lib.js:27:22:27:25 | name | semmle.label | name | +| lib/lib.js:34:14:34:17 | name | semmle.label | name | +| lib/lib.js:35:23:35:26 | name | semmle.label | name | +| lib/lib.js:37:13:37:16 | name | semmle.label | name | +| lib/lib.js:38:23:38:26 | name | semmle.label | name | +| lib/lib.js:40:6:40:9 | name | semmle.label | name | +| lib/lib.js:41:23:41:26 | name | semmle.label | name | +| lib/lib.js:49:31:49:34 | name | semmle.label | name | +| lib/lib.js:50:47:50:50 | name | semmle.label | name | +| lib/lib.js:53:33:53:36 | name | semmle.label | name | +| lib/lib.js:54:25:54:28 | name | semmle.label | name | +| lib/lib.js:57:25:57:28 | name | semmle.label | name | +| lib/lib.js:64:41:64:44 | name | semmle.label | name | +| lib/lib.js:65:22:65:25 | name | semmle.label | name | +| lib/lib.js:69:27:69:30 | name | semmle.label | name | +| lib/lib.js:71:28:71:31 | name | semmle.label | name | +| lib/lib.js:73:21:73:24 | name | semmle.label | name | +| lib/lib.js:75:20:75:23 | name | semmle.label | name | +| lib/lib.js:77:28:77:31 | name | semmle.label | name | +| lib/lib.js:82:35:82:38 | name | semmle.label | name | +| lib/lib.js:83:22:83:25 | name | semmle.label | name | +| lib/lib.js:86:13:86:16 | name | semmle.label | name | +| lib/lib.js:89:21:89:24 | name | semmle.label | name | +| lib/lib.js:91:21:91:38 | "\\"" + name + "\\"" | semmle.label | "\\"" + name + "\\"" | +| lib/lib.js:91:28:91:31 | name | semmle.label | name | +| lib/lib.js:97:35:97:38 | name | semmle.label | name | +| lib/lib.js:98:35:98:38 | name | semmle.label | name | +| lib/lib.js:100:37:100:40 | name | semmle.label | name | +| lib/lib.js:102:46:102:49 | name | semmle.label | name | +| lib/lib.js:108:41:108:44 | name | semmle.label | name | +| lib/lib.js:111:34:111:37 | name | semmle.label | name | +| lib/lib.js:112:22:112:25 | name | semmle.label | name | +| lib/lib.js:120:33:120:36 | name | semmle.label | name | +| lib/lib.js:121:22:121:25 | name | semmle.label | name | +| lib/lib.js:130:6:130:9 | name | semmle.label | name | +| lib/lib.js:131:23:131:26 | name | semmle.label | name | +| lib/lib.js:148:37:148:40 | name | semmle.label | name | +| lib/lib.js:149:24:149:27 | name | semmle.label | name | +| lib/lib.js:155:38:155:41 | name | semmle.label | name | +| lib/lib.js:161:25:161:28 | name | semmle.label | name | +| lib/lib.js:170:41:170:44 | name | semmle.label | name | +| lib/lib.js:173:20:173:23 | name | semmle.label | name | +| lib/lib.js:177:38:177:41 | name | semmle.label | name | +| lib/lib.js:181:6:181:52 | broken | semmle.label | broken | +| lib/lib.js:181:21:181:24 | name | semmle.label | name | +| lib/lib.js:181:21:181:46 | name.re ... "'\\''") | semmle.label | name.re ... "'\\''") | +| lib/lib.js:181:21:181:46 | name.re ... "'\\''") | semmle.label | name.re ... "'\\''") | +| lib/lib.js:182:22:182:27 | broken | semmle.label | broken | +| lib/lib.js:186:34:186:37 | name | semmle.label | name | +| lib/lib.js:187:22:187:25 | name | semmle.label | name | +| lib/lib.js:190:23:190:26 | name | semmle.label | name | +| lib/lib.js:196:45:196:48 | name | semmle.label | name | +| lib/lib.js:197:22:197:25 | name | semmle.label | name | +| lib/lib.js:200:23:200:26 | name | semmle.label | name | +| lib/lib.js:206:45:206:48 | name | semmle.label | name | +| lib/lib.js:207:22:207:25 | name | semmle.label | name | +| lib/lib.js:212:23:212:26 | name | semmle.label | name | +| lib/lib.js:216:39:216:42 | name | semmle.label | name | +| lib/lib.js:217:22:217:25 | name | semmle.label | name | +| lib/lib.js:220:23:220:26 | name | semmle.label | name | +| lib/lib.js:224:22:224:25 | name | semmle.label | name | +| lib/lib.js:227:39:227:42 | name | semmle.label | name | +| lib/lib.js:228:22:228:25 | name | semmle.label | name | +| lib/lib.js:236:22:236:25 | name | semmle.label | name | +| lib/lib.js:239:28:239:28 | s | semmle.label | s | +| lib/lib.js:245:9:245:9 | s | semmle.label | s | +| lib/lib.js:248:42:248:45 | name | semmle.label | name | +| lib/lib.js:249:22:249:25 | name | semmle.label | name | +| lib/lib.js:251:6:251:31 | cleaned | semmle.label | cleaned | +| lib/lib.js:251:16:251:31 | cleanInput(name) | semmle.label | cleanInput(name) | +| lib/lib.js:251:27:251:30 | name | semmle.label | name | +| lib/lib.js:253:22:253:28 | cleaned | semmle.label | cleaned | +| lib/lib.js:257:35:257:38 | name | semmle.label | name | +| lib/lib.js:258:22:258:25 | name | semmle.label | name | +| lib/lib.js:261:30:261:33 | name | semmle.label | name | +| lib/lib.js:267:46:267:48 | obj | semmle.label | obj | +| lib/lib.js:268:22:268:24 | obj | semmle.label | obj | +| lib/lib.js:268:22:268:32 | obj.version | semmle.label | obj.version | +| lib/lib.js:276:8:276:11 | opts | semmle.label | opts | +| lib/lib.js:277:23:277:26 | opts | semmle.label | opts | +| lib/lib.js:277:23:277:30 | opts.bla | semmle.label | opts.bla | +| lib/lib.js:279:3:279:6 | [post update] this [opts, bla] | semmle.label | [post update] this [opts, bla] | +| lib/lib.js:279:3:279:11 | [post update] this.opts [bla] | semmle.label | [post update] this.opts [bla] | +| lib/lib.js:279:19:279:22 | opts | semmle.label | opts | +| lib/lib.js:279:19:279:26 | opts.bla | semmle.label | opts.bla | +| lib/lib.js:281:23:281:26 | this [opts, bla] | semmle.label | this [opts, bla] | +| lib/lib.js:281:23:281:31 | this.opts [bla] | semmle.label | this.opts [bla] | +| lib/lib.js:281:23:281:35 | this.opts.bla | semmle.label | this.opts.bla | +| lib/lib.js:307:39:307:42 | name | semmle.label | name | +| lib/lib.js:308:23:308:26 | name | semmle.label | name | +| lib/lib.js:314:40:314:43 | name | semmle.label | name | +| lib/lib.js:315:22:315:25 | name | semmle.label | name | +| lib/lib.js:320:23:320:26 | name | semmle.label | name | +| lib/lib.js:324:40:324:42 | arg | semmle.label | arg | +| lib/lib.js:325:49:325:51 | arg | semmle.label | arg | +| lib/lib.js:329:13:329:13 | x | semmle.label | x | +| lib/lib.js:330:9:330:9 | x | semmle.label | x | +| lib/lib.js:339:39:339:39 | n | semmle.label | n | +| lib/lib.js:340:22:340:26 | id(n) | semmle.label | id(n) | +| lib/lib.js:340:25:340:25 | n | semmle.label | n | +| lib/lib.js:349:29:349:34 | unsafe | semmle.label | unsafe | +| lib/lib.js:351:22:351:27 | unsafe | semmle.label | unsafe | +| lib/lib.js:405:39:405:42 | name | semmle.label | name | +| lib/lib.js:406:22:406:25 | name | semmle.label | name | +| lib/lib.js:414:40:414:43 | name | semmle.label | name | +| lib/lib.js:415:22:415:25 | name | semmle.label | name | +| lib/lib.js:417:28:417:31 | name | semmle.label | name | +| lib/lib.js:418:25:418:28 | name | semmle.label | name | +| lib/lib.js:419:32:419:35 | name | semmle.label | name | +| lib/lib.js:420:29:420:32 | name | semmle.label | name | +| lib/lib.js:424:24:424:27 | name | semmle.label | name | +| lib/lib.js:425:6:425:13 | arr | semmle.label | arr | +| lib/lib.js:426:2:426:4 | [post update] arr | semmle.label | [post update] arr | +| lib/lib.js:426:11:426:14 | name | semmle.label | name | +| lib/lib.js:426:11:426:14 | name | semmle.label | name | +| lib/lib.js:427:14:427:16 | arr | semmle.label | arr | +| lib/lib.js:428:14:428:58 | build(" ... + '-') | semmle.label | build(" ... + '-') | +| lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | semmle.label | (name ? ... ) + '-' | +| lib/lib.js:428:36:428:39 | name | semmle.label | name | +| lib/lib.js:431:23:431:26 | last | semmle.label | last | +| lib/lib.js:432:6:432:13 | arr | semmle.label | arr | +| lib/lib.js:436:10:436:12 | [post update] arr | semmle.label | [post update] arr | +| lib/lib.js:436:19:436:22 | last | semmle.label | last | +| lib/lib.js:436:19:436:22 | last | semmle.label | last | +| lib/lib.js:437:9:437:11 | arr | semmle.label | arr | +| lib/lib.js:441:39:441:42 | name | semmle.label | name | +| lib/lib.js:442:24:442:27 | name | semmle.label | name | +| lib/lib.js:446:20:446:23 | name | semmle.label | name | +| lib/lib.js:447:25:447:28 | name | semmle.label | name | +| lib/lib.js:477:33:477:38 | config | semmle.label | config | +| lib/lib.js:478:27:478:32 | config | semmle.label | config | +| lib/lib.js:478:27:478:46 | config.installedPath | semmle.label | config.installedPath | +| lib/lib.js:482:40:482:43 | name | semmle.label | name | +| lib/lib.js:483:30:483:33 | name | semmle.label | name | +| lib/lib.js:498:45:498:48 | name | semmle.label | name | +| lib/lib.js:499:31:499:34 | name | semmle.label | name | +| lib/lib.js:509:39:509:42 | name | semmle.label | name | +| lib/lib.js:510:22:510:25 | name | semmle.label | name | +| lib/lib.js:513:23:513:26 | name | semmle.label | name | +| lib/lib.js:519:23:519:26 | name | semmle.label | name | +| lib/lib.js:525:23:525:26 | name | semmle.label | name | +| lib/lib.js:531:23:531:26 | name | semmle.label | name | +| lib/lib.js:537:23:537:26 | name | semmle.label | name | +| lib/lib.js:543:23:543:26 | name | semmle.label | name | +| lib/lib.js:545:23:545:26 | name | semmle.label | name | +| lib/lib.js:550:39:550:42 | name | semmle.label | name | +| lib/lib.js:551:33:551:36 | args | semmle.label | args | +| lib/lib.js:552:23:552:26 | args | semmle.label | args | +| lib/lib.js:555:25:555:37 | ["-rf", name] | semmle.label | ["-rf", name] | +| lib/lib.js:555:33:555:36 | name | semmle.label | name | +| lib/lib.js:555:33:555:36 | name | semmle.label | name | +| lib/lib.js:558:41:558:44 | name | semmle.label | name | +| lib/lib.js:560:26:560:29 | name | semmle.label | name | +| lib/lib.js:562:26:562:29 | name | semmle.label | name | +| lib/lib.js:566:26:566:29 | name | semmle.label | name | +| lib/lib.js:572:41:572:44 | name | semmle.label | name | +| lib/lib.js:573:22:573:25 | name | semmle.label | name | +| lib/lib.js:579:25:579:28 | name | semmle.label | name | +| lib/lib.js:590:29:590:32 | name | semmle.label | name | +| lib/lib.js:593:25:593:28 | name | semmle.label | name | +| lib/lib.js:608:42:608:45 | name | semmle.label | name | +| lib/lib.js:609:22:609:25 | name | semmle.label | name | +| lib/lib.js:626:29:626:32 | name | semmle.label | name | +| lib/lib.js:629:25:629:28 | name | semmle.label | name | +| lib/subLib2/compiled-file.ts:3:26:3:29 | name | semmle.label | name | +| lib/subLib2/compiled-file.ts:4:25:4:28 | name | semmle.label | name | +| lib/subLib2/special-file.js:3:28:3:31 | name | semmle.label | name | +| lib/subLib2/special-file.js:4:22:4:25 | name | semmle.label | name | +| lib/subLib3/my-file.ts:3:28:3:31 | name | semmle.label | name | +| lib/subLib3/my-file.ts:4:22:4:25 | name | semmle.label | name | +| lib/subLib4/index.js:6:32:6:35 | name | semmle.label | name | +| lib/subLib4/index.js:7:18:7:21 | name | semmle.label | name | +| lib/subLib4/subsub.js:3:28:3:31 | name | semmle.label | name | +| lib/subLib4/subsub.js:4:22:4:25 | name | semmle.label | name | +| lib/subLib/amdSub.js:3:28:3:31 | name | semmle.label | name | +| lib/subLib/amdSub.js:4:22:4:25 | name | semmle.label | name | +| lib/subLib/index.js:3:28:3:31 | name | semmle.label | name | +| lib/subLib/index.js:4:22:4:25 | name | semmle.label | name | +| lib/subLib/index.js:7:32:7:35 | name | semmle.label | name | +| lib/subLib/index.js:8:22:8:25 | name | semmle.label | name | +| lib/subLib/index.js:13:44:13:46 | arr | semmle.label | arr | +| lib/subLib/index.js:14:22:14:24 | arr | semmle.label | arr | +subpaths +| lib/lib.js:251:27:251:30 | name | lib/lib.js:239:28:239:28 | s | lib/lib.js:245:9:245:9 | s | lib/lib.js:251:16:251:31 | cleanInput(name) | +| lib/lib.js:340:25:340:25 | n | lib/lib.js:329:13:329:13 | x | lib/lib.js:330:9:330:9 | x | lib/lib.js:340:22:340:26 | id(n) | +| lib/lib.js:428:28:428:57 | (name ? ... ) + '-' | lib/lib.js:431:23:431:26 | last | lib/lib.js:437:9:437:11 | arr | lib/lib.js:428:14:428:58 | build(" ... + '-') | #select | lib/isImported.js:6:10:6:25 | "rm -rf " + name | lib/isImported.js:5:49:5:52 | name | lib/isImported.js:6:22:6:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/isImported.js:5:49:5:52 | name | library input | lib/isImported.js:6:2:6:26 | cp.exec ... + name) | shell command | | lib/lib2.js:4:10:4:25 | "rm -rf " + name | lib/lib2.js:3:28:3:31 | name | lib/lib2.js:4:22:4:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib2.js:3:28:3:31 | name | library input | lib/lib2.js:4:2:4:26 | cp.exec ... + name) | shell command | @@ -831,6 +390,7 @@ edges | lib/lib.js:228:10:228:25 | "rm -rf " + name | lib/lib.js:227:39:227:42 | name | lib/lib.js:228:22:228:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:227:39:227:42 | name | library input | lib/lib.js:228:2:228:26 | cp.exec ... + name) | shell command | | lib/lib.js:236:10:236:25 | "rm -rf " + name | lib/lib.js:227:39:227:42 | name | lib/lib.js:236:22:236:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:227:39:227:42 | name | library input | lib/lib.js:236:2:236:26 | cp.exec ... + name) | shell command | | lib/lib.js:249:10:249:25 | "rm -rf " + name | lib/lib.js:248:42:248:45 | name | lib/lib.js:249:22:249:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:248:42:248:45 | name | library input | lib/lib.js:249:2:249:26 | cp.exec ... + name) | shell command | +| lib/lib.js:253:10:253:28 | "rm -rf " + cleaned | lib/lib.js:248:42:248:45 | name | lib/lib.js:253:22:253:28 | cleaned | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:248:42:248:45 | name | library input | lib/lib.js:253:2:253:29 | cp.exec ... leaned) | shell command | | lib/lib.js:258:10:258:25 | "rm -rf " + name | lib/lib.js:257:35:257:38 | name | lib/lib.js:258:22:258:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:257:35:257:38 | name | library input | lib/lib.js:258:2:258:26 | cp.exec ... + name) | shell command | | lib/lib.js:261:11:261:33 | "rm -rf ... + name | lib/lib.js:257:35:257:38 | name | lib/lib.js:261:30:261:33 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:257:35:257:38 | name | library input | lib/lib.js:261:3:261:34 | cp.exec ... + name) | shell command | | lib/lib.js:268:10:268:32 | "rm -rf ... version | lib/lib.js:267:46:267:48 | obj | lib/lib.js:268:22:268:32 | obj.version | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:267:46:267:48 | obj | library input | lib/lib.js:268:2:268:33 | cp.exec ... ersion) | shell command | @@ -842,7 +402,6 @@ edges | lib/lib.js:325:12:325:51 | "MyWind ... " + arg | lib/lib.js:324:40:324:42 | arg | lib/lib.js:325:49:325:51 | arg | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:324:40:324:42 | arg | library input | lib/lib.js:326:2:326:13 | cp.exec(cmd) | shell command | | lib/lib.js:340:10:340:26 | "rm -rf " + id(n) | lib/lib.js:339:39:339:39 | n | lib/lib.js:340:22:340:26 | id(n) | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:339:39:339:39 | n | library input | lib/lib.js:340:2:340:27 | cp.exec ... id(n)) | shell command | | lib/lib.js:351:10:351:27 | "rm -rf " + unsafe | lib/lib.js:349:29:349:34 | unsafe | lib/lib.js:351:22:351:27 | unsafe | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:349:29:349:34 | unsafe | library input | lib/lib.js:351:2:351:28 | cp.exec ... unsafe) | shell command | -| lib/lib.js:366:17:366:56 | "learn ... + model | lib/lib.js:360:20:360:23 | opts | lib/lib.js:366:28:366:42 | this.learn_args | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:360:20:360:23 | opts | library input | lib/lib.js:367:3:367:18 | cp.exec(command) | shell command | | lib/lib.js:406:10:406:25 | "rm -rf " + name | lib/lib.js:405:39:405:42 | name | lib/lib.js:406:22:406:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:405:39:405:42 | name | library input | lib/lib.js:406:2:406:26 | cp.exec ... + name) | shell command | | lib/lib.js:415:10:415:25 | "rm -rf " + name | lib/lib.js:414:40:414:43 | name | lib/lib.js:415:22:415:25 | name | This string concatenation which depends on $@ is later used in a $@. | lib/lib.js:414:40:414:43 | name | library input | lib/lib.js:415:2:415:26 | cp.exec ... + name) | shell command | | lib/lib.js:417:28:417:31 | name | lib/lib.js:414:40:414:43 | name | lib/lib.js:417:28:417:31 | name | This shell argument which depends on $@ is later used in a $@. | lib/lib.js:414:40:414:43 | name | library input | lib/lib.js:417:2:417:66 | cp.exec ... => {}) | shell command | diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/ConsistencyDomBasedXss.expected b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/ConsistencyDomBasedXss.expected index e69de29bb2d1..3ea47160e92b 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/ConsistencyDomBasedXss.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/ConsistencyDomBasedXss.expected @@ -0,0 +1,3 @@ +| query-tests/Security/CWE-079/DomBasedXss/sanitiser.js:25 | did not expect an alert, but found an alert for HtmlInjection | OK | ConsistencyConfig | +| query-tests/Security/CWE-079/DomBasedXss/sanitiser.js:28 | did not expect an alert, but found an alert for HtmlInjection | OK | ConsistencyConfig | +| query-tests/Security/CWE-079/DomBasedXss/sanitiser.js:35 | did not expect an alert, but found an alert for HtmlInjection | OK | ConsistencyConfig | diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/ConsistencyDomBasedXss.ql b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/ConsistencyDomBasedXss.ql index 639a895263a0..cb88a7a2a260 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/ConsistencyDomBasedXss.ql +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/ConsistencyDomBasedXss.ql @@ -1,3 +1,9 @@ import javascript import testUtilities.ConsistencyChecking -import semmle.javascript.security.dataflow.DomBasedXssQuery as DomXss +import semmle.javascript.security.dataflow.DomBasedXssQuery + +class ConsistencyConfig extends ConsistencyConfiguration { + ConsistencyConfig() { this = "ConsistencyConfig" } + + override DataFlow::Node getAnAlert() { DomBasedXssFlow::flow(_, result) } +} diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected index 0cb0cc99c203..46dbe7ac4313 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected @@ -1,2394 +1,1230 @@ nodes -| addEventListener.js:1:43:1:47 | event | -| addEventListener.js:1:43:1:47 | event | -| addEventListener.js:1:43:1:47 | event | -| addEventListener.js:2:20:2:24 | event | -| addEventListener.js:2:20:2:24 | event | -| addEventListener.js:2:20:2:29 | event.data | -| addEventListener.js:2:20:2:29 | event.data | -| addEventListener.js:2:20:2:29 | event.data | -| addEventListener.js:5:43:5:48 | data | -| addEventListener.js:5:43:5:48 | data | -| addEventListener.js:5:43:5:48 | {data} | -| addEventListener.js:5:43:5:48 | {data} | -| addEventListener.js:5:43:5:48 | {data} | -| addEventListener.js:5:44:5:47 | data | -| addEventListener.js:5:44:5:47 | data | -| addEventListener.js:6:20:6:23 | data | -| addEventListener.js:6:20:6:23 | data | -| addEventListener.js:6:20:6:23 | data | -| addEventListener.js:10:21:10:25 | event | -| addEventListener.js:10:21:10:25 | event | -| addEventListener.js:10:21:10:25 | event | -| addEventListener.js:12:24:12:28 | event | -| addEventListener.js:12:24:12:28 | event | -| addEventListener.js:12:24:12:33 | event.data | -| addEventListener.js:12:24:12:33 | event.data | -| addEventListener.js:12:24:12:33 | event.data | -| angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | -| angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | -| angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | -| angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | -| angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:26:44:26:71 | this.ro ... ragment | -| angular2-client.ts:26:44:26:71 | this.ro ... ragment | -| angular2-client.ts:26:44:26:71 | this.ro ... ragment | -| angular2-client.ts:26:44:26:71 | this.ro ... ragment | -| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | -| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | -| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | -| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | -| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | -| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | -| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | -| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | -| angular2-client.ts:30:46:30:59 | map.get('foo') | -| angular2-client.ts:30:46:30:59 | map.get('foo') | -| angular2-client.ts:30:46:30:59 | map.get('foo') | -| angular2-client.ts:30:46:30:59 | map.get('foo') | -| angular2-client.ts:33:44:33:74 | this.ro ... 1].path | -| angular2-client.ts:33:44:33:74 | this.ro ... 1].path | -| angular2-client.ts:33:44:33:74 | this.ro ... 1].path | -| angular2-client.ts:33:44:33:74 | this.ro ... 1].path | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | -| angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:35:44:35:91 | this.ro ... et('x') | -| angular2-client.ts:35:44:35:91 | this.ro ... et('x') | -| angular2-client.ts:35:44:35:91 | this.ro ... et('x') | -| angular2-client.ts:35:44:35:91 | this.ro ... et('x') | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | -| angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:38:44:38:58 | this.router.url | -| angular2-client.ts:38:44:38:58 | this.router.url | -| angular2-client.ts:38:44:38:58 | this.router.url | -| angular2-client.ts:40:45:40:59 | this.router.url | -| angular2-client.ts:40:45:40:59 | this.router.url | -| angular2-client.ts:40:45:40:59 | this.router.url | -| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | -| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | -| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | -| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | -| classnames.js:7:31:7:84 | `` | -| classnames.js:7:31:7:84 | `` | -| classnames.js:7:47:7:69 | classNa ... w.name) | -| classnames.js:7:58:7:68 | window.name | -| classnames.js:7:58:7:68 | window.name | -| classnames.js:8:31:8:85 | `` | -| classnames.js:8:31:8:85 | `` | -| classnames.js:8:47:8:70 | classNa ... w.name) | -| classnames.js:8:59:8:69 | window.name | -| classnames.js:8:59:8:69 | window.name | -| classnames.js:9:31:9:85 | `` | -| classnames.js:9:31:9:85 | `` | -| classnames.js:9:47:9:70 | classNa ... w.name) | -| classnames.js:9:59:9:69 | window.name | -| classnames.js:9:59:9:69 | window.name | -| classnames.js:10:45:10:55 | window.name | -| classnames.js:10:45:10:55 | window.name | -| classnames.js:11:31:11:79 | `` | -| classnames.js:11:31:11:79 | `` | -| classnames.js:11:47:11:64 | unsafeStyle('foo') | -| classnames.js:13:31:13:83 | `` | -| classnames.js:13:31:13:83 | `` | -| classnames.js:13:47:13:68 | safeSty ... w.name) | -| classnames.js:13:57:13:67 | window.name | -| classnames.js:13:57:13:67 | window.name | -| classnames.js:15:31:15:78 | `` | -| classnames.js:15:31:15:78 | `` | -| classnames.js:15:47:15:63 | clsx(window.name) | -| classnames.js:15:52:15:62 | window.name | -| classnames.js:15:52:15:62 | window.name | -| classnames.js:17:32:17:79 | `` | -| classnames.js:17:32:17:79 | `` | -| classnames.js:17:48:17:64 | clsx(window.name) | -| classnames.js:17:53:17:63 | window.name | -| classnames.js:17:53:17:63 | window.name | -| clipboard.ts:8:11:8:51 | html | -| clipboard.ts:8:11:8:51 | html | -| clipboard.ts:8:18:8:51 | clipboa ... /html') | -| clipboard.ts:8:18:8:51 | clipboa ... /html') | -| clipboard.ts:8:18:8:51 | clipboa ... /html') | -| clipboard.ts:15:25:15:28 | html | -| clipboard.ts:15:25:15:28 | html | -| clipboard.ts:15:25:15:28 | html | -| clipboard.ts:24:23:24:58 | e.clipb ... /html') | -| clipboard.ts:24:23:24:58 | e.clipb ... /html') | -| clipboard.ts:24:23:24:58 | e.clipb ... /html') | -| clipboard.ts:24:23:24:58 | e.clipb ... /html') | -| clipboard.ts:29:19:29:54 | e.clipb ... /html') | -| clipboard.ts:29:19:29:54 | e.clipb ... /html') | -| clipboard.ts:29:19:29:54 | e.clipb ... /html') | -| clipboard.ts:29:19:29:54 | e.clipb ... /html') | -| clipboard.ts:33:19:33:68 | e.origi ... /html') | -| clipboard.ts:33:19:33:68 | e.origi ... /html') | -| clipboard.ts:33:19:33:68 | e.origi ... /html') | -| clipboard.ts:33:19:33:68 | e.origi ... /html') | -| clipboard.ts:43:15:43:55 | html | -| clipboard.ts:43:15:43:55 | html | -| clipboard.ts:43:22:43:55 | clipboa ... /html') | -| clipboard.ts:43:22:43:55 | clipboa ... /html') | -| clipboard.ts:43:22:43:55 | clipboa ... /html') | -| clipboard.ts:50:29:50:32 | html | -| clipboard.ts:50:29:50:32 | html | -| clipboard.ts:50:29:50:32 | html | -| clipboard.ts:71:13:71:62 | droppedHtml | -| clipboard.ts:71:13:71:62 | droppedHtml | -| clipboard.ts:71:27:71:62 | e.clipb ... /html') | -| clipboard.ts:71:27:71:62 | e.clipb ... /html') | -| clipboard.ts:71:27:71:62 | e.clipb ... /html') | -| clipboard.ts:73:29:73:39 | droppedHtml | -| clipboard.ts:73:29:73:39 | droppedHtml | -| clipboard.ts:73:29:73:39 | droppedHtml | -| clipboard.ts:98:15:98:54 | html | -| clipboard.ts:98:15:98:54 | html | -| clipboard.ts:98:22:98:54 | dataTra ... /html') | -| clipboard.ts:98:22:98:54 | dataTra ... /html') | -| clipboard.ts:98:22:98:54 | dataTra ... /html') | -| clipboard.ts:99:23:99:26 | html | -| clipboard.ts:99:23:99:26 | html | -| clipboard.ts:99:23:99:26 | html | -| custom-element.js:5:26:5:36 | window.name | -| custom-element.js:5:26:5:36 | window.name | -| custom-element.js:5:26:5:36 | window.name | -| custom-element.js:5:26:5:36 | window.name | -| d3.js:4:12:4:22 | window.name | -| d3.js:4:12:4:22 | window.name | -| d3.js:4:12:4:22 | window.name | -| d3.js:11:15:11:24 | getTaint() | -| d3.js:11:15:11:24 | getTaint() | -| d3.js:11:15:11:24 | getTaint() | -| d3.js:12:20:12:29 | getTaint() | -| d3.js:12:20:12:29 | getTaint() | -| d3.js:12:20:12:29 | getTaint() | -| d3.js:14:20:14:29 | getTaint() | -| d3.js:14:20:14:29 | getTaint() | -| d3.js:14:20:14:29 | getTaint() | -| d3.js:21:15:21:24 | getTaint() | -| d3.js:21:15:21:24 | getTaint() | -| d3.js:21:15:21:24 | getTaint() | -| dates.js:9:9:9:69 | taint | -| dates.js:9:9:9:69 | taint | -| dates.js:9:17:9:69 | decodeU ... ing(1)) | -| dates.js:9:17:9:69 | decodeU ... ing(1)) | -| dates.js:9:36:9:55 | window.location.hash | -| dates.js:9:36:9:55 | window.location.hash | -| dates.js:9:36:9:68 | window. ... ring(1) | -| dates.js:9:36:9:68 | window. ... ring(1) | -| dates.js:11:31:11:70 | `Time i ... aint)}` | -| dates.js:11:31:11:70 | `Time i ... aint)}` | -| dates.js:11:31:11:70 | `Time i ... aint)}` | -| dates.js:11:42:11:68 | dateFns ... taint) | -| dates.js:11:42:11:68 | dateFns ... taint) | -| dates.js:11:63:11:67 | taint | -| dates.js:11:63:11:67 | taint | -| dates.js:12:31:12:73 | `Time i ... aint)}` | -| dates.js:12:31:12:73 | `Time i ... aint)}` | -| dates.js:12:31:12:73 | `Time i ... aint)}` | -| dates.js:12:42:12:71 | dateFns ... taint) | -| dates.js:12:42:12:71 | dateFns ... taint) | -| dates.js:12:66:12:70 | taint | -| dates.js:12:66:12:70 | taint | -| dates.js:13:31:13:72 | `Time i ... time)}` | -| dates.js:13:31:13:72 | `Time i ... time)}` | -| dates.js:13:31:13:72 | `Time i ... time)}` | -| dates.js:13:42:13:70 | dateFns ... )(time) | -| dates.js:13:42:13:70 | dateFns ... )(time) | -| dates.js:13:59:13:63 | taint | -| dates.js:13:59:13:63 | taint | -| dates.js:16:31:16:69 | `Time i ... aint)}` | -| dates.js:16:31:16:69 | `Time i ... aint)}` | -| dates.js:16:31:16:69 | `Time i ... aint)}` | -| dates.js:16:42:16:67 | moment( ... (taint) | -| dates.js:16:42:16:67 | moment( ... (taint) | -| dates.js:16:62:16:66 | taint | -| dates.js:16:62:16:66 | taint | -| dates.js:18:31:18:66 | `Time i ... aint)}` | -| dates.js:18:31:18:66 | `Time i ... aint)}` | -| dates.js:18:31:18:66 | `Time i ... aint)}` | -| dates.js:18:42:18:64 | datefor ... taint) | -| dates.js:18:42:18:64 | datefor ... taint) | -| dates.js:18:59:18:63 | taint | -| dates.js:18:59:18:63 | taint | -| dates.js:21:31:21:68 | `Time i ... aint)}` | -| dates.js:21:31:21:68 | `Time i ... aint)}` | -| dates.js:21:31:21:68 | `Time i ... aint)}` | -| dates.js:21:42:21:66 | dayjs(t ... (taint) | -| dates.js:21:42:21:66 | dayjs(t ... (taint) | -| dates.js:21:61:21:65 | taint | -| dates.js:21:61:21:65 | taint | -| dates.js:30:9:30:69 | taint | -| dates.js:30:9:30:69 | taint | -| dates.js:30:17:30:69 | decodeU ... ing(1)) | -| dates.js:30:17:30:69 | decodeU ... ing(1)) | -| dates.js:30:36:30:55 | window.location.hash | -| dates.js:30:36:30:55 | window.location.hash | -| dates.js:30:36:30:68 | window. ... ring(1) | -| dates.js:30:36:30:68 | window. ... ring(1) | -| dates.js:37:31:37:84 | `Time i ... aint)}` | -| dates.js:37:31:37:84 | `Time i ... aint)}` | -| dates.js:37:31:37:84 | `Time i ... aint)}` | -| dates.js:37:42:37:82 | dateFns ... taint) | -| dates.js:37:42:37:82 | dateFns ... taint) | -| dates.js:37:77:37:81 | taint | -| dates.js:37:77:37:81 | taint | -| dates.js:38:31:38:84 | `Time i ... aint)}` | -| dates.js:38:31:38:84 | `Time i ... aint)}` | -| dates.js:38:31:38:84 | `Time i ... aint)}` | -| dates.js:38:42:38:82 | luxon.f ... taint) | -| dates.js:38:42:38:82 | luxon.f ... taint) | -| dates.js:38:77:38:81 | taint | -| dates.js:38:77:38:81 | taint | -| dates.js:39:31:39:86 | `Time i ... aint)}` | -| dates.js:39:31:39:86 | `Time i ... aint)}` | -| dates.js:39:31:39:86 | `Time i ... aint)}` | -| dates.js:39:42:39:84 | moment. ... taint) | -| dates.js:39:42:39:84 | moment. ... taint) | -| dates.js:39:79:39:83 | taint | -| dates.js:39:79:39:83 | taint | -| dates.js:40:31:40:84 | `Time i ... aint)}` | -| dates.js:40:31:40:84 | `Time i ... aint)}` | -| dates.js:40:31:40:84 | `Time i ... aint)}` | -| dates.js:40:42:40:82 | dayjs.f ... taint) | -| dates.js:40:42:40:82 | dayjs.f ... taint) | -| dates.js:40:77:40:81 | taint | -| dates.js:40:77:40:81 | taint | -| dates.js:46:9:46:69 | taint | -| dates.js:46:9:46:69 | taint | -| dates.js:46:17:46:69 | decodeU ... ing(1)) | -| dates.js:46:17:46:69 | decodeU ... ing(1)) | -| dates.js:46:36:46:55 | window.location.hash | -| dates.js:46:36:46:55 | window.location.hash | -| dates.js:46:36:46:68 | window. ... ring(1) | -| dates.js:46:36:46:68 | window. ... ring(1) | -| dates.js:48:31:48:90 | `Time i ... aint)}` | -| dates.js:48:31:48:90 | `Time i ... aint)}` | -| dates.js:48:31:48:90 | `Time i ... aint)}` | -| dates.js:48:42:48:88 | DateTim ... (taint) | -| dates.js:48:42:48:88 | DateTim ... (taint) | -| dates.js:48:83:48:87 | taint | -| dates.js:48:83:48:87 | taint | -| dates.js:49:31:49:89 | `Time i ... aint)}` | -| dates.js:49:31:49:89 | `Time i ... aint)}` | -| dates.js:49:31:49:89 | `Time i ... aint)}` | -| dates.js:49:42:49:87 | new Dat ... (taint) | -| dates.js:49:42:49:87 | new Dat ... (taint) | -| dates.js:49:82:49:86 | taint | -| dates.js:49:82:49:86 | taint | -| dates.js:50:31:50:104 | `Time i ... aint)}` | -| dates.js:50:31:50:104 | `Time i ... aint)}` | -| dates.js:50:31:50:104 | `Time i ... aint)}` | -| dates.js:50:42:50:102 | DateTim ... (taint) | -| dates.js:50:42:50:102 | DateTim ... (taint) | -| dates.js:50:97:50:101 | taint | -| dates.js:50:97:50:101 | taint | -| dates.js:54:9:54:69 | taint | -| dates.js:54:9:54:69 | taint | -| dates.js:54:17:54:69 | decodeU ... ing(1)) | -| dates.js:54:17:54:69 | decodeU ... ing(1)) | -| dates.js:54:36:54:55 | window.location.hash | -| dates.js:54:36:54:55 | window.location.hash | -| dates.js:54:36:54:68 | window. ... ring(1) | -| dates.js:54:36:54:68 | window. ... ring(1) | -| dates.js:57:31:57:101 | `Time i ... aint)}` | -| dates.js:57:31:57:101 | `Time i ... aint)}` | -| dates.js:57:31:57:101 | `Time i ... aint)}` | -| dates.js:57:42:57:99 | moment. ... (taint) | -| dates.js:57:42:57:99 | moment. ... (taint) | -| dates.js:57:94:57:98 | taint | -| dates.js:57:94:57:98 | taint | -| dates.js:59:31:59:87 | `Time i ... aint)}` | -| dates.js:59:31:59:87 | `Time i ... aint)}` | -| dates.js:59:31:59:87 | `Time i ... aint)}` | -| dates.js:59:42:59:85 | luxon.e ... (taint) | -| dates.js:59:42:59:85 | luxon.e ... (taint) | -| dates.js:59:80:59:84 | taint | -| dates.js:59:80:59:84 | taint | -| dates.js:61:31:61:88 | `Time i ... aint)}` | -| dates.js:61:31:61:88 | `Time i ... aint)}` | -| dates.js:61:31:61:88 | `Time i ... aint)}` | -| dates.js:61:42:61:86 | dayjs.s ... (taint) | -| dates.js:61:42:61:86 | dayjs.s ... (taint) | -| dates.js:61:81:61:85 | taint | -| dates.js:61:81:61:85 | taint | -| dragAndDrop.ts:8:11:8:50 | html | -| dragAndDrop.ts:8:11:8:50 | html | -| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | -| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | -| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | -| dragAndDrop.ts:15:25:15:28 | html | -| dragAndDrop.ts:15:25:15:28 | html | -| dragAndDrop.ts:15:25:15:28 | html | -| dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | -| dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | -| dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | -| dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | -| dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | -| dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | -| dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | -| dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | -| dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | -| dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | -| dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | -| dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | -| dragAndDrop.ts:43:15:43:54 | html | -| dragAndDrop.ts:43:15:43:54 | html | -| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | -| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | -| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | -| dragAndDrop.ts:50:29:50:32 | html | -| dragAndDrop.ts:50:29:50:32 | html | -| dragAndDrop.ts:50:29:50:32 | html | -| dragAndDrop.ts:71:13:71:61 | droppedHtml | -| dragAndDrop.ts:71:13:71:61 | droppedHtml | -| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | -| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | -| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | -| dragAndDrop.ts:73:29:73:39 | droppedHtml | -| dragAndDrop.ts:73:29:73:39 | droppedHtml | -| dragAndDrop.ts:73:29:73:39 | droppedHtml | -| event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:49:2:61 | location.href | -| event-handler-receiver.js:2:49:2:61 | location.href | -| express.js:7:15:7:33 | req.param("wobble") | -| express.js:7:15:7:33 | req.param("wobble") | -| express.js:7:15:7:33 | req.param("wobble") | -| express.js:7:15:7:33 | req.param("wobble") | -| jquery.js:2:7:2:40 | tainted | -| jquery.js:2:17:2:40 | documen ... .search | -| jquery.js:2:17:2:40 | documen ... .search | -| jquery.js:7:5:7:34 | "
" | -| jquery.js:7:5:7:34 | "
" | -| jquery.js:7:20:7:26 | tainted | -| jquery.js:8:18:8:34 | "XSS: " + tainted | -| jquery.js:8:18:8:34 | "XSS: " + tainted | -| jquery.js:8:28:8:34 | tainted | -| jquery.js:10:5:10:40 | "" + ... "" | -| jquery.js:10:5:10:40 | "" + ... "" | -| jquery.js:10:13:10:20 | location | -| jquery.js:10:13:10:20 | location | -| jquery.js:10:13:10:31 | location.toString() | -| jquery.js:14:19:14:58 | decodeU ... n.hash) | -| jquery.js:14:19:14:58 | decodeU ... n.hash) | -| jquery.js:14:38:14:57 | window.location.hash | -| jquery.js:14:38:14:57 | window.location.hash | -| jquery.js:15:19:15:60 | decodeU ... search) | -| jquery.js:15:19:15:60 | decodeU ... search) | -| jquery.js:15:38:15:59 | window. ... .search | -| jquery.js:15:38:15:59 | window. ... .search | -| jquery.js:16:19:16:64 | decodeU ... ring()) | -| jquery.js:16:19:16:64 | decodeU ... ring()) | -| jquery.js:16:38:16:52 | window.location | -| jquery.js:16:38:16:52 | window.location | -| jquery.js:16:38:16:63 | window. ... tring() | -| jquery.js:18:7:18:33 | hash | -| jquery.js:18:14:18:33 | window.location.hash | -| jquery.js:18:14:18:33 | window.location.hash | -| jquery.js:21:5:21:8 | hash | -| jquery.js:21:5:21:21 | hash.substring(1) | -| jquery.js:21:5:21:21 | hash.substring(1) | -| jquery.js:21:5:21:21 | hash.substring(1) | -| jquery.js:22:5:22:8 | hash | -| jquery.js:22:5:22:25 | hash.su ... (1, 10) | -| jquery.js:22:5:22:25 | hash.su ... (1, 10) | -| jquery.js:22:5:22:25 | hash.su ... (1, 10) | -| jquery.js:23:5:23:8 | hash | -| jquery.js:23:5:23:18 | hash.substr(1) | -| jquery.js:23:5:23:18 | hash.substr(1) | -| jquery.js:23:5:23:18 | hash.substr(1) | -| jquery.js:24:5:24:8 | hash | -| jquery.js:24:5:24:17 | hash.slice(1) | -| jquery.js:24:5:24:17 | hash.slice(1) | -| jquery.js:24:5:24:17 | hash.slice(1) | -| jquery.js:27:5:27:8 | hash | -| jquery.js:27:5:27:25 | hash.re ... #', '') | -| jquery.js:27:5:27:25 | hash.re ... #', '') | -| jquery.js:27:5:27:25 | hash.re ... #', '') | -| jquery.js:28:5:28:26 | window. ... .search | -| jquery.js:28:5:28:26 | window. ... .search | -| jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:34:5:34:25 | '' + ... '' | -| jquery.js:34:5:34:25 | '' + ... '' | -| jquery.js:34:13:34:16 | hash | -| jquery.js:36:25:36:31 | tainted | -| jquery.js:36:25:36:31 | tainted | -| jquery.js:37:25:37:37 | () => tainted | -| jquery.js:37:25:37:37 | () => tainted | -| jquery.js:37:31:37:37 | tainted | -| json-stringify.jsx:5:9:5:36 | locale | -| json-stringify.jsx:5:9:5:36 | locale | -| json-stringify.jsx:5:18:5:36 | req.param("locale") | -| json-stringify.jsx:5:18:5:36 | req.param("locale") | -| json-stringify.jsx:5:18:5:36 | req.param("locale") | -| json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | -| json-stringify.jsx:11:51:11:56 | locale | -| json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | -| json-stringify.jsx:19:56:19:61 | locale | -| json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | -| json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | -| json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | -| json-stringify.jsx:31:55:31:60 | locale | -| json-stringify.jsx:31:55:31:60 | locale | -| json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | -| json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | -| jwt-server.js:7:9:7:35 | taint | -| jwt-server.js:7:9:7:35 | taint | -| jwt-server.js:7:17:7:35 | req.param("wobble") | -| jwt-server.js:7:17:7:35 | req.param("wobble") | -| jwt-server.js:7:17:7:35 | req.param("wobble") | -| jwt-server.js:9:16:9:20 | taint | -| jwt-server.js:9:16:9:20 | taint | -| jwt-server.js:9:55:9:61 | decoded | -| jwt-server.js:9:55:9:61 | decoded | -| jwt-server.js:11:19:11:25 | decoded | -| jwt-server.js:11:19:11:25 | decoded | -| jwt-server.js:11:19:11:29 | decoded.foo | -| jwt-server.js:11:19:11:29 | decoded.foo | -| jwt-server.js:11:19:11:29 | decoded.foo | -| nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | -| nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | -| nodemailer.js:13:50:13:66 | req.query.message | -| nodemailer.js:13:50:13:66 | req.query.message | -| optionalSanitizer.js:2:7:2:39 | target | -| optionalSanitizer.js:2:16:2:39 | documen ... .search | -| optionalSanitizer.js:2:16:2:39 | documen ... .search | -| optionalSanitizer.js:6:18:6:23 | target | -| optionalSanitizer.js:6:18:6:23 | target | -| optionalSanitizer.js:8:7:8:22 | tainted | -| optionalSanitizer.js:8:17:8:22 | target | -| optionalSanitizer.js:9:18:9:24 | tainted | -| optionalSanitizer.js:9:18:9:24 | tainted | -| optionalSanitizer.js:15:9:15:14 | target | -| optionalSanitizer.js:16:18:16:18 | x | -| optionalSanitizer.js:17:20:17:20 | x | -| optionalSanitizer.js:17:20:17:20 | x | -| optionalSanitizer.js:26:7:26:39 | target | -| optionalSanitizer.js:26:16:26:39 | documen ... .search | -| optionalSanitizer.js:26:16:26:39 | documen ... .search | -| optionalSanitizer.js:31:7:31:23 | tainted2 | -| optionalSanitizer.js:31:18:31:23 | target | -| optionalSanitizer.js:32:18:32:25 | tainted2 | -| optionalSanitizer.js:32:18:32:25 | tainted2 | -| optionalSanitizer.js:34:5:34:36 | tainted2 | -| optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) | -| optionalSanitizer.js:34:28:34:35 | tainted2 | -| optionalSanitizer.js:36:18:36:25 | tainted2 | -| optionalSanitizer.js:36:18:36:25 | tainted2 | -| optionalSanitizer.js:38:7:38:23 | tainted3 | -| optionalSanitizer.js:38:18:38:23 | target | -| optionalSanitizer.js:39:18:39:25 | tainted3 | -| optionalSanitizer.js:39:18:39:25 | tainted3 | -| optionalSanitizer.js:41:5:41:36 | tainted3 | -| optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) | -| optionalSanitizer.js:41:28:41:35 | tainted3 | -| optionalSanitizer.js:43:18:43:25 | tainted3 | -| optionalSanitizer.js:43:18:43:25 | tainted3 | -| optionalSanitizer.js:45:18:45:56 | sanitiz ... target | -| optionalSanitizer.js:45:18:45:56 | sanitiz ... target | -| optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | -| optionalSanitizer.js:45:41:45:46 | target | -| optionalSanitizer.js:45:51:45:56 | target | -| pages/[id].jsx:5:9:5:14 | { id } | -| pages/[id].jsx:5:9:5:14 | { id } | -| pages/[id].jsx:5:9:5:29 | id | -| pages/[id].jsx:5:9:5:29 | id | -| pages/[id].jsx:5:11:5:12 | id | -| pages/[id].jsx:5:11:5:12 | id | -| pages/[id].jsx:5:18:5:29 | router.query | -| pages/[id].jsx:5:18:5:29 | router.query | -| pages/[id].jsx:5:18:5:29 | router.query | -| pages/[id].jsx:10:44:10:45 | id | -| pages/[id].jsx:10:44:10:45 | id | -| pages/[id].jsx:10:44:10:45 | id | -| pages/[id].jsx:13:44:13:52 | params.id | -| pages/[id].jsx:13:44:13:52 | params.id | -| pages/[id].jsx:13:44:13:52 | params.id | -| pages/[id].jsx:16:44:16:51 | params.q | -| pages/[id].jsx:16:44:16:51 | params.q | -| pages/[id].jsx:16:44:16:51 | params.q | -| pages/[id].jsx:25:11:25:24 | context.params | -| pages/[id].jsx:25:11:25:24 | context.params | -| pages/[id].jsx:25:11:25:24 | context.params | -| pages/[id].jsx:25:11:25:27 | context.params.id | -| pages/[id].jsx:25:11:25:27 | context.params.id | -| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | -| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | -| pages/[id].jsx:26:10:26:22 | context.query | -| pages/[id].jsx:26:10:26:22 | context.query | -| pages/[id].jsx:26:10:26:22 | context.query | -| pages/[id].jsx:26:10:26:30 | context ... .foobar | -| pages/[id].jsx:26:10:26:30 | context ... .foobar | -| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | -| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | -| react-native.js:7:7:7:33 | tainted | -| react-native.js:7:7:7:33 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | -| react-native.js:7:17:7:33 | req.param("code") | -| react-native.js:7:17:7:33 | req.param("code") | -| react-native.js:8:18:8:24 | tainted | -| react-native.js:8:18:8:24 | tainted | -| react-native.js:8:18:8:24 | tainted | -| react-native.js:9:27:9:33 | tainted | -| react-native.js:9:27:9:33 | tainted | -| react-native.js:9:27:9:33 | tainted | -| react-use-context.js:10:22:10:32 | window.name | -| react-use-context.js:10:22:10:32 | window.name | -| react-use-context.js:10:22:10:32 | window.name | -| react-use-context.js:10:22:10:32 | window.name | -| react-use-context.js:16:26:16:36 | window.name | -| react-use-context.js:16:26:16:36 | window.name | -| react-use-context.js:16:26:16:36 | window.name | -| react-use-context.js:16:26:16:36 | window.name | -| react-use-router.js:4:9:4:28 | router | -| react-use-router.js:4:18:4:28 | useRouter() | -| react-use-router.js:8:21:8:26 | router | -| react-use-router.js:8:21:8:32 | router.query | -| react-use-router.js:8:21:8:32 | router.query | -| react-use-router.js:8:21:8:39 | router.query.foobar | -| react-use-router.js:8:21:8:39 | router.query.foobar | -| react-use-router.js:11:24:11:29 | router | -| react-use-router.js:11:24:11:35 | router.query | -| react-use-router.js:11:24:11:35 | router.query | -| react-use-router.js:11:24:11:42 | router.query.foobar | -| react-use-router.js:11:24:11:42 | router.query.foobar | -| react-use-router.js:22:15:22:24 | router | -| react-use-router.js:22:17:22:22 | router | -| react-use-router.js:23:43:23:48 | router | -| react-use-router.js:23:43:23:54 | router.query | -| react-use-router.js:23:43:23:54 | router.query | -| react-use-router.js:23:43:23:61 | router.query.foobar | -| react-use-router.js:23:43:23:61 | router.query.foobar | -| react-use-router.js:29:9:29:30 | router | -| react-use-router.js:29:18:29:30 | myUseRouter() | -| react-use-router.js:33:21:33:26 | router | -| react-use-router.js:33:21:33:32 | router.query | -| react-use-router.js:33:21:33:32 | router.query | -| react-use-router.js:33:21:33:39 | router.query.foobar | -| react-use-router.js:33:21:33:39 | router.query.foobar | -| react-use-state.js:4:9:4:49 | state | -| react-use-state.js:4:9:4:49 | state | -| react-use-state.js:4:10:4:14 | state | -| react-use-state.js:4:10:4:14 | state | -| react-use-state.js:4:38:4:48 | window.name | -| react-use-state.js:4:38:4:48 | window.name | -| react-use-state.js:4:38:4:48 | window.name | -| react-use-state.js:5:51:5:55 | state | -| react-use-state.js:5:51:5:55 | state | -| react-use-state.js:5:51:5:55 | state | -| react-use-state.js:9:9:9:43 | state | -| react-use-state.js:9:9:9:43 | state | -| react-use-state.js:9:10:9:14 | state | -| react-use-state.js:9:10:9:14 | state | -| react-use-state.js:10:14:10:24 | window.name | -| react-use-state.js:10:14:10:24 | window.name | -| react-use-state.js:10:14:10:24 | window.name | -| react-use-state.js:11:51:11:55 | state | -| react-use-state.js:11:51:11:55 | state | -| react-use-state.js:11:51:11:55 | state | -| react-use-state.js:15:9:15:43 | state | -| react-use-state.js:15:9:15:43 | state | -| react-use-state.js:15:10:15:14 | state | -| react-use-state.js:15:10:15:14 | state | -| react-use-state.js:16:20:16:30 | window.name | -| react-use-state.js:16:20:16:30 | window.name | -| react-use-state.js:16:20:16:30 | window.name | -| react-use-state.js:17:51:17:55 | state | -| react-use-state.js:17:51:17:55 | state | -| react-use-state.js:17:51:17:55 | state | -| react-use-state.js:21:10:21:14 | state | -| react-use-state.js:21:10:21:14 | state | -| react-use-state.js:22:14:22:17 | prev | -| react-use-state.js:22:14:22:17 | prev | -| react-use-state.js:23:35:23:38 | prev | -| react-use-state.js:23:35:23:38 | prev | -| react-use-state.js:23:35:23:38 | prev | -| react-use-state.js:25:20:25:30 | window.name | -| react-use-state.js:25:20:25:30 | window.name | -| react-use-state.js:25:20:25:30 | window.name | -| sanitiser.js:16:7:16:27 | tainted | -| sanitiser.js:16:7:16:27 | tainted | -| sanitiser.js:16:17:16:27 | window.name | -| sanitiser.js:16:17:16:27 | window.name | -| sanitiser.js:16:17:16:27 | window.name | -| sanitiser.js:23:21:23:44 | '' + ... '' | -| sanitiser.js:23:21:23:44 | '' + ... '' | -| sanitiser.js:23:29:23:35 | tainted | -| sanitiser.js:30:21:30:44 | '' + ... '' | -| sanitiser.js:30:21:30:44 | '' + ... '' | -| sanitiser.js:30:29:30:35 | tainted | -| sanitiser.js:33:21:33:44 | '' + ... '' | -| sanitiser.js:33:21:33:44 | '' + ... '' | -| sanitiser.js:33:29:33:35 | tainted | -| sanitiser.js:38:21:38:44 | '' + ... '' | -| sanitiser.js:38:21:38:44 | '' + ... '' | -| sanitiser.js:38:29:38:35 | tainted | -| sanitiser.js:45:21:45:44 | '' + ... '' | -| sanitiser.js:45:21:45:44 | '' + ... '' | -| sanitiser.js:45:29:45:35 | tainted | -| sanitiser.js:48:19:48:25 | tainted | -| sanitiser.js:48:19:48:25 | tainted | -| sanitiser.js:48:19:48:46 | tainted ... /g, '') | -| sanitiser.js:48:19:48:46 | tainted ... /g, '') | -| sanitiser.js:48:19:48:46 | tainted ... /g, '') | -| stored-xss.js:2:39:2:62 | documen ... .search | -| stored-xss.js:2:39:2:62 | documen ... .search | -| stored-xss.js:3:35:3:58 | documen ... .search | -| stored-xss.js:3:35:3:58 | documen ... .search | -| stored-xss.js:5:20:5:52 | session ... ssion') | -| stored-xss.js:5:20:5:52 | session ... ssion') | -| stored-xss.js:8:20:8:48 | localSt ... local') | -| stored-xss.js:8:20:8:48 | localSt ... local') | -| stored-xss.js:10:9:10:44 | href | -| stored-xss.js:10:16:10:44 | localSt ... local') | -| stored-xss.js:12:20:12:54 | "" | -| stored-xss.js:12:20:12:54 | "" | -| stored-xss.js:12:20:12:54 | "" | -| stored-xss.js:12:35:12:38 | href | -| string-manipulations.js:3:16:3:32 | document.location | -| string-manipulations.js:3:16:3:32 | document.location | -| string-manipulations.js:3:16:3:32 | document.location | -| string-manipulations.js:4:16:4:37 | documen ... on.href | -| string-manipulations.js:4:16:4:37 | documen ... on.href | -| string-manipulations.js:4:16:4:37 | documen ... on.href | -| string-manipulations.js:5:16:5:37 | documen ... on.href | -| string-manipulations.js:5:16:5:37 | documen ... on.href | -| string-manipulations.js:5:16:5:47 | documen ... lueOf() | -| string-manipulations.js:5:16:5:47 | documen ... lueOf() | -| string-manipulations.js:6:16:6:37 | documen ... on.href | -| string-manipulations.js:6:16:6:37 | documen ... on.href | -| string-manipulations.js:6:16:6:43 | documen ... f.sup() | -| string-manipulations.js:6:16:6:43 | documen ... f.sup() | -| string-manipulations.js:7:16:7:37 | documen ... on.href | -| string-manipulations.js:7:16:7:37 | documen ... on.href | -| string-manipulations.js:7:16:7:51 | documen ... rCase() | -| string-manipulations.js:7:16:7:51 | documen ... rCase() | -| string-manipulations.js:8:16:8:37 | documen ... on.href | -| string-manipulations.js:8:16:8:37 | documen ... on.href | -| string-manipulations.js:8:16:8:48 | documen ... mLeft() | -| string-manipulations.js:8:16:8:48 | documen ... mLeft() | -| string-manipulations.js:9:16:9:58 | String. ... n.href) | -| string-manipulations.js:9:16:9:58 | String. ... n.href) | -| string-manipulations.js:9:36:9:57 | documen ... on.href | -| string-manipulations.js:9:36:9:57 | documen ... on.href | -| string-manipulations.js:10:16:10:45 | String( ... n.href) | -| string-manipulations.js:10:16:10:45 | String( ... n.href) | -| string-manipulations.js:10:23:10:44 | documen ... on.href | -| string-manipulations.js:10:23:10:44 | documen ... on.href | -| tooltip.jsx:6:11:6:30 | source | -| tooltip.jsx:6:11:6:30 | source | -| tooltip.jsx:6:20:6:30 | window.name | -| tooltip.jsx:6:20:6:30 | window.name | -| tooltip.jsx:6:20:6:30 | window.name | -| tooltip.jsx:10:25:10:30 | source | -| tooltip.jsx:10:25:10:30 | source | -| tooltip.jsx:10:25:10:30 | source | -| tooltip.jsx:11:25:11:30 | source | -| tooltip.jsx:11:25:11:30 | source | -| tooltip.jsx:11:25:11:30 | source | -| tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:22:11:22:30 | source | -| tooltip.jsx:22:11:22:30 | source | -| tooltip.jsx:22:20:22:30 | window.name | -| tooltip.jsx:22:20:22:30 | window.name | -| tooltip.jsx:22:20:22:30 | window.name | -| tooltip.jsx:23:38:23:43 | source | -| tooltip.jsx:23:38:23:43 | source | -| translate.js:6:7:6:39 | target | -| translate.js:6:16:6:39 | documen ... .search | -| translate.js:6:16:6:39 | documen ... .search | -| translate.js:7:7:7:61 | searchParams | -| translate.js:7:22:7:61 | new URL ... ing(1)) | -| translate.js:7:42:7:47 | target | -| translate.js:7:42:7:60 | target.substring(1) | -| translate.js:7:42:7:60 | target.substring(1) | -| translate.js:7:42:7:60 | target.substring(1) | -| translate.js:9:27:9:38 | searchParams | -| translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:9:27:9:50 | searchP ... 'term') | -| trusted-types-lib.js:1:28:1:28 | x | -| trusted-types-lib.js:1:28:1:28 | x | -| trusted-types-lib.js:2:12:2:12 | x | -| trusted-types-lib.js:2:12:2:12 | x | -| trusted-types-lib.js:2:12:2:12 | x | -| trusted-types.js:3:62:3:62 | x | -| trusted-types.js:3:62:3:62 | x | -| trusted-types.js:3:67:3:67 | x | -| trusted-types.js:3:67:3:67 | x | -| trusted-types.js:3:67:3:67 | x | -| trusted-types.js:4:20:4:30 | window.name | -| trusted-types.js:4:20:4:30 | window.name | -| trusted-types.js:4:20:4:30 | window.name | -| trusted-types.js:13:20:13:30 | window.name | -| trusted-types.js:13:20:13:30 | window.name | -| trusted-types.js:13:20:13:30 | window.name | -| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | -| tst3.js:2:23:2:74 | decodeU ... str(1)) | -| tst3.js:2:42:2:63 | window. ... .search | -| tst3.js:2:42:2:63 | window. ... .search | -| tst3.js:2:42:2:73 | window. ... bstr(1) | -| tst3.js:4:25:4:28 | data | -| tst3.js:4:25:4:32 | data.src | -| tst3.js:4:25:4:32 | data.src | -| tst3.js:5:26:5:29 | data | -| tst3.js:5:26:5:31 | data.p | -| tst3.js:5:26:5:31 | data.p | -| tst3.js:7:32:7:35 | data | -| tst3.js:7:32:7:37 | data.p | -| tst3.js:7:32:7:37 | data.p | -| tst3.js:9:37:9:40 | data | -| tst3.js:9:37:9:42 | data.p | -| tst3.js:9:37:9:42 | data.p | -| tst3.js:10:38:10:41 | data | -| tst3.js:10:38:10:43 | data.p | -| tst3.js:10:38:10:43 | data.p | -| tst.js:2:7:2:39 | target | -| tst.js:2:16:2:39 | documen ... .search | -| tst.js:2:16:2:39 | documen ... .search | -| tst.js:5:18:5:23 | target | -| tst.js:5:18:5:23 | target | -| tst.js:8:18:8:126 | "" | -| tst.js:8:18:8:126 | "" | -| tst.js:8:18:8:126 | "" | -| tst.js:8:37:8:58 | documen ... on.href | -| tst.js:8:37:8:58 | documen ... on.href | -| tst.js:8:37:8:114 | documen ... t=")+8) | -| tst.js:8:37:8:114 | documen ... t=")+8) | -| tst.js:12:5:12:42 | '
' | -| tst.js:12:5:12:42 | '
' | -| tst.js:12:28:12:33 | target | -| tst.js:17:7:17:56 | params | -| tst.js:17:16:17:56 | (new UR ... hParams | -| tst.js:17:25:17:41 | document.location | -| tst.js:17:25:17:41 | document.location | -| tst.js:18:18:18:23 | params | -| tst.js:18:18:18:35 | params.get('name') | -| tst.js:18:18:18:35 | params.get('name') | -| tst.js:18:18:18:35 | params.get('name') | -| tst.js:18:18:18:35 | params.get('name') | -| tst.js:20:7:20:61 | searchParams | -| tst.js:20:22:20:61 | new URL ... ing(1)) | -| tst.js:20:42:20:47 | target | -| tst.js:20:42:20:60 | target.substring(1) | -| tst.js:20:42:20:60 | target.substring(1) | -| tst.js:20:42:20:60 | target.substring(1) | -| tst.js:21:18:21:29 | searchParams | -| tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:24:14:24:19 | target | -| tst.js:26:18:26:23 | target | -| tst.js:26:18:26:23 | target | -| tst.js:28:5:28:28 | documen ... .search | -| tst.js:28:5:28:28 | documen ... .search | -| tst.js:31:10:31:33 | documen ... .search | -| tst.js:31:10:31:33 | documen ... .search | -| tst.js:34:16:34:20 | bar() | -| tst.js:34:16:34:20 | bar() | -| tst.js:40:16:40:44 | baz(doc ... search) | -| tst.js:40:16:40:44 | baz(doc ... search) | -| tst.js:40:20:40:43 | documen ... .search | -| tst.js:40:20:40:43 | documen ... .search | -| tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:21:46:44 | documen ... .search | -| tst.js:46:21:46:44 | documen ... .search | -| tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | -| tst.js:54:21:54:44 | documen ... .search | -| tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | -| tst.js:56:21:56:44 | documen ... .search | -| tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:21:58:31 | chop(bar()) | -| tst.js:58:21:58:31 | chop(bar()) | -| tst.js:58:26:58:30 | bar() | -| tst.js:60:34:60:34 | s | -| tst.js:62:18:62:18 | s | -| tst.js:62:18:62:18 | s | -| tst.js:64:25:64:48 | documen ... .search | -| tst.js:64:25:64:48 | documen ... .search | -| tst.js:65:25:65:48 | documen ... .search | -| tst.js:65:25:65:48 | documen ... .search | -| tst.js:68:16:68:20 | bar() | -| tst.js:68:16:68:20 | bar() | -| tst.js:70:1:70:27 | [,docum ... search] | -| tst.js:70:3:70:26 | documen ... .search | -| tst.js:70:3:70:26 | documen ... .search | -| tst.js:70:46:70:46 | x | -| tst.js:73:20:73:20 | x | -| tst.js:73:20:73:20 | x | -| tst.js:77:49:77:72 | documen ... .search | -| tst.js:77:49:77:72 | documen ... .search | -| tst.js:77:49:77:72 | documen ... .search | -| tst.js:81:26:81:49 | documen ... .search | -| tst.js:81:26:81:49 | documen ... .search | -| tst.js:81:26:81:49 | documen ... .search | -| tst.js:82:25:82:48 | documen ... .search | -| tst.js:82:25:82:48 | documen ... .search | -| tst.js:82:25:82:48 | documen ... .search | -| tst.js:84:33:84:56 | documen ... .search | -| tst.js:84:33:84:56 | documen ... .search | -| tst.js:84:33:84:56 | documen ... .search | -| tst.js:85:32:85:55 | documen ... .search | -| tst.js:85:32:85:55 | documen ... .search | -| tst.js:85:32:85:55 | documen ... .search | -| tst.js:90:39:90:62 | documen ... .search | -| tst.js:90:39:90:62 | documen ... .search | -| tst.js:90:39:90:62 | documen ... .search | -| tst.js:96:30:96:53 | documen ... .search | -| tst.js:96:30:96:53 | documen ... .search | -| tst.js:96:30:96:53 | documen ... .search | -| tst.js:102:25:102:48 | documen ... .search | -| tst.js:102:25:102:48 | documen ... .search | -| tst.js:102:25:102:48 | documen ... .search | -| tst.js:107:7:107:44 | v | -| tst.js:107:7:107:44 | v | -| tst.js:107:7:107:44 | v | -| tst.js:107:11:107:34 | documen ... .search | -| tst.js:107:11:107:34 | documen ... .search | -| tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:110:18:110:18 | v | -| tst.js:110:18:110:18 | v | -| tst.js:110:18:110:18 | v | -| tst.js:110:18:110:18 | v | -| tst.js:136:18:136:18 | v | -| tst.js:136:18:136:18 | v | -| tst.js:136:18:136:18 | v | -| tst.js:136:18:136:18 | v | -| tst.js:148:29:148:50 | window. ... .search | -| tst.js:148:29:148:50 | window. ... .search | -| tst.js:151:29:151:29 | v | -| tst.js:151:49:151:49 | v | -| tst.js:151:49:151:49 | v | -| tst.js:155:29:155:46 | xssSourceService() | -| tst.js:155:29:155:46 | xssSourceService() | -| tst.js:158:40:158:61 | window. ... .search | -| tst.js:158:40:158:61 | window. ... .search | -| tst.js:177:9:177:41 | target | -| tst.js:177:18:177:41 | documen ... .search | -| tst.js:177:18:177:41 | documen ... .search | -| tst.js:180:28:180:33 | target | -| tst.js:180:28:180:33 | target | -| tst.js:184:9:184:42 | tainted | -| tst.js:184:19:184:42 | documen ... .search | -| tst.js:184:19:184:42 | documen ... .search | -| tst.js:186:31:186:37 | tainted | -| tst.js:186:31:186:37 | tainted | -| tst.js:188:42:188:48 | tainted | -| tst.js:188:42:188:48 | tainted | -| tst.js:189:33:189:39 | tainted | -| tst.js:189:33:189:39 | tainted | -| tst.js:191:54:191:60 | tainted | -| tst.js:191:54:191:60 | tainted | -| tst.js:192:45:192:51 | tainted | -| tst.js:192:45:192:51 | tainted | -| tst.js:193:49:193:55 | tainted | -| tst.js:193:49:193:55 | tainted | -| tst.js:197:9:197:42 | tainted | -| tst.js:197:19:197:42 | documen ... .search | -| tst.js:197:19:197:42 | documen ... .search | -| tst.js:199:67:199:73 | tainted | -| tst.js:199:67:199:73 | tainted | -| tst.js:200:67:200:73 | tainted | -| tst.js:200:67:200:73 | tainted | -| tst.js:204:35:204:41 | tainted | -| tst.js:206:46:206:52 | tainted | -| tst.js:207:38:207:44 | tainted | -| tst.js:208:35:208:41 | tainted | -| tst.js:212:28:212:46 | this.state.tainted1 | -| tst.js:212:28:212:46 | this.state.tainted1 | -| tst.js:213:28:213:46 | this.state.tainted2 | -| tst.js:213:28:213:46 | this.state.tainted2 | -| tst.js:214:28:214:46 | this.state.tainted3 | -| tst.js:214:28:214:46 | this.state.tainted3 | -| tst.js:218:32:218:49 | prevState.tainted4 | -| tst.js:218:32:218:49 | prevState.tainted4 | -| tst.js:225:28:225:46 | this.props.tainted1 | -| tst.js:225:28:225:46 | this.props.tainted1 | -| tst.js:226:28:226:46 | this.props.tainted2 | -| tst.js:226:28:226:46 | this.props.tainted2 | -| tst.js:227:28:227:46 | this.props.tainted3 | -| tst.js:227:28:227:46 | this.props.tainted3 | -| tst.js:231:32:231:49 | prevProps.tainted4 | -| tst.js:231:32:231:49 | prevProps.tainted4 | -| tst.js:236:35:236:41 | tainted | -| tst.js:238:20:238:26 | tainted | -| tst.js:240:23:240:29 | tainted | -| tst.js:241:23:241:29 | tainted | -| tst.js:247:39:247:55 | props.propTainted | -| tst.js:251:60:251:82 | this.st ... Tainted | -| tst.js:251:60:251:82 | this.st ... Tainted | -| tst.js:255:23:255:29 | tainted | -| tst.js:259:7:259:17 | window.name | -| tst.js:259:7:259:17 | window.name | -| tst.js:259:7:259:17 | window.name | -| tst.js:259:7:259:17 | window.name | -| tst.js:260:7:260:10 | name | -| tst.js:260:7:260:10 | name | -| tst.js:260:7:260:10 | name | -| tst.js:260:7:260:10 | name | -| tst.js:264:11:264:21 | window.name | -| tst.js:264:11:264:21 | window.name | -| tst.js:264:11:264:21 | window.name | -| tst.js:264:11:264:21 | window.name | -| tst.js:280:22:280:29 | location | -| tst.js:280:22:280:29 | location | -| tst.js:280:22:280:29 | location | -| tst.js:285:9:285:29 | tainted | -| tst.js:285:9:285:29 | tainted | -| tst.js:285:19:285:29 | window.name | -| tst.js:285:19:285:29 | window.name | -| tst.js:285:19:285:29 | window.name | -| tst.js:288:59:288:65 | tainted | -| tst.js:288:59:288:65 | tainted | -| tst.js:288:59:288:65 | tainted | -| tst.js:301:9:301:16 | location | -| tst.js:301:9:301:16 | location | -| tst.js:302:10:302:10 | e | -| tst.js:303:20:303:20 | e | -| tst.js:303:20:303:20 | e | -| tst.js:308:10:308:17 | location | -| tst.js:308:10:308:17 | location | -| tst.js:310:10:310:10 | e | -| tst.js:311:20:311:20 | e | -| tst.js:311:20:311:20 | e | -| tst.js:316:35:316:42 | location | -| tst.js:316:35:316:42 | location | -| tst.js:316:35:316:42 | location | -| tst.js:327:18:327:34 | document.location | -| tst.js:327:18:327:34 | document.location | -| tst.js:331:7:331:43 | params | -| tst.js:331:16:331:43 | getTain ... hParams | -| tst.js:332:18:332:23 | params | -| tst.js:332:18:332:35 | params.get('name') | -| tst.js:332:18:332:35 | params.get('name') | -| tst.js:332:18:332:35 | params.get('name') | -| tst.js:332:18:332:35 | params.get('name') | -| tst.js:341:20:341:36 | document.location | -| tst.js:341:20:341:36 | document.location | -| tst.js:343:5:343:17 | getUrl().hash | -| tst.js:343:5:343:30 | getUrl( ... ring(1) | -| tst.js:343:5:343:30 | getUrl( ... ring(1) | -| tst.js:343:5:343:30 | getUrl( ... ring(1) | -| tst.js:348:7:348:39 | target | -| tst.js:348:16:348:39 | documen ... .search | -| tst.js:348:16:348:39 | documen ... .search | -| tst.js:349:12:349:17 | target | -| tst.js:349:12:349:17 | target | -| tst.js:355:10:355:42 | target | -| tst.js:355:19:355:42 | documen ... .search | -| tst.js:355:19:355:42 | documen ... .search | -| tst.js:356:16:356:21 | target | -| tst.js:356:16:356:21 | target | -| tst.js:360:21:360:26 | target | -| tst.js:360:21:360:26 | target | -| tst.js:363:18:363:23 | target | -| tst.js:363:18:363:23 | target | -| tst.js:371:7:371:39 | target | -| tst.js:371:16:371:39 | documen ... .search | -| tst.js:371:16:371:39 | documen ... .search | -| tst.js:374:18:374:23 | target | -| tst.js:374:18:374:23 | target | -| tst.js:381:7:381:39 | target | -| tst.js:381:16:381:39 | documen ... .search | -| tst.js:381:16:381:39 | documen ... .search | -| tst.js:384:18:384:23 | target | -| tst.js:384:18:384:23 | target | -| tst.js:386:18:386:23 | target | -| tst.js:386:18:386:29 | target.taint | -| tst.js:386:18:386:29 | target.taint | -| tst.js:391:19:391:42 | documen ... .search | -| tst.js:391:19:391:42 | documen ... .search | -| tst.js:392:18:392:30 | target.taint3 | -| tst.js:392:18:392:30 | target.taint3 | -| tst.js:397:18:397:23 | target | -| tst.js:397:18:397:30 | target.taint5 | -| tst.js:397:18:397:30 | target.taint5 | -| tst.js:406:18:406:23 | target | -| tst.js:406:18:406:30 | target.taint7 | -| tst.js:406:18:406:30 | target.taint7 | -| tst.js:408:19:408:24 | target | -| tst.js:408:19:408:31 | target.taint8 | -| tst.js:409:18:409:30 | target.taint8 | -| tst.js:409:18:409:30 | target.taint8 | -| tst.js:416:7:416:46 | payload | -| tst.js:416:7:416:46 | payload | -| tst.js:416:7:416:46 | payload | -| tst.js:416:17:416:36 | window.location.hash | -| tst.js:416:17:416:36 | window.location.hash | -| tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:417:18:417:24 | payload | -| tst.js:417:18:417:24 | payload | -| tst.js:417:18:417:24 | payload | -| tst.js:417:18:417:24 | payload | -| tst.js:419:7:419:55 | match | -| tst.js:419:15:419:34 | window.location.hash | -| tst.js:419:15:419:34 | window.location.hash | -| tst.js:419:15:419:55 | window. ... (\\w+)/) | -| tst.js:421:20:421:24 | match | -| tst.js:421:20:421:27 | match[1] | -| tst.js:421:20:421:27 | match[1] | -| tst.js:424:18:424:37 | window.location.hash | -| tst.js:424:18:424:37 | window.location.hash | -| tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:428:7:428:39 | target | -| tst.js:428:16:428:39 | documen ... .search | -| tst.js:428:16:428:39 | documen ... .search | -| tst.js:430:18:430:23 | target | -| tst.js:430:18:430:89 | target. ... data>') | -| tst.js:430:18:430:89 | target. ... data>') | -| tst.js:436:6:436:38 | source | -| tst.js:436:15:436:38 | documen ... .search | -| tst.js:436:15:436:38 | documen ... .search | -| tst.js:440:28:440:33 | source | -| tst.js:440:28:440:33 | source | -| tst.js:441:33:441:38 | source | -| tst.js:441:33:441:38 | source | -| tst.js:442:34:442:39 | source | -| tst.js:442:34:442:39 | source | -| tst.js:443:41:443:46 | source | -| tst.js:443:41:443:46 | source | -| tst.js:444:44:444:49 | source | -| tst.js:444:44:444:49 | source | -| tst.js:445:32:445:37 | source | -| tst.js:445:32:445:37 | source | -| tst.js:453:7:453:39 | source | -| tst.js:453:16:453:39 | documen ... .search | -| tst.js:453:16:453:39 | documen ... .search | -| tst.js:455:18:455:23 | source | -| tst.js:455:18:455:23 | source | -| tst.js:456:18:456:42 | ansiToH ... source) | -| tst.js:456:18:456:42 | ansiToH ... source) | -| tst.js:456:36:456:41 | source | -| tst.js:460:6:460:38 | source | -| tst.js:460:15:460:38 | documen ... .search | -| tst.js:460:15:460:38 | documen ... .search | -| tst.js:463:21:463:26 | source | -| tst.js:463:21:463:26 | source | -| tst.js:465:19:465:24 | source | -| tst.js:465:19:465:24 | source | -| tst.js:467:20:467:25 | source | -| tst.js:467:20:467:25 | source | -| tst.js:471:7:471:46 | url | -| tst.js:471:13:471:36 | documen ... .search | -| tst.js:471:13:471:36 | documen ... .search | -| tst.js:471:13:471:46 | documen ... bstr(1) | -| tst.js:473:19:473:21 | url | -| tst.js:473:19:473:21 | url | -| tst.js:474:26:474:28 | url | -| tst.js:474:26:474:28 | url | -| tst.js:475:25:475:27 | url | -| tst.js:475:25:475:27 | url | -| tst.js:476:20:476:22 | url | -| tst.js:476:20:476:22 | url | -| tst.js:486:22:486:24 | url | -| tst.js:486:22:486:24 | url | -| tst.js:491:23:491:35 | location.hash | -| tst.js:491:23:491:35 | location.hash | -| tst.js:491:23:491:45 | locatio ... bstr(1) | -| tst.js:491:23:491:45 | locatio ... bstr(1) | -| tst.js:494:18:494:30 | location.hash | -| tst.js:494:18:494:30 | location.hash | -| tst.js:494:18:494:40 | locatio ... bstr(1) | -| tst.js:494:18:494:40 | locatio ... bstr(1) | -| tst.js:501:33:501:63 | decodeU ... n.hash) | -| tst.js:501:33:501:63 | decodeU ... n.hash) | -| tst.js:501:43:501:62 | window.location.hash | -| tst.js:501:43:501:62 | window.location.hash | -| typeahead.js:20:13:20:45 | target | -| typeahead.js:20:22:20:45 | documen ... .search | -| typeahead.js:20:22:20:45 | documen ... .search | -| typeahead.js:21:12:21:17 | target | -| typeahead.js:24:30:24:32 | val | -| typeahead.js:25:18:25:20 | val | -| typeahead.js:25:18:25:20 | val | -| v-html.vue:2:8:2:23 | v-html=tainted | -| v-html.vue:2:8:2:23 | v-html=tainted | -| v-html.vue:6:42:6:58 | document.location | -| v-html.vue:6:42:6:58 | document.location | -| various-concat-obfuscations.js:2:6:2:39 | tainted | -| various-concat-obfuscations.js:2:16:2:39 | documen ... .search | -| various-concat-obfuscations.js:2:16:2:39 | documen ... .search | -| various-concat-obfuscations.js:4:4:4:31 | "
" ...
" | -| various-concat-obfuscations.js:4:4:4:31 | "
" ...
" | -| various-concat-obfuscations.js:4:14:4:20 | tainted | -| various-concat-obfuscations.js:5:4:5:26 | `
$ ...
` | -| various-concat-obfuscations.js:5:4:5:26 | `
$ ...
` | -| various-concat-obfuscations.js:5:12:5:18 | tainted | -| various-concat-obfuscations.js:6:4:6:26 | "
" ... ainted) | -| various-concat-obfuscations.js:6:4:6:43 | "
" ... /div>") | -| various-concat-obfuscations.js:6:4:6:43 | "
" ... /div>") | -| various-concat-obfuscations.js:6:19:6:25 | tainted | -| various-concat-obfuscations.js:7:4:7:31 | ["
... /div>"] | -| various-concat-obfuscations.js:7:4:7:38 | ["
... .join() | -| various-concat-obfuscations.js:7:4:7:38 | ["
... .join() | -| various-concat-obfuscations.js:7:14:7:20 | tainted | -| various-concat-obfuscations.js:9:4:9:34 | "
" | -| various-concat-obfuscations.js:9:4:9:34 | "
" | -| various-concat-obfuscations.js:9:19:9:25 | tainted | -| various-concat-obfuscations.js:10:4:10:27 | `
` | -| various-concat-obfuscations.js:10:4:10:27 | `
` | -| various-concat-obfuscations.js:10:16:10:22 | tainted | -| various-concat-obfuscations.js:11:4:11:31 | "
") | -| various-concat-obfuscations.js:11:4:11:44 | "
") | -| various-concat-obfuscations.js:11:24:11:30 | tainted | -| various-concat-obfuscations.js:12:4:12:34 | ["
"] | -| various-concat-obfuscations.js:12:4:12:41 | ["
` | semmle.label | `` | +| classnames.js:7:47:7:69 | classNa ... w.name) | semmle.label | classNa ... w.name) | +| classnames.js:7:58:7:68 | window.name | semmle.label | window.name | +| classnames.js:8:31:8:85 | `` | semmle.label | `` | +| classnames.js:8:47:8:70 | classNa ... w.name) | semmle.label | classNa ... w.name) | +| classnames.js:8:59:8:69 | window.name | semmle.label | window.name | +| classnames.js:9:31:9:85 | `` | semmle.label | `` | +| classnames.js:9:47:9:70 | classNa ... w.name) | semmle.label | classNa ... w.name) | +| classnames.js:9:59:9:69 | window.name | semmle.label | window.name | +| classnames.js:10:45:10:55 | window.name | semmle.label | window.name | +| classnames.js:11:31:11:79 | `` | semmle.label | `` | +| classnames.js:11:47:11:64 | unsafeStyle('foo') | semmle.label | unsafeStyle('foo') | +| classnames.js:13:31:13:83 | `` | semmle.label | `` | +| classnames.js:13:47:13:68 | safeSty ... w.name) | semmle.label | safeSty ... w.name) | +| classnames.js:13:57:13:67 | window.name | semmle.label | window.name | +| classnames.js:15:31:15:78 | `` | semmle.label | `` | +| classnames.js:15:47:15:63 | clsx(window.name) | semmle.label | clsx(window.name) | +| classnames.js:15:52:15:62 | window.name | semmle.label | window.name | +| classnames.js:17:32:17:79 | `` | semmle.label | `` | +| classnames.js:17:48:17:64 | clsx(window.name) | semmle.label | clsx(window.name) | +| classnames.js:17:53:17:63 | window.name | semmle.label | window.name | +| clipboard.ts:8:11:8:51 | html | semmle.label | html | +| clipboard.ts:8:18:8:51 | clipboa ... /html') | semmle.label | clipboa ... /html') | +| clipboard.ts:15:25:15:28 | html | semmle.label | html | +| clipboard.ts:24:23:24:58 | e.clipb ... /html') | semmle.label | e.clipb ... /html') | +| clipboard.ts:29:19:29:54 | e.clipb ... /html') | semmle.label | e.clipb ... /html') | +| clipboard.ts:33:19:33:68 | e.origi ... /html') | semmle.label | e.origi ... /html') | +| clipboard.ts:43:15:43:55 | html | semmle.label | html | +| clipboard.ts:43:22:43:55 | clipboa ... /html') | semmle.label | clipboa ... /html') | +| clipboard.ts:50:29:50:32 | html | semmle.label | html | +| clipboard.ts:71:13:71:62 | droppedHtml | semmle.label | droppedHtml | +| clipboard.ts:71:27:71:62 | e.clipb ... /html') | semmle.label | e.clipb ... /html') | +| clipboard.ts:73:29:73:39 | droppedHtml | semmle.label | droppedHtml | +| clipboard.ts:98:15:98:54 | html | semmle.label | html | +| clipboard.ts:98:22:98:54 | dataTra ... /html') | semmle.label | dataTra ... /html') | +| clipboard.ts:99:23:99:26 | html | semmle.label | html | +| custom-element.js:5:26:5:36 | window.name | semmle.label | window.name | +| d3.js:4:12:4:22 | window.name | semmle.label | window.name | +| d3.js:11:15:11:24 | getTaint() | semmle.label | getTaint() | +| d3.js:12:20:12:29 | getTaint() | semmle.label | getTaint() | +| d3.js:14:20:14:29 | getTaint() | semmle.label | getTaint() | +| d3.js:21:15:21:24 | getTaint() | semmle.label | getTaint() | +| dates.js:9:9:9:69 | taint | semmle.label | taint | +| dates.js:9:17:9:69 | decodeU ... ing(1)) | semmle.label | decodeU ... ing(1)) | +| dates.js:9:36:9:55 | window.location.hash | semmle.label | window.location.hash | +| dates.js:9:36:9:68 | window. ... ring(1) | semmle.label | window. ... ring(1) | +| dates.js:11:31:11:70 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:11:42:11:68 | dateFns ... taint) | semmle.label | dateFns ... taint) | +| dates.js:11:63:11:67 | taint | semmle.label | taint | +| dates.js:12:31:12:73 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:12:42:12:71 | dateFns ... taint) | semmle.label | dateFns ... taint) | +| dates.js:12:66:12:70 | taint | semmle.label | taint | +| dates.js:13:31:13:72 | `Time i ... time)}` | semmle.label | `Time i ... time)}` | +| dates.js:13:42:13:70 | dateFns ... )(time) | semmle.label | dateFns ... )(time) | +| dates.js:13:59:13:63 | taint | semmle.label | taint | +| dates.js:16:31:16:69 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:16:42:16:67 | moment( ... (taint) | semmle.label | moment( ... (taint) | +| dates.js:16:62:16:66 | taint | semmle.label | taint | +| dates.js:18:31:18:66 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:18:42:18:64 | datefor ... taint) | semmle.label | datefor ... taint) | +| dates.js:18:59:18:63 | taint | semmle.label | taint | +| dates.js:21:31:21:68 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:21:42:21:66 | dayjs(t ... (taint) | semmle.label | dayjs(t ... (taint) | +| dates.js:21:61:21:65 | taint | semmle.label | taint | +| dates.js:30:9:30:69 | taint | semmle.label | taint | +| dates.js:30:17:30:69 | decodeU ... ing(1)) | semmle.label | decodeU ... ing(1)) | +| dates.js:30:36:30:55 | window.location.hash | semmle.label | window.location.hash | +| dates.js:30:36:30:68 | window. ... ring(1) | semmle.label | window. ... ring(1) | +| dates.js:37:31:37:84 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:37:42:37:82 | dateFns ... taint) | semmle.label | dateFns ... taint) | +| dates.js:37:77:37:81 | taint | semmle.label | taint | +| dates.js:38:31:38:84 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:38:42:38:82 | luxon.f ... taint) | semmle.label | luxon.f ... taint) | +| dates.js:38:77:38:81 | taint | semmle.label | taint | +| dates.js:39:31:39:86 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:39:42:39:84 | moment. ... taint) | semmle.label | moment. ... taint) | +| dates.js:39:79:39:83 | taint | semmle.label | taint | +| dates.js:40:31:40:84 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:40:42:40:82 | dayjs.f ... taint) | semmle.label | dayjs.f ... taint) | +| dates.js:40:77:40:81 | taint | semmle.label | taint | +| dates.js:46:9:46:69 | taint | semmle.label | taint | +| dates.js:46:17:46:69 | decodeU ... ing(1)) | semmle.label | decodeU ... ing(1)) | +| dates.js:46:36:46:55 | window.location.hash | semmle.label | window.location.hash | +| dates.js:46:36:46:68 | window. ... ring(1) | semmle.label | window. ... ring(1) | +| dates.js:48:31:48:90 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:48:42:48:88 | DateTim ... (taint) | semmle.label | DateTim ... (taint) | +| dates.js:48:83:48:87 | taint | semmle.label | taint | +| dates.js:49:31:49:89 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:49:42:49:87 | new Dat ... (taint) | semmle.label | new Dat ... (taint) | +| dates.js:49:82:49:86 | taint | semmle.label | taint | +| dates.js:50:31:50:104 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:50:42:50:102 | DateTim ... (taint) | semmle.label | DateTim ... (taint) | +| dates.js:50:97:50:101 | taint | semmle.label | taint | +| dates.js:54:9:54:69 | taint | semmle.label | taint | +| dates.js:54:17:54:69 | decodeU ... ing(1)) | semmle.label | decodeU ... ing(1)) | +| dates.js:54:36:54:55 | window.location.hash | semmle.label | window.location.hash | +| dates.js:54:36:54:68 | window. ... ring(1) | semmle.label | window. ... ring(1) | +| dates.js:57:31:57:101 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:57:42:57:99 | moment. ... (taint) | semmle.label | moment. ... (taint) | +| dates.js:57:94:57:98 | taint | semmle.label | taint | +| dates.js:59:31:59:87 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:59:42:59:85 | luxon.e ... (taint) | semmle.label | luxon.e ... (taint) | +| dates.js:59:80:59:84 | taint | semmle.label | taint | +| dates.js:61:31:61:88 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:61:42:61:86 | dayjs.s ... (taint) | semmle.label | dayjs.s ... (taint) | +| dates.js:61:81:61:85 | taint | semmle.label | taint | +| dragAndDrop.ts:8:11:8:50 | html | semmle.label | html | +| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | semmle.label | dataTra ... /html') | +| dragAndDrop.ts:15:25:15:28 | html | semmle.label | html | +| dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | semmle.label | e.dataT ... /html') | +| dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | semmle.label | e.dataT ... /html') | +| dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | semmle.label | e.origi ... /html') | +| dragAndDrop.ts:43:15:43:54 | html | semmle.label | html | +| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | semmle.label | dataTra ... /html') | +| dragAndDrop.ts:50:29:50:32 | html | semmle.label | html | +| dragAndDrop.ts:71:13:71:61 | droppedHtml | semmle.label | droppedHtml | +| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | semmle.label | e.dataT ... /html') | +| dragAndDrop.ts:73:29:73:39 | droppedHtml | semmle.label | droppedHtml | +| event-handler-receiver.js:2:31:2:83 | '

' | semmle.label | '

' | +| event-handler-receiver.js:2:49:2:61 | location.href | semmle.label | location.href | +| express.js:7:15:7:33 | req.param("wobble") | semmle.label | req.param("wobble") | +| jquery.js:2:7:2:40 | tainted | semmle.label | tainted | +| jquery.js:2:17:2:40 | documen ... .search | semmle.label | documen ... .search | +| jquery.js:7:5:7:34 | "
" | semmle.label | "
" | +| jquery.js:7:20:7:26 | tainted | semmle.label | tainted | +| jquery.js:8:18:8:34 | "XSS: " + tainted | semmle.label | "XSS: " + tainted | +| jquery.js:8:28:8:34 | tainted | semmle.label | tainted | +| jquery.js:10:5:10:40 | "" + ... "" | semmle.label | "" + ... "" | +| jquery.js:10:13:10:20 | location | semmle.label | location | +| jquery.js:10:13:10:31 | location.toString() | semmle.label | location.toString() | +| jquery.js:14:19:14:58 | decodeU ... n.hash) | semmle.label | decodeU ... n.hash) | +| jquery.js:14:38:14:57 | window.location.hash | semmle.label | window.location.hash | +| jquery.js:15:19:15:60 | decodeU ... search) | semmle.label | decodeU ... search) | +| jquery.js:15:38:15:59 | window. ... .search | semmle.label | window. ... .search | +| jquery.js:16:19:16:64 | decodeU ... ring()) | semmle.label | decodeU ... ring()) | +| jquery.js:16:38:16:52 | window.location | semmle.label | window.location | +| jquery.js:16:38:16:63 | window. ... tring() | semmle.label | window. ... tring() | +| jquery.js:18:7:18:33 | hash | semmle.label | hash | +| jquery.js:18:14:18:33 | window.location.hash | semmle.label | window.location.hash | +| jquery.js:21:5:21:8 | hash | semmle.label | hash | +| jquery.js:21:5:21:21 | hash.substring(1) | semmle.label | hash.substring(1) | +| jquery.js:22:5:22:8 | hash | semmle.label | hash | +| jquery.js:22:5:22:25 | hash.su ... (1, 10) | semmle.label | hash.su ... (1, 10) | +| jquery.js:23:5:23:8 | hash | semmle.label | hash | +| jquery.js:23:5:23:18 | hash.substr(1) | semmle.label | hash.substr(1) | +| jquery.js:24:5:24:8 | hash | semmle.label | hash | +| jquery.js:24:5:24:17 | hash.slice(1) | semmle.label | hash.slice(1) | +| jquery.js:27:5:27:8 | hash | semmle.label | hash | +| jquery.js:27:5:27:25 | hash.re ... #', '') | semmle.label | hash.re ... #', '') | +| jquery.js:28:5:28:26 | window. ... .search | semmle.label | window. ... .search | +| jquery.js:28:5:28:43 | window. ... ?', '') | semmle.label | window. ... ?', '') | +| jquery.js:34:5:34:25 | '' + ... '' | semmle.label | '' + ... '' | +| jquery.js:34:13:34:16 | hash | semmle.label | hash | +| jquery.js:36:25:36:31 | tainted | semmle.label | tainted | +| jquery.js:37:25:37:37 | () => tainted | semmle.label | () => tainted | +| jquery.js:37:31:37:37 | tainted | semmle.label | tainted | +| json-stringify.jsx:5:9:5:36 | locale | semmle.label | locale | +| json-stringify.jsx:5:18:5:36 | req.param("locale") | semmle.label | req.param("locale") | +| json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | semmle.label | `https: ... ocale}` | +| json-stringify.jsx:11:51:11:56 | locale | semmle.label | locale | +| json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | semmle.label | `https: ... ocale}` | +| json-stringify.jsx:19:56:19:61 | locale | semmle.label | locale | +| json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | semmle.label | JSON.st ... locale) | +| json-stringify.jsx:31:55:31:60 | locale | semmle.label | locale | +| json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | semmle.label | JSON.st ... jsonLD) | +| jwt-server.js:7:9:7:35 | taint | semmle.label | taint | +| jwt-server.js:7:17:7:35 | req.param("wobble") | semmle.label | req.param("wobble") | +| jwt-server.js:9:16:9:20 | taint | semmle.label | taint | +| jwt-server.js:9:55:9:61 | decoded | semmle.label | decoded | +| jwt-server.js:11:19:11:25 | decoded | semmle.label | decoded | +| jwt-server.js:11:19:11:29 | decoded.foo | semmle.label | decoded.foo | +| nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | semmle.label | `Hi, yo ... sage}.` | +| nodemailer.js:13:50:13:66 | req.query.message | semmle.label | req.query.message | +| optionalSanitizer.js:2:7:2:39 | target | semmle.label | target | +| optionalSanitizer.js:2:16:2:39 | documen ... .search | semmle.label | documen ... .search | +| optionalSanitizer.js:6:18:6:23 | target | semmle.label | target | +| optionalSanitizer.js:8:7:8:22 | tainted | semmle.label | tainted | +| optionalSanitizer.js:8:17:8:22 | target | semmle.label | target | +| optionalSanitizer.js:9:18:9:24 | tainted | semmle.label | tainted | +| optionalSanitizer.js:15:9:15:14 | target | semmle.label | target | +| optionalSanitizer.js:16:18:16:18 | x | semmle.label | x | +| optionalSanitizer.js:17:20:17:20 | x | semmle.label | x | +| optionalSanitizer.js:26:7:26:39 | target | semmle.label | target | +| optionalSanitizer.js:26:16:26:39 | documen ... .search | semmle.label | documen ... .search | +| optionalSanitizer.js:28:24:28:24 | x | semmle.label | x | +| optionalSanitizer.js:29:12:29:12 | x | semmle.label | x | +| optionalSanitizer.js:31:7:31:23 | tainted2 | semmle.label | tainted2 | +| optionalSanitizer.js:31:18:31:23 | target | semmle.label | target | +| optionalSanitizer.js:32:18:32:25 | tainted2 | semmle.label | tainted2 | +| optionalSanitizer.js:34:5:34:36 | tainted2 | semmle.label | tainted2 | +| optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) | semmle.label | sanitiz ... inted2) | +| optionalSanitizer.js:34:28:34:35 | tainted2 | semmle.label | tainted2 | +| optionalSanitizer.js:36:18:36:25 | tainted2 | semmle.label | tainted2 | +| optionalSanitizer.js:38:7:38:23 | tainted3 | semmle.label | tainted3 | +| optionalSanitizer.js:38:18:38:23 | target | semmle.label | target | +| optionalSanitizer.js:39:18:39:25 | tainted3 | semmle.label | tainted3 | +| optionalSanitizer.js:41:5:41:36 | tainted3 | semmle.label | tainted3 | +| optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) | semmle.label | sanitiz ... inted3) | +| optionalSanitizer.js:41:28:41:35 | tainted3 | semmle.label | tainted3 | +| optionalSanitizer.js:43:18:43:25 | tainted3 | semmle.label | tainted3 | +| optionalSanitizer.js:45:18:45:56 | sanitiz ... target | semmle.label | sanitiz ... target | +| optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | semmle.label | sanitizeBad(target) | +| optionalSanitizer.js:45:41:45:46 | target | semmle.label | target | +| optionalSanitizer.js:45:51:45:56 | target | semmle.label | target | +| pages/[id].jsx:3:30:3:35 | params [id] | semmle.label | params [id] | +| pages/[id].jsx:3:30:3:35 | params [q] | semmle.label | params [q] | +| pages/[id].jsx:5:9:5:14 | { id } | semmle.label | { id } | +| pages/[id].jsx:5:9:5:29 | id | semmle.label | id | +| pages/[id].jsx:5:11:5:12 | id | semmle.label | id | +| pages/[id].jsx:5:18:5:29 | router.query | semmle.label | router.query | +| pages/[id].jsx:10:44:10:45 | id | semmle.label | id | +| pages/[id].jsx:13:44:13:49 | params [id] | semmle.label | params [id] | +| pages/[id].jsx:13:44:13:52 | params.id | semmle.label | params.id | +| pages/[id].jsx:16:44:16:49 | params [q] | semmle.label | params [q] | +| pages/[id].jsx:16:44:16:51 | params.q | semmle.label | params.q | +| pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [id] | semmle.label | {\\n ... ,\\n } [id] | +| pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [q] | semmle.label | {\\n ... ,\\n } [q] | +| pages/[id].jsx:25:11:25:24 | context.params | semmle.label | context.params | +| pages/[id].jsx:25:11:25:27 | context.params.id | semmle.label | context.params.id | +| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | semmle.label | context ... d \|\| "" | +| pages/[id].jsx:26:10:26:22 | context.query | semmle.label | context.query | +| pages/[id].jsx:26:10:26:30 | context ... .foobar | semmle.label | context ... .foobar | +| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | semmle.label | context ... r \|\| "" | +| react-native.js:7:7:7:33 | tainted | semmle.label | tainted | +| react-native.js:7:17:7:33 | req.param("code") | semmle.label | req.param("code") | +| react-native.js:8:18:8:24 | tainted | semmle.label | tainted | +| react-native.js:9:27:9:33 | tainted | semmle.label | tainted | +| react-use-context.js:10:22:10:32 | window.name | semmle.label | window.name | +| react-use-context.js:16:26:16:36 | window.name | semmle.label | window.name | +| react-use-router.js:8:21:8:32 | router.query | semmle.label | router.query | +| react-use-router.js:8:21:8:39 | router.query.foobar | semmle.label | router.query.foobar | +| react-use-router.js:11:24:11:35 | router.query | semmle.label | router.query | +| react-use-router.js:11:24:11:42 | router.query.foobar | semmle.label | router.query.foobar | +| react-use-router.js:23:31:23:36 | [post update] router | semmle.label | [post update] router | +| react-use-router.js:23:43:23:48 | router | semmle.label | router | +| react-use-router.js:23:43:23:54 | router.query | semmle.label | router.query | +| react-use-router.js:23:43:23:61 | router.query.foobar | semmle.label | router.query.foobar | +| react-use-router.js:33:21:33:32 | router.query | semmle.label | router.query | +| react-use-router.js:33:21:33:39 | router.query.foobar | semmle.label | router.query.foobar | +| react-use-state.js:4:9:4:49 | state | semmle.label | state | +| react-use-state.js:4:10:4:14 | state | semmle.label | state | +| react-use-state.js:4:38:4:48 | window.name | semmle.label | window.name | +| react-use-state.js:5:51:5:55 | state | semmle.label | state | +| react-use-state.js:9:9:9:43 | state | semmle.label | state | +| react-use-state.js:9:10:9:14 | state | semmle.label | state | +| react-use-state.js:10:14:10:24 | window.name | semmle.label | window.name | +| react-use-state.js:11:51:11:55 | state | semmle.label | state | +| react-use-state.js:15:9:15:43 | state | semmle.label | state | +| react-use-state.js:15:10:15:14 | state | semmle.label | state | +| react-use-state.js:16:20:16:30 | window.name | semmle.label | window.name | +| react-use-state.js:17:51:17:55 | state | semmle.label | state | +| react-use-state.js:21:10:21:14 | state | semmle.label | state | +| react-use-state.js:22:14:22:17 | prev | semmle.label | prev | +| react-use-state.js:23:35:23:38 | prev | semmle.label | prev | +| react-use-state.js:25:20:25:30 | window.name | semmle.label | window.name | +| sanitiser.js:16:7:16:27 | tainted | semmle.label | tainted | +| sanitiser.js:16:17:16:27 | window.name | semmle.label | window.name | +| sanitiser.js:23:21:23:44 | '' + ... '' | semmle.label | '' + ... '' | +| sanitiser.js:23:29:23:35 | tainted | semmle.label | tainted | +| sanitiser.js:25:21:25:44 | '' + ... '' | semmle.label | '' + ... '' | +| sanitiser.js:25:29:25:35 | tainted | semmle.label | tainted | +| sanitiser.js:28:21:28:44 | '' + ... '' | semmle.label | '' + ... '' | +| sanitiser.js:28:29:28:35 | tainted | semmle.label | tainted | +| sanitiser.js:30:21:30:44 | '' + ... '' | semmle.label | '' + ... '' | +| sanitiser.js:30:29:30:35 | tainted | semmle.label | tainted | +| sanitiser.js:33:21:33:44 | '' + ... '' | semmle.label | '' + ... '' | +| sanitiser.js:33:29:33:35 | tainted | semmle.label | tainted | +| sanitiser.js:35:21:35:44 | '' + ... '' | semmle.label | '' + ... '' | +| sanitiser.js:35:29:35:35 | tainted | semmle.label | tainted | +| sanitiser.js:38:21:38:44 | '' + ... '' | semmle.label | '' + ... '' | +| sanitiser.js:38:29:38:35 | tainted | semmle.label | tainted | +| sanitiser.js:45:21:45:44 | '' + ... '' | semmle.label | '' + ... '' | +| sanitiser.js:45:29:45:35 | tainted | semmle.label | tainted | +| sanitiser.js:48:19:48:25 | tainted | semmle.label | tainted | +| sanitiser.js:48:19:48:46 | tainted ... /g, '') | semmle.label | tainted ... /g, '') | +| stored-xss.js:2:39:2:62 | documen ... .search | semmle.label | documen ... .search | +| stored-xss.js:3:35:3:58 | documen ... .search | semmle.label | documen ... .search | +| stored-xss.js:5:20:5:52 | session ... ssion') | semmle.label | session ... ssion') | +| stored-xss.js:8:20:8:48 | localSt ... local') | semmle.label | localSt ... local') | +| stored-xss.js:10:9:10:44 | href | semmle.label | href | +| stored-xss.js:10:16:10:44 | localSt ... local') | semmle.label | localSt ... local') | +| stored-xss.js:12:20:12:54 | "" | semmle.label | "" | +| stored-xss.js:12:35:12:38 | href | semmle.label | href | +| string-manipulations.js:3:16:3:32 | document.location | semmle.label | document.location | +| string-manipulations.js:4:16:4:37 | documen ... on.href | semmle.label | documen ... on.href | +| string-manipulations.js:5:16:5:37 | documen ... on.href | semmle.label | documen ... on.href | +| string-manipulations.js:5:16:5:47 | documen ... lueOf() | semmle.label | documen ... lueOf() | +| string-manipulations.js:6:16:6:37 | documen ... on.href | semmle.label | documen ... on.href | +| string-manipulations.js:6:16:6:43 | documen ... f.sup() | semmle.label | documen ... f.sup() | +| string-manipulations.js:7:16:7:37 | documen ... on.href | semmle.label | documen ... on.href | +| string-manipulations.js:7:16:7:51 | documen ... rCase() | semmle.label | documen ... rCase() | +| string-manipulations.js:8:16:8:37 | documen ... on.href | semmle.label | documen ... on.href | +| string-manipulations.js:8:16:8:48 | documen ... mLeft() | semmle.label | documen ... mLeft() | +| string-manipulations.js:9:16:9:58 | String. ... n.href) | semmle.label | String. ... n.href) | +| string-manipulations.js:9:36:9:57 | documen ... on.href | semmle.label | documen ... on.href | +| string-manipulations.js:10:16:10:45 | String( ... n.href) | semmle.label | String( ... n.href) | +| string-manipulations.js:10:23:10:44 | documen ... on.href | semmle.label | documen ... on.href | +| tooltip.jsx:6:11:6:30 | source | semmle.label | source | +| tooltip.jsx:6:20:6:30 | window.name | semmle.label | window.name | +| tooltip.jsx:10:25:10:30 | source | semmle.label | source | +| tooltip.jsx:11:25:11:30 | source | semmle.label | source | +| tooltip.jsx:18:51:18:59 | provide() | semmle.label | provide() | +| tooltip.jsx:22:11:22:30 | source | semmle.label | source | +| tooltip.jsx:22:20:22:30 | window.name | semmle.label | window.name | +| tooltip.jsx:23:38:23:43 | source | semmle.label | source | +| translate.js:6:7:6:39 | target | semmle.label | target | +| translate.js:6:16:6:39 | documen ... .search | semmle.label | documen ... .search | +| translate.js:7:7:7:61 | searchParams | semmle.label | searchParams | +| translate.js:7:22:7:61 | new URL ... ing(1)) | semmle.label | new URL ... ing(1)) | +| translate.js:7:42:7:47 | target | semmle.label | target | +| translate.js:7:42:7:60 | target.substring(1) | semmle.label | target.substring(1) | +| translate.js:9:27:9:38 | searchParams | semmle.label | searchParams | +| translate.js:9:27:9:50 | searchP ... 'term') | semmle.label | searchP ... 'term') | +| trusted-types-lib.js:1:28:1:28 | x | semmle.label | x | +| trusted-types-lib.js:2:12:2:12 | x | semmle.label | x | +| trusted-types.js:3:62:3:62 | x | semmle.label | x | +| trusted-types.js:3:67:3:67 | x | semmle.label | x | +| trusted-types.js:4:20:4:30 | window.name | semmle.label | window.name | +| trusted-types.js:13:20:13:30 | window.name | semmle.label | window.name | +| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | semmle.label | JSON.pa ... tr(1))) | +| tst3.js:2:23:2:74 | decodeU ... str(1)) | semmle.label | decodeU ... str(1)) | +| tst3.js:2:42:2:63 | window. ... .search | semmle.label | window. ... .search | +| tst3.js:2:42:2:73 | window. ... bstr(1) | semmle.label | window. ... bstr(1) | +| tst3.js:4:25:4:28 | data | semmle.label | data | +| tst3.js:4:25:4:32 | data.src | semmle.label | data.src | +| tst3.js:5:26:5:29 | data | semmle.label | data | +| tst3.js:5:26:5:31 | data.p | semmle.label | data.p | +| tst3.js:7:32:7:35 | data | semmle.label | data | +| tst3.js:7:32:7:37 | data.p | semmle.label | data.p | +| tst3.js:9:37:9:40 | data | semmle.label | data | +| tst3.js:9:37:9:42 | data.p | semmle.label | data.p | +| tst3.js:10:38:10:41 | data | semmle.label | data | +| tst3.js:10:38:10:43 | data.p | semmle.label | data.p | +| tst.js:2:7:2:39 | target | semmle.label | target | +| tst.js:2:16:2:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:5:18:5:23 | target | semmle.label | target | +| tst.js:8:18:8:126 | "" | semmle.label | "" | +| tst.js:8:37:8:58 | documen ... on.href | semmle.label | documen ... on.href | +| tst.js:8:37:8:114 | documen ... t=")+8) | semmle.label | documen ... t=")+8) | +| tst.js:12:5:12:42 | '
' | semmle.label | '
' | +| tst.js:12:28:12:33 | target | semmle.label | target | +| tst.js:17:7:17:56 | params | semmle.label | params | +| tst.js:17:16:17:43 | (new UR ... ation)) [searchParams] | semmle.label | (new UR ... ation)) [searchParams] | +| tst.js:17:16:17:56 | (new UR ... hParams | semmle.label | (new UR ... hParams | +| tst.js:17:17:17:42 | new URL ... cation) [searchParams] | semmle.label | new URL ... cation) [searchParams] | +| tst.js:17:25:17:41 | document.location | semmle.label | document.location | +| tst.js:18:18:18:23 | params | semmle.label | params | +| tst.js:18:18:18:35 | params.get('name') | semmle.label | params.get('name') | +| tst.js:20:7:20:61 | searchParams | semmle.label | searchParams | +| tst.js:20:22:20:61 | new URL ... ing(1)) | semmle.label | new URL ... ing(1)) | +| tst.js:20:42:20:47 | target | semmle.label | target | +| tst.js:20:42:20:60 | target.substring(1) | semmle.label | target.substring(1) | +| tst.js:21:18:21:29 | searchParams | semmle.label | searchParams | +| tst.js:21:18:21:41 | searchP ... 'name') | semmle.label | searchP ... 'name') | +| tst.js:24:14:24:19 | target | semmle.label | target | +| tst.js:26:18:26:23 | target | semmle.label | target | +| tst.js:28:5:28:28 | documen ... .search | semmle.label | documen ... .search | +| tst.js:31:10:31:33 | documen ... .search | semmle.label | documen ... .search | +| tst.js:34:16:34:20 | bar() | semmle.label | bar() | +| tst.js:36:14:36:14 | x | semmle.label | x | +| tst.js:37:10:37:10 | x | semmle.label | x | +| tst.js:40:16:40:44 | baz(doc ... search) | semmle.label | baz(doc ... search) | +| tst.js:40:20:40:43 | documen ... .search | semmle.label | documen ... .search | +| tst.js:42:15:42:15 | s | semmle.label | s | +| tst.js:43:10:43:31 | "
" ...
" | semmle.label | "
" ...
" | +| tst.js:43:20:43:20 | s | semmle.label | s | +| tst.js:46:16:46:45 | wrap(do ... search) | semmle.label | wrap(do ... search) | +| tst.js:46:21:46:44 | documen ... .search | semmle.label | documen ... .search | +| tst.js:48:15:48:15 | s | semmle.label | s | +| tst.js:50:12:50:12 | s | semmle.label | s | +| tst.js:50:12:50:22 | s.substr(1) | semmle.label | s.substr(1) | +| tst.js:54:16:54:45 | chop(do ... search) | semmle.label | chop(do ... search) | +| tst.js:54:21:54:44 | documen ... .search | semmle.label | documen ... .search | +| tst.js:56:16:56:45 | chop(do ... search) | semmle.label | chop(do ... search) | +| tst.js:56:21:56:44 | documen ... .search | semmle.label | documen ... .search | +| tst.js:58:16:58:32 | wrap(chop(bar())) | semmle.label | wrap(chop(bar())) | +| tst.js:58:21:58:31 | chop(bar()) | semmle.label | chop(bar()) | +| tst.js:58:26:58:30 | bar() | semmle.label | bar() | +| tst.js:60:34:60:34 | s | semmle.label | s | +| tst.js:62:18:62:18 | s | semmle.label | s | +| tst.js:64:25:64:48 | documen ... .search | semmle.label | documen ... .search | +| tst.js:65:25:65:48 | documen ... .search | semmle.label | documen ... .search | +| tst.js:68:16:68:20 | bar() | semmle.label | bar() | +| tst.js:70:1:70:27 | [,docum ... search] | semmle.label | [,docum ... search] | +| tst.js:70:1:70:27 | [,docum ... search] [1] | semmle.label | [,docum ... search] [1] | +| tst.js:70:3:70:26 | documen ... .search | semmle.label | documen ... .search | +| tst.js:70:46:70:46 | x | semmle.label | x | +| tst.js:73:20:73:20 | x | semmle.label | x | +| tst.js:77:49:77:72 | documen ... .search | semmle.label | documen ... .search | +| tst.js:81:26:81:49 | documen ... .search | semmle.label | documen ... .search | +| tst.js:82:25:82:48 | documen ... .search | semmle.label | documen ... .search | +| tst.js:84:33:84:56 | documen ... .search | semmle.label | documen ... .search | +| tst.js:85:32:85:55 | documen ... .search | semmle.label | documen ... .search | +| tst.js:90:39:90:62 | documen ... .search | semmle.label | documen ... .search | +| tst.js:96:30:96:53 | documen ... .search | semmle.label | documen ... .search | +| tst.js:102:25:102:48 | documen ... .search | semmle.label | documen ... .search | +| tst.js:107:7:107:44 | v | semmle.label | v | +| tst.js:107:11:107:34 | documen ... .search | semmle.label | documen ... .search | +| tst.js:107:11:107:44 | documen ... bstr(1) | semmle.label | documen ... bstr(1) | +| tst.js:110:18:110:18 | v | semmle.label | v | +| tst.js:136:18:136:18 | v | semmle.label | v | +| tst.js:148:29:148:50 | window. ... .search | semmle.label | window. ... .search | +| tst.js:151:29:151:29 | v | semmle.label | v | +| tst.js:151:49:151:49 | v | semmle.label | v | +| tst.js:155:29:155:46 | xssSourceService() | semmle.label | xssSourceService() | +| tst.js:158:40:158:61 | window. ... .search | semmle.label | window. ... .search | +| tst.js:177:9:177:41 | target | semmle.label | target | +| tst.js:177:18:177:41 | documen ... .search | semmle.label | documen ... .search | +| tst.js:180:28:180:33 | target | semmle.label | target | +| tst.js:184:9:184:42 | tainted | semmle.label | tainted | +| tst.js:184:19:184:42 | documen ... .search | semmle.label | documen ... .search | +| tst.js:186:31:186:37 | tainted | semmle.label | tainted | +| tst.js:188:42:188:48 | tainted | semmle.label | tainted | +| tst.js:189:33:189:39 | tainted | semmle.label | tainted | +| tst.js:191:54:191:60 | tainted | semmle.label | tainted | +| tst.js:192:45:192:51 | tainted | semmle.label | tainted | +| tst.js:193:49:193:55 | tainted | semmle.label | tainted | +| tst.js:197:9:197:42 | tainted | semmle.label | tainted | +| tst.js:197:19:197:42 | documen ... .search | semmle.label | documen ... .search | +| tst.js:199:67:199:73 | tainted | semmle.label | tainted | +| tst.js:200:67:200:73 | tainted | semmle.label | tainted | +| tst.js:204:35:204:41 | tainted | semmle.label | tainted | +| tst.js:206:46:206:52 | tainted | semmle.label | tainted | +| tst.js:207:38:207:44 | tainted | semmle.label | tainted | +| tst.js:208:35:208:41 | tainted | semmle.label | tainted | +| tst.js:212:28:212:46 | this.state.tainted1 | semmle.label | this.state.tainted1 | +| tst.js:213:28:213:46 | this.state.tainted2 | semmle.label | this.state.tainted2 | +| tst.js:214:28:214:46 | this.state.tainted3 | semmle.label | this.state.tainted3 | +| tst.js:218:32:218:49 | prevState.tainted4 | semmle.label | prevState.tainted4 | +| tst.js:225:28:225:46 | this.props.tainted1 | semmle.label | this.props.tainted1 | +| tst.js:226:28:226:46 | this.props.tainted2 | semmle.label | this.props.tainted2 | +| tst.js:227:28:227:46 | this.props.tainted3 | semmle.label | this.props.tainted3 | +| tst.js:231:32:231:49 | prevProps.tainted4 | semmle.label | prevProps.tainted4 | +| tst.js:236:35:236:41 | tainted | semmle.label | tainted | +| tst.js:238:20:238:26 | tainted | semmle.label | tainted | +| tst.js:240:23:240:29 | tainted | semmle.label | tainted | +| tst.js:241:23:241:29 | tainted | semmle.label | tainted | +| tst.js:247:39:247:55 | props.propTainted | semmle.label | props.propTainted | +| tst.js:251:60:251:82 | this.st ... Tainted | semmle.label | this.st ... Tainted | +| tst.js:255:23:255:29 | tainted | semmle.label | tainted | +| tst.js:259:7:259:17 | window.name | semmle.label | window.name | +| tst.js:260:7:260:10 | name | semmle.label | name | +| tst.js:264:11:264:21 | window.name | semmle.label | window.name | +| tst.js:280:22:280:29 | location | semmle.label | location | +| tst.js:285:9:285:29 | tainted | semmle.label | tainted | +| tst.js:285:19:285:29 | window.name | semmle.label | window.name | +| tst.js:288:59:288:65 | tainted | semmle.label | tainted | +| tst.js:301:9:301:16 | location | semmle.label | location | +| tst.js:302:10:302:10 | e | semmle.label | e | +| tst.js:303:20:303:20 | e | semmle.label | e | +| tst.js:308:10:308:17 | location | semmle.label | location | +| tst.js:310:10:310:10 | e | semmle.label | e | +| tst.js:311:20:311:20 | e | semmle.label | e | +| tst.js:316:35:316:42 | location | semmle.label | location | +| tst.js:327:10:327:35 | new URL ... cation) [searchParams] | semmle.label | new URL ... cation) [searchParams] | +| tst.js:327:18:327:34 | document.location | semmle.label | document.location | +| tst.js:331:7:331:43 | params | semmle.label | params | +| tst.js:331:16:331:30 | getTaintedUrl() [searchParams] | semmle.label | getTaintedUrl() [searchParams] | +| tst.js:331:16:331:43 | getTain ... hParams | semmle.label | getTain ... hParams | +| tst.js:332:18:332:23 | params | semmle.label | params | +| tst.js:332:18:332:35 | params.get('name') | semmle.label | params.get('name') | +| tst.js:341:12:341:37 | new URL ... cation) [hash] | semmle.label | new URL ... cation) [hash] | +| tst.js:341:20:341:36 | document.location | semmle.label | document.location | +| tst.js:343:5:343:12 | getUrl() [hash] | semmle.label | getUrl() [hash] | +| tst.js:343:5:343:17 | getUrl().hash | semmle.label | getUrl().hash | +| tst.js:343:5:343:30 | getUrl( ... ring(1) | semmle.label | getUrl( ... ring(1) | +| tst.js:348:7:348:39 | target | semmle.label | target | +| tst.js:348:16:348:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:349:12:349:17 | target | semmle.label | target | +| tst.js:355:10:355:42 | target | semmle.label | target | +| tst.js:355:19:355:42 | documen ... .search | semmle.label | documen ... .search | +| tst.js:356:16:356:21 | target | semmle.label | target | +| tst.js:360:21:360:26 | target | semmle.label | target | +| tst.js:363:18:363:23 | target | semmle.label | target | +| tst.js:371:7:371:39 | target | semmle.label | target | +| tst.js:371:16:371:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:374:18:374:23 | target | semmle.label | target | +| tst.js:381:7:381:39 | target | semmle.label | target | +| tst.js:381:7:381:39 | target [taint3] | semmle.label | target [taint3] | +| tst.js:381:7:381:39 | target [taint8] | semmle.label | target [taint8] | +| tst.js:381:16:381:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:384:18:384:23 | target | semmle.label | target | +| tst.js:386:18:386:23 | target | semmle.label | target | +| tst.js:386:18:386:29 | target.taint | semmle.label | target.taint | +| tst.js:391:3:391:8 | [post update] target [taint3] | semmle.label | [post update] target [taint3] | +| tst.js:391:19:391:42 | documen ... .search | semmle.label | documen ... .search | +| tst.js:392:18:392:23 | target [taint3] | semmle.label | target [taint3] | +| tst.js:392:18:392:30 | target.taint3 | semmle.label | target.taint3 | +| tst.js:397:18:397:23 | target | semmle.label | target | +| tst.js:397:18:397:30 | target.taint5 | semmle.label | target.taint5 | +| tst.js:406:18:406:23 | target | semmle.label | target | +| tst.js:406:18:406:30 | target.taint7 | semmle.label | target.taint7 | +| tst.js:408:3:408:8 | [post update] target [taint8] | semmle.label | [post update] target [taint8] | +| tst.js:408:19:408:24 | target | semmle.label | target | +| tst.js:408:19:408:24 | target [taint8] | semmle.label | target [taint8] | +| tst.js:408:19:408:31 | target.taint8 | semmle.label | target.taint8 | +| tst.js:409:18:409:23 | target [taint8] | semmle.label | target [taint8] | +| tst.js:409:18:409:30 | target.taint8 | semmle.label | target.taint8 | +| tst.js:416:7:416:46 | payload | semmle.label | payload | +| tst.js:416:17:416:36 | window.location.hash | semmle.label | window.location.hash | +| tst.js:416:17:416:46 | window. ... bstr(1) | semmle.label | window. ... bstr(1) | +| tst.js:417:18:417:24 | payload | semmle.label | payload | +| tst.js:419:7:419:55 | match | semmle.label | match | +| tst.js:419:15:419:34 | window.location.hash | semmle.label | window.location.hash | +| tst.js:419:15:419:55 | window. ... (\\w+)/) | semmle.label | window. ... (\\w+)/) | +| tst.js:421:20:421:24 | match | semmle.label | match | +| tst.js:421:20:421:27 | match[1] | semmle.label | match[1] | +| tst.js:424:18:424:37 | window.location.hash | semmle.label | window.location.hash | +| tst.js:424:18:424:48 | window. ... it('#') | semmle.label | window. ... it('#') | +| tst.js:424:18:424:51 | window. ... '#')[1] | semmle.label | window. ... '#')[1] | +| tst.js:428:7:428:39 | target | semmle.label | target | +| tst.js:428:16:428:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:430:18:430:23 | target | semmle.label | target | +| tst.js:430:18:430:89 | target. ... data>') | semmle.label | target. ... data>') | +| tst.js:436:6:436:38 | source | semmle.label | source | +| tst.js:436:15:436:38 | documen ... .search | semmle.label | documen ... .search | +| tst.js:440:28:440:33 | source | semmle.label | source | +| tst.js:441:33:441:38 | source | semmle.label | source | +| tst.js:442:34:442:39 | source | semmle.label | source | +| tst.js:443:41:443:46 | source | semmle.label | source | +| tst.js:444:44:444:49 | source | semmle.label | source | +| tst.js:445:32:445:37 | source | semmle.label | source | +| tst.js:453:7:453:39 | source | semmle.label | source | +| tst.js:453:16:453:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:455:18:455:23 | source | semmle.label | source | +| tst.js:456:18:456:42 | ansiToH ... source) | semmle.label | ansiToH ... source) | +| tst.js:456:36:456:41 | source | semmle.label | source | +| tst.js:460:6:460:38 | source | semmle.label | source | +| tst.js:460:15:460:38 | documen ... .search | semmle.label | documen ... .search | +| tst.js:463:21:463:26 | source | semmle.label | source | +| tst.js:465:19:465:24 | source | semmle.label | source | +| tst.js:467:20:467:25 | source | semmle.label | source | +| tst.js:471:7:471:46 | url | semmle.label | url | +| tst.js:471:13:471:36 | documen ... .search | semmle.label | documen ... .search | +| tst.js:471:13:471:46 | documen ... bstr(1) | semmle.label | documen ... bstr(1) | +| tst.js:473:19:473:21 | url | semmle.label | url | +| tst.js:474:26:474:28 | url | semmle.label | url | +| tst.js:475:25:475:27 | url | semmle.label | url | +| tst.js:476:20:476:22 | url | semmle.label | url | +| tst.js:486:22:486:24 | url | semmle.label | url | +| tst.js:491:23:491:35 | location.hash | semmle.label | location.hash | +| tst.js:491:23:491:45 | locatio ... bstr(1) | semmle.label | locatio ... bstr(1) | +| tst.js:494:18:494:30 | location.hash | semmle.label | location.hash | +| tst.js:494:18:494:40 | locatio ... bstr(1) | semmle.label | locatio ... bstr(1) | +| tst.js:501:33:501:63 | decodeU ... n.hash) | semmle.label | decodeU ... n.hash) | +| tst.js:501:43:501:62 | window.location.hash | semmle.label | window.location.hash | +| typeahead.js:20:13:20:45 | target | semmle.label | target | +| typeahead.js:20:22:20:45 | documen ... .search | semmle.label | documen ... .search | +| typeahead.js:21:12:21:17 | target | semmle.label | target | +| typeahead.js:24:30:24:32 | val | semmle.label | val | +| typeahead.js:25:18:25:20 | val | semmle.label | val | +| various-concat-obfuscations.js:2:6:2:39 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:2:16:2:39 | documen ... .search | semmle.label | documen ... .search | +| various-concat-obfuscations.js:4:4:4:31 | "
" ...
" | semmle.label | "
" ...
" | +| various-concat-obfuscations.js:4:14:4:20 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:5:4:5:26 | `
$ ...
` | semmle.label | `
$ ...
` | +| various-concat-obfuscations.js:5:12:5:18 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:6:4:6:26 | "
" ... ainted) | semmle.label | "
" ... ainted) | +| various-concat-obfuscations.js:6:4:6:43 | "
" ... /div>") | semmle.label | "
" ... /div>") | +| various-concat-obfuscations.js:6:19:6:25 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:7:4:7:31 | ["
... /div>"] | semmle.label | ["
... /div>"] | +| various-concat-obfuscations.js:7:4:7:38 | ["
... .join() | semmle.label | ["
... .join() | +| various-concat-obfuscations.js:7:14:7:20 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:9:4:9:34 | "
" | semmle.label | "
" | +| various-concat-obfuscations.js:9:19:9:25 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:10:4:10:27 | `
` | semmle.label | `
` | +| various-concat-obfuscations.js:10:16:10:22 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:11:4:11:31 | "
") | semmle.label | "
") | +| various-concat-obfuscations.js:11:24:11:30 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:12:4:12:34 | ["
"] | semmle.label | ["
"] | +| various-concat-obfuscations.js:12:4:12:41 | ["
' | semmle.label | '
' | +| various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | semmle.label | (attrs. ... 'left') | +| various-concat-obfuscations.js:15:28:15:32 | attrs | semmle.label | attrs | +| various-concat-obfuscations.js:15:28:15:44 | attrs.defaultattr | semmle.label | attrs.defaultattr | +| various-concat-obfuscations.js:17:24:17:28 | attrs | semmle.label | attrs | +| various-concat-obfuscations.js:18:10:18:59 | '
') | semmle.label | '
') | +| various-concat-obfuscations.js:18:32:18:36 | attrs | semmle.label | attrs | +| various-concat-obfuscations.js:18:32:18:48 | attrs.defaultattr | semmle.label | attrs.defaultattr | +| various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | semmle.label | attrs.d ... 'left' | +| various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | semmle.label | indirec ... .attrs) | +| various-concat-obfuscations.js:20:17:20:40 | documen ... .search | semmle.label | documen ... .search | +| various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | semmle.label | documen ... h.attrs | +| various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | semmle.label | indirec ... .attrs) | +| various-concat-obfuscations.js:21:17:21:40 | documen ... .search | semmle.label | documen ... .search | +| various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | semmle.label | documen ... h.attrs | +| winjs.js:2:7:2:53 | tainted | semmle.label | tainted | +| winjs.js:2:17:2:40 | documen ... .search | semmle.label | documen ... .search | +| winjs.js:2:17:2:53 | documen ... ring(1) | semmle.label | documen ... ring(1) | +| winjs.js:3:43:3:49 | tainted | semmle.label | tainted | +| winjs.js:4:43:4:49 | tainted | semmle.label | tainted | edges -| addEventListener.js:1:43:1:47 | event | addEventListener.js:2:20:2:24 | event | -| addEventListener.js:1:43:1:47 | event | addEventListener.js:2:20:2:24 | event | -| addEventListener.js:1:43:1:47 | event | addEventListener.js:2:20:2:24 | event | -| addEventListener.js:1:43:1:47 | event | addEventListener.js:2:20:2:24 | event | -| addEventListener.js:2:20:2:24 | event | addEventListener.js:2:20:2:29 | event.data | -| addEventListener.js:2:20:2:24 | event | addEventListener.js:2:20:2:29 | event.data | -| addEventListener.js:2:20:2:24 | event | addEventListener.js:2:20:2:29 | event.data | -| addEventListener.js:2:20:2:24 | event | addEventListener.js:2:20:2:29 | event.data | -| addEventListener.js:5:43:5:48 | data | addEventListener.js:6:20:6:23 | data | -| addEventListener.js:5:43:5:48 | data | addEventListener.js:6:20:6:23 | data | -| addEventListener.js:5:43:5:48 | data | addEventListener.js:6:20:6:23 | data | -| addEventListener.js:5:43:5:48 | data | addEventListener.js:6:20:6:23 | data | -| addEventListener.js:5:43:5:48 | {data} | addEventListener.js:5:44:5:47 | data | -| addEventListener.js:5:43:5:48 | {data} | addEventListener.js:5:44:5:47 | data | -| addEventListener.js:5:43:5:48 | {data} | addEventListener.js:5:44:5:47 | data | -| addEventListener.js:5:43:5:48 | {data} | addEventListener.js:5:44:5:47 | data | -| addEventListener.js:5:44:5:47 | data | addEventListener.js:5:43:5:48 | data | -| addEventListener.js:5:44:5:47 | data | addEventListener.js:5:43:5:48 | data | -| addEventListener.js:10:21:10:25 | event | addEventListener.js:12:24:12:28 | event | -| addEventListener.js:10:21:10:25 | event | addEventListener.js:12:24:12:28 | event | -| addEventListener.js:10:21:10:25 | event | addEventListener.js:12:24:12:28 | event | -| addEventListener.js:10:21:10:25 | event | addEventListener.js:12:24:12:28 | event | -| addEventListener.js:12:24:12:28 | event | addEventListener.js:12:24:12:33 | event.data | -| addEventListener.js:12:24:12:28 | event | addEventListener.js:12:24:12:33 | event.data | -| addEventListener.js:12:24:12:28 | event | addEventListener.js:12:24:12:33 | event.data | -| addEventListener.js:12:24:12:28 | event | addEventListener.js:12:24:12:33 | event.data | -| angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:26:44:26:71 | this.ro ... ragment | angular2-client.ts:26:44:26:71 | this.ro ... ragment | -| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | -| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | -| angular2-client.ts:30:46:30:59 | map.get('foo') | angular2-client.ts:30:46:30:59 | map.get('foo') | -| angular2-client.ts:33:44:33:74 | this.ro ... 1].path | angular2-client.ts:33:44:33:74 | this.ro ... 1].path | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:35:44:35:91 | this.ro ... et('x') | angular2-client.ts:35:44:35:91 | this.ro ... et('x') | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:38:44:38:58 | this.router.url | angular2-client.ts:38:44:38:58 | this.router.url | -| angular2-client.ts:40:45:40:59 | this.router.url | angular2-client.ts:40:45:40:59 | this.router.url | -| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | -| classnames.js:7:47:7:69 | classNa ... w.name) | classnames.js:7:31:7:84 | `` | -| classnames.js:7:47:7:69 | classNa ... w.name) | classnames.js:7:31:7:84 | `` | -| classnames.js:7:58:7:68 | window.name | classnames.js:7:47:7:69 | classNa ... w.name) | -| classnames.js:7:58:7:68 | window.name | classnames.js:7:47:7:69 | classNa ... w.name) | -| classnames.js:8:47:8:70 | classNa ... w.name) | classnames.js:8:31:8:85 | `` | -| classnames.js:8:47:8:70 | classNa ... w.name) | classnames.js:8:31:8:85 | `` | -| classnames.js:8:59:8:69 | window.name | classnames.js:8:47:8:70 | classNa ... w.name) | -| classnames.js:8:59:8:69 | window.name | classnames.js:8:47:8:70 | classNa ... w.name) | -| classnames.js:9:47:9:70 | classNa ... w.name) | classnames.js:9:31:9:85 | `` | -| classnames.js:9:47:9:70 | classNa ... w.name) | classnames.js:9:31:9:85 | `` | -| classnames.js:9:59:9:69 | window.name | classnames.js:9:47:9:70 | classNa ... w.name) | -| classnames.js:9:59:9:69 | window.name | classnames.js:9:47:9:70 | classNa ... w.name) | -| classnames.js:10:45:10:55 | window.name | classnames.js:11:47:11:64 | unsafeStyle('foo') | -| classnames.js:10:45:10:55 | window.name | classnames.js:11:47:11:64 | unsafeStyle('foo') | -| classnames.js:11:47:11:64 | unsafeStyle('foo') | classnames.js:11:31:11:79 | `` | -| classnames.js:11:47:11:64 | unsafeStyle('foo') | classnames.js:11:31:11:79 | `` | -| classnames.js:13:47:13:68 | safeSty ... w.name) | classnames.js:13:31:13:83 | `` | -| classnames.js:13:47:13:68 | safeSty ... w.name) | classnames.js:13:31:13:83 | `` | -| classnames.js:13:57:13:67 | window.name | classnames.js:13:47:13:68 | safeSty ... w.name) | -| classnames.js:13:57:13:67 | window.name | classnames.js:13:47:13:68 | safeSty ... w.name) | -| classnames.js:15:47:15:63 | clsx(window.name) | classnames.js:15:31:15:78 | `` | -| classnames.js:15:47:15:63 | clsx(window.name) | classnames.js:15:31:15:78 | `` | -| classnames.js:15:52:15:62 | window.name | classnames.js:15:47:15:63 | clsx(window.name) | -| classnames.js:15:52:15:62 | window.name | classnames.js:15:47:15:63 | clsx(window.name) | -| classnames.js:17:48:17:64 | clsx(window.name) | classnames.js:17:32:17:79 | `` | -| classnames.js:17:48:17:64 | clsx(window.name) | classnames.js:17:32:17:79 | `` | -| classnames.js:17:53:17:63 | window.name | classnames.js:17:48:17:64 | clsx(window.name) | -| classnames.js:17:53:17:63 | window.name | classnames.js:17:48:17:64 | clsx(window.name) | -| clipboard.ts:8:11:8:51 | html | clipboard.ts:15:25:15:28 | html | -| clipboard.ts:8:11:8:51 | html | clipboard.ts:15:25:15:28 | html | -| clipboard.ts:8:11:8:51 | html | clipboard.ts:15:25:15:28 | html | -| clipboard.ts:8:11:8:51 | html | clipboard.ts:15:25:15:28 | html | -| clipboard.ts:8:18:8:51 | clipboa ... /html') | clipboard.ts:8:11:8:51 | html | -| clipboard.ts:8:18:8:51 | clipboa ... /html') | clipboard.ts:8:11:8:51 | html | -| clipboard.ts:8:18:8:51 | clipboa ... /html') | clipboard.ts:8:11:8:51 | html | -| clipboard.ts:8:18:8:51 | clipboa ... /html') | clipboard.ts:8:11:8:51 | html | -| clipboard.ts:24:23:24:58 | e.clipb ... /html') | clipboard.ts:24:23:24:58 | e.clipb ... /html') | -| clipboard.ts:29:19:29:54 | e.clipb ... /html') | clipboard.ts:29:19:29:54 | e.clipb ... /html') | -| clipboard.ts:33:19:33:68 | e.origi ... /html') | clipboard.ts:33:19:33:68 | e.origi ... /html') | -| clipboard.ts:43:15:43:55 | html | clipboard.ts:50:29:50:32 | html | -| clipboard.ts:43:15:43:55 | html | clipboard.ts:50:29:50:32 | html | -| clipboard.ts:43:15:43:55 | html | clipboard.ts:50:29:50:32 | html | -| clipboard.ts:43:15:43:55 | html | clipboard.ts:50:29:50:32 | html | -| clipboard.ts:43:22:43:55 | clipboa ... /html') | clipboard.ts:43:15:43:55 | html | -| clipboard.ts:43:22:43:55 | clipboa ... /html') | clipboard.ts:43:15:43:55 | html | -| clipboard.ts:43:22:43:55 | clipboa ... /html') | clipboard.ts:43:15:43:55 | html | -| clipboard.ts:43:22:43:55 | clipboa ... /html') | clipboard.ts:43:15:43:55 | html | -| clipboard.ts:71:13:71:62 | droppedHtml | clipboard.ts:73:29:73:39 | droppedHtml | -| clipboard.ts:71:13:71:62 | droppedHtml | clipboard.ts:73:29:73:39 | droppedHtml | -| clipboard.ts:71:13:71:62 | droppedHtml | clipboard.ts:73:29:73:39 | droppedHtml | -| clipboard.ts:71:13:71:62 | droppedHtml | clipboard.ts:73:29:73:39 | droppedHtml | -| clipboard.ts:71:27:71:62 | e.clipb ... /html') | clipboard.ts:71:13:71:62 | droppedHtml | -| clipboard.ts:71:27:71:62 | e.clipb ... /html') | clipboard.ts:71:13:71:62 | droppedHtml | -| clipboard.ts:71:27:71:62 | e.clipb ... /html') | clipboard.ts:71:13:71:62 | droppedHtml | -| clipboard.ts:71:27:71:62 | e.clipb ... /html') | clipboard.ts:71:13:71:62 | droppedHtml | -| clipboard.ts:98:15:98:54 | html | clipboard.ts:99:23:99:26 | html | -| clipboard.ts:98:15:98:54 | html | clipboard.ts:99:23:99:26 | html | -| clipboard.ts:98:15:98:54 | html | clipboard.ts:99:23:99:26 | html | -| clipboard.ts:98:15:98:54 | html | clipboard.ts:99:23:99:26 | html | -| clipboard.ts:98:22:98:54 | dataTra ... /html') | clipboard.ts:98:15:98:54 | html | -| clipboard.ts:98:22:98:54 | dataTra ... /html') | clipboard.ts:98:15:98:54 | html | -| clipboard.ts:98:22:98:54 | dataTra ... /html') | clipboard.ts:98:15:98:54 | html | -| clipboard.ts:98:22:98:54 | dataTra ... /html') | clipboard.ts:98:15:98:54 | html | -| custom-element.js:5:26:5:36 | window.name | custom-element.js:5:26:5:36 | window.name | -| d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | -| dates.js:9:9:9:69 | taint | dates.js:11:63:11:67 | taint | -| dates.js:9:9:9:69 | taint | dates.js:11:63:11:67 | taint | -| dates.js:9:9:9:69 | taint | dates.js:12:66:12:70 | taint | -| dates.js:9:9:9:69 | taint | dates.js:12:66:12:70 | taint | -| dates.js:9:9:9:69 | taint | dates.js:13:59:13:63 | taint | -| dates.js:9:9:9:69 | taint | dates.js:13:59:13:63 | taint | -| dates.js:9:9:9:69 | taint | dates.js:16:62:16:66 | taint | -| dates.js:9:9:9:69 | taint | dates.js:16:62:16:66 | taint | -| dates.js:9:9:9:69 | taint | dates.js:18:59:18:63 | taint | -| dates.js:9:9:9:69 | taint | dates.js:18:59:18:63 | taint | -| dates.js:9:9:9:69 | taint | dates.js:21:61:21:65 | taint | -| dates.js:9:9:9:69 | taint | dates.js:21:61:21:65 | taint | -| dates.js:9:17:9:69 | decodeU ... ing(1)) | dates.js:9:9:9:69 | taint | -| dates.js:9:17:9:69 | decodeU ... ing(1)) | dates.js:9:9:9:69 | taint | -| dates.js:9:36:9:55 | window.location.hash | dates.js:9:36:9:68 | window. ... ring(1) | -| dates.js:9:36:9:55 | window.location.hash | dates.js:9:36:9:68 | window. ... ring(1) | -| dates.js:9:36:9:55 | window.location.hash | dates.js:9:36:9:68 | window. ... ring(1) | -| dates.js:9:36:9:55 | window.location.hash | dates.js:9:36:9:68 | window. ... ring(1) | -| dates.js:9:36:9:68 | window. ... ring(1) | dates.js:9:17:9:69 | decodeU ... ing(1)) | -| dates.js:9:36:9:68 | window. ... ring(1) | dates.js:9:17:9:69 | decodeU ... ing(1)) | -| dates.js:11:42:11:68 | dateFns ... taint) | dates.js:11:31:11:70 | `Time i ... aint)}` | -| dates.js:11:42:11:68 | dateFns ... taint) | dates.js:11:31:11:70 | `Time i ... aint)}` | -| dates.js:11:42:11:68 | dateFns ... taint) | dates.js:11:31:11:70 | `Time i ... aint)}` | -| dates.js:11:42:11:68 | dateFns ... taint) | dates.js:11:31:11:70 | `Time i ... aint)}` | -| dates.js:11:63:11:67 | taint | dates.js:11:42:11:68 | dateFns ... taint) | -| dates.js:11:63:11:67 | taint | dates.js:11:42:11:68 | dateFns ... taint) | -| dates.js:12:42:12:71 | dateFns ... taint) | dates.js:12:31:12:73 | `Time i ... aint)}` | -| dates.js:12:42:12:71 | dateFns ... taint) | dates.js:12:31:12:73 | `Time i ... aint)}` | -| dates.js:12:42:12:71 | dateFns ... taint) | dates.js:12:31:12:73 | `Time i ... aint)}` | -| dates.js:12:42:12:71 | dateFns ... taint) | dates.js:12:31:12:73 | `Time i ... aint)}` | -| dates.js:12:66:12:70 | taint | dates.js:12:42:12:71 | dateFns ... taint) | -| dates.js:12:66:12:70 | taint | dates.js:12:42:12:71 | dateFns ... taint) | -| dates.js:13:42:13:70 | dateFns ... )(time) | dates.js:13:31:13:72 | `Time i ... time)}` | -| dates.js:13:42:13:70 | dateFns ... )(time) | dates.js:13:31:13:72 | `Time i ... time)}` | -| dates.js:13:42:13:70 | dateFns ... )(time) | dates.js:13:31:13:72 | `Time i ... time)}` | -| dates.js:13:42:13:70 | dateFns ... )(time) | dates.js:13:31:13:72 | `Time i ... time)}` | -| dates.js:13:59:13:63 | taint | dates.js:13:42:13:70 | dateFns ... )(time) | -| dates.js:13:59:13:63 | taint | dates.js:13:42:13:70 | dateFns ... )(time) | -| dates.js:16:42:16:67 | moment( ... (taint) | dates.js:16:31:16:69 | `Time i ... aint)}` | -| dates.js:16:42:16:67 | moment( ... (taint) | dates.js:16:31:16:69 | `Time i ... aint)}` | -| dates.js:16:42:16:67 | moment( ... (taint) | dates.js:16:31:16:69 | `Time i ... aint)}` | -| dates.js:16:42:16:67 | moment( ... (taint) | dates.js:16:31:16:69 | `Time i ... aint)}` | -| dates.js:16:62:16:66 | taint | dates.js:16:42:16:67 | moment( ... (taint) | -| dates.js:16:62:16:66 | taint | dates.js:16:42:16:67 | moment( ... (taint) | -| dates.js:18:42:18:64 | datefor ... taint) | dates.js:18:31:18:66 | `Time i ... aint)}` | -| dates.js:18:42:18:64 | datefor ... taint) | dates.js:18:31:18:66 | `Time i ... aint)}` | -| dates.js:18:42:18:64 | datefor ... taint) | dates.js:18:31:18:66 | `Time i ... aint)}` | -| dates.js:18:42:18:64 | datefor ... taint) | dates.js:18:31:18:66 | `Time i ... aint)}` | -| dates.js:18:59:18:63 | taint | dates.js:18:42:18:64 | datefor ... taint) | -| dates.js:18:59:18:63 | taint | dates.js:18:42:18:64 | datefor ... taint) | -| dates.js:21:42:21:66 | dayjs(t ... (taint) | dates.js:21:31:21:68 | `Time i ... aint)}` | -| dates.js:21:42:21:66 | dayjs(t ... (taint) | dates.js:21:31:21:68 | `Time i ... aint)}` | -| dates.js:21:42:21:66 | dayjs(t ... (taint) | dates.js:21:31:21:68 | `Time i ... aint)}` | -| dates.js:21:42:21:66 | dayjs(t ... (taint) | dates.js:21:31:21:68 | `Time i ... aint)}` | -| dates.js:21:61:21:65 | taint | dates.js:21:42:21:66 | dayjs(t ... (taint) | -| dates.js:21:61:21:65 | taint | dates.js:21:42:21:66 | dayjs(t ... (taint) | -| dates.js:30:9:30:69 | taint | dates.js:37:77:37:81 | taint | -| dates.js:30:9:30:69 | taint | dates.js:37:77:37:81 | taint | -| dates.js:30:9:30:69 | taint | dates.js:38:77:38:81 | taint | -| dates.js:30:9:30:69 | taint | dates.js:38:77:38:81 | taint | -| dates.js:30:9:30:69 | taint | dates.js:39:79:39:83 | taint | -| dates.js:30:9:30:69 | taint | dates.js:39:79:39:83 | taint | -| dates.js:30:9:30:69 | taint | dates.js:40:77:40:81 | taint | -| dates.js:30:9:30:69 | taint | dates.js:40:77:40:81 | taint | -| dates.js:30:17:30:69 | decodeU ... ing(1)) | dates.js:30:9:30:69 | taint | -| dates.js:30:17:30:69 | decodeU ... ing(1)) | dates.js:30:9:30:69 | taint | -| dates.js:30:36:30:55 | window.location.hash | dates.js:30:36:30:68 | window. ... ring(1) | -| dates.js:30:36:30:55 | window.location.hash | dates.js:30:36:30:68 | window. ... ring(1) | -| dates.js:30:36:30:55 | window.location.hash | dates.js:30:36:30:68 | window. ... ring(1) | -| dates.js:30:36:30:55 | window.location.hash | dates.js:30:36:30:68 | window. ... ring(1) | -| dates.js:30:36:30:68 | window. ... ring(1) | dates.js:30:17:30:69 | decodeU ... ing(1)) | -| dates.js:30:36:30:68 | window. ... ring(1) | dates.js:30:17:30:69 | decodeU ... ing(1)) | -| dates.js:37:42:37:82 | dateFns ... taint) | dates.js:37:31:37:84 | `Time i ... aint)}` | -| dates.js:37:42:37:82 | dateFns ... taint) | dates.js:37:31:37:84 | `Time i ... aint)}` | -| dates.js:37:42:37:82 | dateFns ... taint) | dates.js:37:31:37:84 | `Time i ... aint)}` | -| dates.js:37:42:37:82 | dateFns ... taint) | dates.js:37:31:37:84 | `Time i ... aint)}` | -| dates.js:37:77:37:81 | taint | dates.js:37:42:37:82 | dateFns ... taint) | -| dates.js:37:77:37:81 | taint | dates.js:37:42:37:82 | dateFns ... taint) | -| dates.js:38:42:38:82 | luxon.f ... taint) | dates.js:38:31:38:84 | `Time i ... aint)}` | -| dates.js:38:42:38:82 | luxon.f ... taint) | dates.js:38:31:38:84 | `Time i ... aint)}` | -| dates.js:38:42:38:82 | luxon.f ... taint) | dates.js:38:31:38:84 | `Time i ... aint)}` | -| dates.js:38:42:38:82 | luxon.f ... taint) | dates.js:38:31:38:84 | `Time i ... aint)}` | -| dates.js:38:77:38:81 | taint | dates.js:38:42:38:82 | luxon.f ... taint) | -| dates.js:38:77:38:81 | taint | dates.js:38:42:38:82 | luxon.f ... taint) | -| dates.js:39:42:39:84 | moment. ... taint) | dates.js:39:31:39:86 | `Time i ... aint)}` | -| dates.js:39:42:39:84 | moment. ... taint) | dates.js:39:31:39:86 | `Time i ... aint)}` | -| dates.js:39:42:39:84 | moment. ... taint) | dates.js:39:31:39:86 | `Time i ... aint)}` | -| dates.js:39:42:39:84 | moment. ... taint) | dates.js:39:31:39:86 | `Time i ... aint)}` | -| dates.js:39:79:39:83 | taint | dates.js:39:42:39:84 | moment. ... taint) | -| dates.js:39:79:39:83 | taint | dates.js:39:42:39:84 | moment. ... taint) | -| dates.js:40:42:40:82 | dayjs.f ... taint) | dates.js:40:31:40:84 | `Time i ... aint)}` | -| dates.js:40:42:40:82 | dayjs.f ... taint) | dates.js:40:31:40:84 | `Time i ... aint)}` | -| dates.js:40:42:40:82 | dayjs.f ... taint) | dates.js:40:31:40:84 | `Time i ... aint)}` | -| dates.js:40:42:40:82 | dayjs.f ... taint) | dates.js:40:31:40:84 | `Time i ... aint)}` | -| dates.js:40:77:40:81 | taint | dates.js:40:42:40:82 | dayjs.f ... taint) | -| dates.js:40:77:40:81 | taint | dates.js:40:42:40:82 | dayjs.f ... taint) | -| dates.js:46:9:46:69 | taint | dates.js:48:83:48:87 | taint | -| dates.js:46:9:46:69 | taint | dates.js:48:83:48:87 | taint | -| dates.js:46:9:46:69 | taint | dates.js:49:82:49:86 | taint | -| dates.js:46:9:46:69 | taint | dates.js:49:82:49:86 | taint | -| dates.js:46:9:46:69 | taint | dates.js:50:97:50:101 | taint | -| dates.js:46:9:46:69 | taint | dates.js:50:97:50:101 | taint | -| dates.js:46:17:46:69 | decodeU ... ing(1)) | dates.js:46:9:46:69 | taint | -| dates.js:46:17:46:69 | decodeU ... ing(1)) | dates.js:46:9:46:69 | taint | -| dates.js:46:36:46:55 | window.location.hash | dates.js:46:36:46:68 | window. ... ring(1) | -| dates.js:46:36:46:55 | window.location.hash | dates.js:46:36:46:68 | window. ... ring(1) | -| dates.js:46:36:46:55 | window.location.hash | dates.js:46:36:46:68 | window. ... ring(1) | -| dates.js:46:36:46:55 | window.location.hash | dates.js:46:36:46:68 | window. ... ring(1) | -| dates.js:46:36:46:68 | window. ... ring(1) | dates.js:46:17:46:69 | decodeU ... ing(1)) | -| dates.js:46:36:46:68 | window. ... ring(1) | dates.js:46:17:46:69 | decodeU ... ing(1)) | -| dates.js:48:42:48:88 | DateTim ... (taint) | dates.js:48:31:48:90 | `Time i ... aint)}` | -| dates.js:48:42:48:88 | DateTim ... (taint) | dates.js:48:31:48:90 | `Time i ... aint)}` | -| dates.js:48:42:48:88 | DateTim ... (taint) | dates.js:48:31:48:90 | `Time i ... aint)}` | -| dates.js:48:42:48:88 | DateTim ... (taint) | dates.js:48:31:48:90 | `Time i ... aint)}` | -| dates.js:48:83:48:87 | taint | dates.js:48:42:48:88 | DateTim ... (taint) | -| dates.js:48:83:48:87 | taint | dates.js:48:42:48:88 | DateTim ... (taint) | -| dates.js:49:42:49:87 | new Dat ... (taint) | dates.js:49:31:49:89 | `Time i ... aint)}` | -| dates.js:49:42:49:87 | new Dat ... (taint) | dates.js:49:31:49:89 | `Time i ... aint)}` | -| dates.js:49:42:49:87 | new Dat ... (taint) | dates.js:49:31:49:89 | `Time i ... aint)}` | -| dates.js:49:42:49:87 | new Dat ... (taint) | dates.js:49:31:49:89 | `Time i ... aint)}` | -| dates.js:49:82:49:86 | taint | dates.js:49:42:49:87 | new Dat ... (taint) | -| dates.js:49:82:49:86 | taint | dates.js:49:42:49:87 | new Dat ... (taint) | -| dates.js:50:42:50:102 | DateTim ... (taint) | dates.js:50:31:50:104 | `Time i ... aint)}` | -| dates.js:50:42:50:102 | DateTim ... (taint) | dates.js:50:31:50:104 | `Time i ... aint)}` | -| dates.js:50:42:50:102 | DateTim ... (taint) | dates.js:50:31:50:104 | `Time i ... aint)}` | -| dates.js:50:42:50:102 | DateTim ... (taint) | dates.js:50:31:50:104 | `Time i ... aint)}` | -| dates.js:50:97:50:101 | taint | dates.js:50:42:50:102 | DateTim ... (taint) | -| dates.js:50:97:50:101 | taint | dates.js:50:42:50:102 | DateTim ... (taint) | -| dates.js:54:9:54:69 | taint | dates.js:57:94:57:98 | taint | -| dates.js:54:9:54:69 | taint | dates.js:57:94:57:98 | taint | -| dates.js:54:9:54:69 | taint | dates.js:59:80:59:84 | taint | -| dates.js:54:9:54:69 | taint | dates.js:59:80:59:84 | taint | -| dates.js:54:9:54:69 | taint | dates.js:61:81:61:85 | taint | -| dates.js:54:9:54:69 | taint | dates.js:61:81:61:85 | taint | -| dates.js:54:17:54:69 | decodeU ... ing(1)) | dates.js:54:9:54:69 | taint | -| dates.js:54:17:54:69 | decodeU ... ing(1)) | dates.js:54:9:54:69 | taint | -| dates.js:54:36:54:55 | window.location.hash | dates.js:54:36:54:68 | window. ... ring(1) | -| dates.js:54:36:54:55 | window.location.hash | dates.js:54:36:54:68 | window. ... ring(1) | -| dates.js:54:36:54:55 | window.location.hash | dates.js:54:36:54:68 | window. ... ring(1) | -| dates.js:54:36:54:55 | window.location.hash | dates.js:54:36:54:68 | window. ... ring(1) | -| dates.js:54:36:54:68 | window. ... ring(1) | dates.js:54:17:54:69 | decodeU ... ing(1)) | -| dates.js:54:36:54:68 | window. ... ring(1) | dates.js:54:17:54:69 | decodeU ... ing(1)) | -| dates.js:57:42:57:99 | moment. ... (taint) | dates.js:57:31:57:101 | `Time i ... aint)}` | -| dates.js:57:42:57:99 | moment. ... (taint) | dates.js:57:31:57:101 | `Time i ... aint)}` | -| dates.js:57:42:57:99 | moment. ... (taint) | dates.js:57:31:57:101 | `Time i ... aint)}` | -| dates.js:57:42:57:99 | moment. ... (taint) | dates.js:57:31:57:101 | `Time i ... aint)}` | -| dates.js:57:94:57:98 | taint | dates.js:57:42:57:99 | moment. ... (taint) | -| dates.js:57:94:57:98 | taint | dates.js:57:42:57:99 | moment. ... (taint) | -| dates.js:59:42:59:85 | luxon.e ... (taint) | dates.js:59:31:59:87 | `Time i ... aint)}` | -| dates.js:59:42:59:85 | luxon.e ... (taint) | dates.js:59:31:59:87 | `Time i ... aint)}` | -| dates.js:59:42:59:85 | luxon.e ... (taint) | dates.js:59:31:59:87 | `Time i ... aint)}` | -| dates.js:59:42:59:85 | luxon.e ... (taint) | dates.js:59:31:59:87 | `Time i ... aint)}` | -| dates.js:59:80:59:84 | taint | dates.js:59:42:59:85 | luxon.e ... (taint) | -| dates.js:59:80:59:84 | taint | dates.js:59:42:59:85 | luxon.e ... (taint) | -| dates.js:61:42:61:86 | dayjs.s ... (taint) | dates.js:61:31:61:88 | `Time i ... aint)}` | -| dates.js:61:42:61:86 | dayjs.s ... (taint) | dates.js:61:31:61:88 | `Time i ... aint)}` | -| dates.js:61:42:61:86 | dayjs.s ... (taint) | dates.js:61:31:61:88 | `Time i ... aint)}` | -| dates.js:61:42:61:86 | dayjs.s ... (taint) | dates.js:61:31:61:88 | `Time i ... aint)}` | -| dates.js:61:81:61:85 | taint | dates.js:61:42:61:86 | dayjs.s ... (taint) | -| dates.js:61:81:61:85 | taint | dates.js:61:42:61:86 | dayjs.s ... (taint) | -| dragAndDrop.ts:8:11:8:50 | html | dragAndDrop.ts:15:25:15:28 | html | -| dragAndDrop.ts:8:11:8:50 | html | dragAndDrop.ts:15:25:15:28 | html | -| dragAndDrop.ts:8:11:8:50 | html | dragAndDrop.ts:15:25:15:28 | html | -| dragAndDrop.ts:8:11:8:50 | html | dragAndDrop.ts:15:25:15:28 | html | -| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | dragAndDrop.ts:8:11:8:50 | html | -| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | dragAndDrop.ts:8:11:8:50 | html | -| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | dragAndDrop.ts:8:11:8:50 | html | -| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | dragAndDrop.ts:8:11:8:50 | html | -| dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | -| dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | -| dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | -| dragAndDrop.ts:43:15:43:54 | html | dragAndDrop.ts:50:29:50:32 | html | -| dragAndDrop.ts:43:15:43:54 | html | dragAndDrop.ts:50:29:50:32 | html | -| dragAndDrop.ts:43:15:43:54 | html | dragAndDrop.ts:50:29:50:32 | html | -| dragAndDrop.ts:43:15:43:54 | html | dragAndDrop.ts:50:29:50:32 | html | -| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | dragAndDrop.ts:43:15:43:54 | html | -| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | dragAndDrop.ts:43:15:43:54 | html | -| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | dragAndDrop.ts:43:15:43:54 | html | -| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | dragAndDrop.ts:43:15:43:54 | html | -| dragAndDrop.ts:71:13:71:61 | droppedHtml | dragAndDrop.ts:73:29:73:39 | droppedHtml | -| dragAndDrop.ts:71:13:71:61 | droppedHtml | dragAndDrop.ts:73:29:73:39 | droppedHtml | -| dragAndDrop.ts:71:13:71:61 | droppedHtml | dragAndDrop.ts:73:29:73:39 | droppedHtml | -| dragAndDrop.ts:71:13:71:61 | droppedHtml | dragAndDrop.ts:73:29:73:39 | droppedHtml | -| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | dragAndDrop.ts:71:13:71:61 | droppedHtml | -| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | dragAndDrop.ts:71:13:71:61 | droppedHtml | -| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | dragAndDrop.ts:71:13:71:61 | droppedHtml | -| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | dragAndDrop.ts:71:13:71:61 | droppedHtml | -| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

' | -| express.js:7:15:7:33 | req.param("wobble") | express.js:7:15:7:33 | req.param("wobble") | -| jquery.js:2:7:2:40 | tainted | jquery.js:7:20:7:26 | tainted | -| jquery.js:2:7:2:40 | tainted | jquery.js:8:28:8:34 | tainted | -| jquery.js:2:7:2:40 | tainted | jquery.js:36:25:36:31 | tainted | -| jquery.js:2:7:2:40 | tainted | jquery.js:36:25:36:31 | tainted | -| jquery.js:2:7:2:40 | tainted | jquery.js:37:31:37:37 | tainted | -| jquery.js:2:17:2:40 | documen ... .search | jquery.js:2:7:2:40 | tainted | -| jquery.js:2:17:2:40 | documen ... .search | jquery.js:2:7:2:40 | tainted | -| jquery.js:7:20:7:26 | tainted | jquery.js:7:5:7:34 | "
" | -| jquery.js:7:20:7:26 | tainted | jquery.js:7:5:7:34 | "
" | -| jquery.js:8:28:8:34 | tainted | jquery.js:8:18:8:34 | "XSS: " + tainted | -| jquery.js:8:28:8:34 | tainted | jquery.js:8:18:8:34 | "XSS: " + tainted | -| jquery.js:10:13:10:20 | location | jquery.js:10:13:10:31 | location.toString() | -| jquery.js:10:13:10:20 | location | jquery.js:10:13:10:31 | location.toString() | -| jquery.js:10:13:10:31 | location.toString() | jquery.js:10:5:10:40 | "" + ... "" | -| jquery.js:10:13:10:31 | location.toString() | jquery.js:10:5:10:40 | "" + ... "" | -| jquery.js:14:38:14:57 | window.location.hash | jquery.js:14:19:14:58 | decodeU ... n.hash) | -| jquery.js:14:38:14:57 | window.location.hash | jquery.js:14:19:14:58 | decodeU ... n.hash) | -| jquery.js:14:38:14:57 | window.location.hash | jquery.js:14:19:14:58 | decodeU ... n.hash) | -| jquery.js:14:38:14:57 | window.location.hash | jquery.js:14:19:14:58 | decodeU ... n.hash) | -| jquery.js:15:38:15:59 | window. ... .search | jquery.js:15:19:15:60 | decodeU ... search) | -| jquery.js:15:38:15:59 | window. ... .search | jquery.js:15:19:15:60 | decodeU ... search) | -| jquery.js:15:38:15:59 | window. ... .search | jquery.js:15:19:15:60 | decodeU ... search) | -| jquery.js:15:38:15:59 | window. ... .search | jquery.js:15:19:15:60 | decodeU ... search) | -| jquery.js:16:38:16:52 | window.location | jquery.js:16:38:16:63 | window. ... tring() | -| jquery.js:16:38:16:52 | window.location | jquery.js:16:38:16:63 | window. ... tring() | -| jquery.js:16:38:16:63 | window. ... tring() | jquery.js:16:19:16:64 | decodeU ... ring()) | -| jquery.js:16:38:16:63 | window. ... tring() | jquery.js:16:19:16:64 | decodeU ... ring()) | -| jquery.js:18:7:18:33 | hash | jquery.js:21:5:21:8 | hash | -| jquery.js:18:7:18:33 | hash | jquery.js:22:5:22:8 | hash | -| jquery.js:18:7:18:33 | hash | jquery.js:23:5:23:8 | hash | -| jquery.js:18:7:18:33 | hash | jquery.js:24:5:24:8 | hash | -| jquery.js:18:7:18:33 | hash | jquery.js:27:5:27:8 | hash | -| jquery.js:18:7:18:33 | hash | jquery.js:34:13:34:16 | hash | -| jquery.js:18:14:18:33 | window.location.hash | jquery.js:18:7:18:33 | hash | -| jquery.js:18:14:18:33 | window.location.hash | jquery.js:18:7:18:33 | hash | -| jquery.js:21:5:21:8 | hash | jquery.js:21:5:21:21 | hash.substring(1) | -| jquery.js:21:5:21:8 | hash | jquery.js:21:5:21:21 | hash.substring(1) | -| jquery.js:21:5:21:8 | hash | jquery.js:21:5:21:21 | hash.substring(1) | -| jquery.js:22:5:22:8 | hash | jquery.js:22:5:22:25 | hash.su ... (1, 10) | -| jquery.js:22:5:22:8 | hash | jquery.js:22:5:22:25 | hash.su ... (1, 10) | -| jquery.js:22:5:22:8 | hash | jquery.js:22:5:22:25 | hash.su ... (1, 10) | -| jquery.js:23:5:23:8 | hash | jquery.js:23:5:23:18 | hash.substr(1) | -| jquery.js:23:5:23:8 | hash | jquery.js:23:5:23:18 | hash.substr(1) | -| jquery.js:23:5:23:8 | hash | jquery.js:23:5:23:18 | hash.substr(1) | -| jquery.js:24:5:24:8 | hash | jquery.js:24:5:24:17 | hash.slice(1) | -| jquery.js:24:5:24:8 | hash | jquery.js:24:5:24:17 | hash.slice(1) | -| jquery.js:24:5:24:8 | hash | jquery.js:24:5:24:17 | hash.slice(1) | -| jquery.js:27:5:27:8 | hash | jquery.js:27:5:27:25 | hash.re ... #', '') | -| jquery.js:27:5:27:8 | hash | jquery.js:27:5:27:25 | hash.re ... #', '') | -| jquery.js:27:5:27:8 | hash | jquery.js:27:5:27:25 | hash.re ... #', '') | -| jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:34:13:34:16 | hash | jquery.js:34:5:34:25 | '' + ... '' | -| jquery.js:34:13:34:16 | hash | jquery.js:34:5:34:25 | '' + ... '' | -| jquery.js:37:31:37:37 | tainted | jquery.js:37:25:37:37 | () => tainted | -| jquery.js:37:31:37:37 | tainted | jquery.js:37:25:37:37 | () => tainted | -| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:11:51:11:56 | locale | -| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:19:56:19:61 | locale | -| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:31:55:31:60 | locale | -| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:31:55:31:60 | locale | -| json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:5:9:5:36 | locale | -| json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:5:9:5:36 | locale | -| json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:5:9:5:36 | locale | -| json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:5:9:5:36 | locale | -| json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | -| json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | -| json-stringify.jsx:11:51:11:56 | locale | json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | -| json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | -| json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | -| json-stringify.jsx:19:56:19:61 | locale | json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | -| json-stringify.jsx:31:55:31:60 | locale | json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | -| json-stringify.jsx:31:55:31:60 | locale | json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | -| json-stringify.jsx:31:55:31:60 | locale | json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | -| json-stringify.jsx:31:55:31:60 | locale | json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | -| jwt-server.js:7:9:7:35 | taint | jwt-server.js:9:16:9:20 | taint | -| jwt-server.js:7:9:7:35 | taint | jwt-server.js:9:16:9:20 | taint | -| jwt-server.js:7:17:7:35 | req.param("wobble") | jwt-server.js:7:9:7:35 | taint | -| jwt-server.js:7:17:7:35 | req.param("wobble") | jwt-server.js:7:9:7:35 | taint | -| jwt-server.js:7:17:7:35 | req.param("wobble") | jwt-server.js:7:9:7:35 | taint | -| jwt-server.js:7:17:7:35 | req.param("wobble") | jwt-server.js:7:9:7:35 | taint | -| jwt-server.js:9:16:9:20 | taint | jwt-server.js:9:55:9:61 | decoded | -| jwt-server.js:9:16:9:20 | taint | jwt-server.js:9:55:9:61 | decoded | -| jwt-server.js:9:55:9:61 | decoded | jwt-server.js:11:19:11:25 | decoded | -| jwt-server.js:9:55:9:61 | decoded | jwt-server.js:11:19:11:25 | decoded | -| jwt-server.js:11:19:11:25 | decoded | jwt-server.js:11:19:11:29 | decoded.foo | -| jwt-server.js:11:19:11:25 | decoded | jwt-server.js:11:19:11:29 | decoded.foo | -| jwt-server.js:11:19:11:25 | decoded | jwt-server.js:11:19:11:29 | decoded.foo | -| jwt-server.js:11:19:11:25 | decoded | jwt-server.js:11:19:11:29 | decoded.foo | -| nodemailer.js:13:50:13:66 | req.query.message | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | -| nodemailer.js:13:50:13:66 | req.query.message | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | -| nodemailer.js:13:50:13:66 | req.query.message | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | -| nodemailer.js:13:50:13:66 | req.query.message | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | -| optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:6:18:6:23 | target | -| optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:6:18:6:23 | target | -| optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:8:17:8:22 | target | -| optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:15:9:15:14 | target | -| optionalSanitizer.js:2:16:2:39 | documen ... .search | optionalSanitizer.js:2:7:2:39 | target | -| optionalSanitizer.js:2:16:2:39 | documen ... .search | optionalSanitizer.js:2:7:2:39 | target | -| optionalSanitizer.js:8:7:8:22 | tainted | optionalSanitizer.js:9:18:9:24 | tainted | -| optionalSanitizer.js:8:7:8:22 | tainted | optionalSanitizer.js:9:18:9:24 | tainted | -| optionalSanitizer.js:8:17:8:22 | target | optionalSanitizer.js:8:7:8:22 | tainted | -| optionalSanitizer.js:15:9:15:14 | target | optionalSanitizer.js:16:18:16:18 | x | -| optionalSanitizer.js:16:18:16:18 | x | optionalSanitizer.js:17:20:17:20 | x | -| optionalSanitizer.js:16:18:16:18 | x | optionalSanitizer.js:17:20:17:20 | x | -| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:31:18:31:23 | target | -| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:38:18:38:23 | target | -| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:45:41:45:46 | target | -| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:45:51:45:56 | target | -| optionalSanitizer.js:26:16:26:39 | documen ... .search | optionalSanitizer.js:26:7:26:39 | target | -| optionalSanitizer.js:26:16:26:39 | documen ... .search | optionalSanitizer.js:26:7:26:39 | target | -| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:32:18:32:25 | tainted2 | -| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:32:18:32:25 | tainted2 | -| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:34:28:34:35 | tainted2 | -| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:36:18:36:25 | tainted2 | -| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:36:18:36:25 | tainted2 | -| optionalSanitizer.js:31:18:31:23 | target | optionalSanitizer.js:31:7:31:23 | tainted2 | -| optionalSanitizer.js:34:5:34:36 | tainted2 | optionalSanitizer.js:36:18:36:25 | tainted2 | -| optionalSanitizer.js:34:5:34:36 | tainted2 | optionalSanitizer.js:36:18:36:25 | tainted2 | -| optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) | optionalSanitizer.js:34:5:34:36 | tainted2 | -| optionalSanitizer.js:34:28:34:35 | tainted2 | optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) | -| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:39:18:39:25 | tainted3 | -| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:39:18:39:25 | tainted3 | -| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:41:28:41:35 | tainted3 | -| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:43:18:43:25 | tainted3 | -| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:43:18:43:25 | tainted3 | -| optionalSanitizer.js:38:18:38:23 | target | optionalSanitizer.js:38:7:38:23 | tainted3 | -| optionalSanitizer.js:41:5:41:36 | tainted3 | optionalSanitizer.js:43:18:43:25 | tainted3 | -| optionalSanitizer.js:41:5:41:36 | tainted3 | optionalSanitizer.js:43:18:43:25 | tainted3 | -| optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) | optionalSanitizer.js:41:5:41:36 | tainted3 | -| optionalSanitizer.js:41:28:41:35 | tainted3 | optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) | -| optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | optionalSanitizer.js:45:18:45:56 | sanitiz ... target | -| optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | optionalSanitizer.js:45:18:45:56 | sanitiz ... target | -| optionalSanitizer.js:45:41:45:46 | target | optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | -| optionalSanitizer.js:45:51:45:56 | target | optionalSanitizer.js:45:18:45:56 | sanitiz ... target | -| optionalSanitizer.js:45:51:45:56 | target | optionalSanitizer.js:45:18:45:56 | sanitiz ... target | -| pages/[id].jsx:5:9:5:14 | { id } | pages/[id].jsx:5:11:5:12 | id | -| pages/[id].jsx:5:9:5:14 | { id } | pages/[id].jsx:5:11:5:12 | id | -| pages/[id].jsx:5:9:5:29 | id | pages/[id].jsx:10:44:10:45 | id | -| pages/[id].jsx:5:9:5:29 | id | pages/[id].jsx:10:44:10:45 | id | -| pages/[id].jsx:5:9:5:29 | id | pages/[id].jsx:10:44:10:45 | id | -| pages/[id].jsx:5:9:5:29 | id | pages/[id].jsx:10:44:10:45 | id | -| pages/[id].jsx:5:11:5:12 | id | pages/[id].jsx:5:9:5:29 | id | -| pages/[id].jsx:5:11:5:12 | id | pages/[id].jsx:5:9:5:29 | id | -| pages/[id].jsx:5:18:5:29 | router.query | pages/[id].jsx:5:9:5:14 | { id } | -| pages/[id].jsx:5:18:5:29 | router.query | pages/[id].jsx:5:9:5:14 | { id } | -| pages/[id].jsx:5:18:5:29 | router.query | pages/[id].jsx:5:9:5:14 | { id } | -| pages/[id].jsx:5:18:5:29 | router.query | pages/[id].jsx:5:9:5:14 | { id } | -| pages/[id].jsx:25:11:25:24 | context.params | pages/[id].jsx:25:11:25:27 | context.params.id | -| pages/[id].jsx:25:11:25:24 | context.params | pages/[id].jsx:25:11:25:27 | context.params.id | -| pages/[id].jsx:25:11:25:24 | context.params | pages/[id].jsx:25:11:25:27 | context.params.id | -| pages/[id].jsx:25:11:25:24 | context.params | pages/[id].jsx:25:11:25:27 | context.params.id | -| pages/[id].jsx:25:11:25:27 | context.params.id | pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | -| pages/[id].jsx:25:11:25:27 | context.params.id | pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | -| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | pages/[id].jsx:13:44:13:52 | params.id | -| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | pages/[id].jsx:13:44:13:52 | params.id | -| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | pages/[id].jsx:13:44:13:52 | params.id | -| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | pages/[id].jsx:13:44:13:52 | params.id | -| pages/[id].jsx:26:10:26:22 | context.query | pages/[id].jsx:26:10:26:30 | context ... .foobar | -| pages/[id].jsx:26:10:26:22 | context.query | pages/[id].jsx:26:10:26:30 | context ... .foobar | -| pages/[id].jsx:26:10:26:22 | context.query | pages/[id].jsx:26:10:26:30 | context ... .foobar | -| pages/[id].jsx:26:10:26:22 | context.query | pages/[id].jsx:26:10:26:30 | context ... .foobar | -| pages/[id].jsx:26:10:26:30 | context ... .foobar | pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | -| pages/[id].jsx:26:10:26:30 | context ... .foobar | pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | -| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | pages/[id].jsx:16:44:16:51 | params.q | -| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | pages/[id].jsx:16:44:16:51 | params.q | -| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | pages/[id].jsx:16:44:16:51 | params.q | -| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | pages/[id].jsx:16:44:16:51 | params.q | -| react-native.js:7:7:7:33 | tainted | react-native.js:8:18:8:24 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:8:18:8:24 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:8:18:8:24 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:8:18:8:24 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:9:27:9:33 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:9:27:9:33 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:9:27:9:33 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:9:27:9:33 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | -| react-use-context.js:10:22:10:32 | window.name | react-use-context.js:10:22:10:32 | window.name | -| react-use-context.js:16:26:16:36 | window.name | react-use-context.js:16:26:16:36 | window.name | -| react-use-router.js:4:9:4:28 | router | react-use-router.js:8:21:8:26 | router | -| react-use-router.js:4:9:4:28 | router | react-use-router.js:11:24:11:29 | router | -| react-use-router.js:4:18:4:28 | useRouter() | react-use-router.js:4:9:4:28 | router | -| react-use-router.js:8:21:8:26 | router | react-use-router.js:8:21:8:32 | router.query | -| react-use-router.js:8:21:8:32 | router.query | react-use-router.js:8:21:8:39 | router.query.foobar | -| react-use-router.js:8:21:8:32 | router.query | react-use-router.js:8:21:8:39 | router.query.foobar | -| react-use-router.js:8:21:8:32 | router.query | react-use-router.js:8:21:8:39 | router.query.foobar | -| react-use-router.js:8:21:8:32 | router.query | react-use-router.js:8:21:8:39 | router.query.foobar | -| react-use-router.js:8:21:8:39 | router.query.foobar | react-use-router.js:4:18:4:28 | useRouter() | -| react-use-router.js:11:24:11:29 | router | react-use-router.js:11:24:11:35 | router.query | -| react-use-router.js:11:24:11:35 | router.query | react-use-router.js:11:24:11:42 | router.query.foobar | -| react-use-router.js:11:24:11:35 | router.query | react-use-router.js:11:24:11:42 | router.query.foobar | -| react-use-router.js:11:24:11:35 | router.query | react-use-router.js:11:24:11:42 | router.query.foobar | -| react-use-router.js:11:24:11:35 | router.query | react-use-router.js:11:24:11:42 | router.query.foobar | -| react-use-router.js:22:15:22:24 | router | react-use-router.js:23:43:23:48 | router | -| react-use-router.js:22:17:22:22 | router | react-use-router.js:22:15:22:24 | router | -| react-use-router.js:23:43:23:48 | router | react-use-router.js:23:43:23:54 | router.query | -| react-use-router.js:23:43:23:54 | router.query | react-use-router.js:23:43:23:61 | router.query.foobar | -| react-use-router.js:23:43:23:54 | router.query | react-use-router.js:23:43:23:61 | router.query.foobar | -| react-use-router.js:23:43:23:54 | router.query | react-use-router.js:23:43:23:61 | router.query.foobar | -| react-use-router.js:23:43:23:54 | router.query | react-use-router.js:23:43:23:61 | router.query.foobar | -| react-use-router.js:23:43:23:61 | router.query.foobar | react-use-router.js:22:17:22:22 | router | -| react-use-router.js:29:9:29:30 | router | react-use-router.js:33:21:33:26 | router | -| react-use-router.js:29:18:29:30 | myUseRouter() | react-use-router.js:29:9:29:30 | router | -| react-use-router.js:33:21:33:26 | router | react-use-router.js:33:21:33:32 | router.query | -| react-use-router.js:33:21:33:32 | router.query | react-use-router.js:33:21:33:39 | router.query.foobar | -| react-use-router.js:33:21:33:32 | router.query | react-use-router.js:33:21:33:39 | router.query.foobar | -| react-use-router.js:33:21:33:32 | router.query | react-use-router.js:33:21:33:39 | router.query.foobar | -| react-use-router.js:33:21:33:32 | router.query | react-use-router.js:33:21:33:39 | router.query.foobar | -| react-use-router.js:33:21:33:39 | router.query.foobar | react-use-router.js:29:18:29:30 | myUseRouter() | -| react-use-state.js:4:9:4:49 | state | react-use-state.js:5:51:5:55 | state | -| react-use-state.js:4:9:4:49 | state | react-use-state.js:5:51:5:55 | state | -| react-use-state.js:4:9:4:49 | state | react-use-state.js:5:51:5:55 | state | -| react-use-state.js:4:9:4:49 | state | react-use-state.js:5:51:5:55 | state | -| react-use-state.js:4:10:4:14 | state | react-use-state.js:4:9:4:49 | state | -| react-use-state.js:4:10:4:14 | state | react-use-state.js:4:9:4:49 | state | -| react-use-state.js:4:38:4:48 | window.name | react-use-state.js:4:10:4:14 | state | -| react-use-state.js:4:38:4:48 | window.name | react-use-state.js:4:10:4:14 | state | -| react-use-state.js:4:38:4:48 | window.name | react-use-state.js:4:10:4:14 | state | -| react-use-state.js:4:38:4:48 | window.name | react-use-state.js:4:10:4:14 | state | -| react-use-state.js:9:9:9:43 | state | react-use-state.js:11:51:11:55 | state | -| react-use-state.js:9:9:9:43 | state | react-use-state.js:11:51:11:55 | state | -| react-use-state.js:9:9:9:43 | state | react-use-state.js:11:51:11:55 | state | -| react-use-state.js:9:9:9:43 | state | react-use-state.js:11:51:11:55 | state | -| react-use-state.js:9:10:9:14 | state | react-use-state.js:9:9:9:43 | state | -| react-use-state.js:9:10:9:14 | state | react-use-state.js:9:9:9:43 | state | -| react-use-state.js:10:14:10:24 | window.name | react-use-state.js:9:10:9:14 | state | -| react-use-state.js:10:14:10:24 | window.name | react-use-state.js:9:10:9:14 | state | -| react-use-state.js:10:14:10:24 | window.name | react-use-state.js:9:10:9:14 | state | -| react-use-state.js:10:14:10:24 | window.name | react-use-state.js:9:10:9:14 | state | -| react-use-state.js:15:9:15:43 | state | react-use-state.js:17:51:17:55 | state | -| react-use-state.js:15:9:15:43 | state | react-use-state.js:17:51:17:55 | state | -| react-use-state.js:15:9:15:43 | state | react-use-state.js:17:51:17:55 | state | -| react-use-state.js:15:9:15:43 | state | react-use-state.js:17:51:17:55 | state | -| react-use-state.js:15:10:15:14 | state | react-use-state.js:15:9:15:43 | state | -| react-use-state.js:15:10:15:14 | state | react-use-state.js:15:9:15:43 | state | -| react-use-state.js:16:20:16:30 | window.name | react-use-state.js:15:10:15:14 | state | -| react-use-state.js:16:20:16:30 | window.name | react-use-state.js:15:10:15:14 | state | -| react-use-state.js:16:20:16:30 | window.name | react-use-state.js:15:10:15:14 | state | -| react-use-state.js:16:20:16:30 | window.name | react-use-state.js:15:10:15:14 | state | -| react-use-state.js:21:10:21:14 | state | react-use-state.js:22:14:22:17 | prev | -| react-use-state.js:21:10:21:14 | state | react-use-state.js:22:14:22:17 | prev | -| react-use-state.js:22:14:22:17 | prev | react-use-state.js:23:35:23:38 | prev | -| react-use-state.js:22:14:22:17 | prev | react-use-state.js:23:35:23:38 | prev | -| react-use-state.js:22:14:22:17 | prev | react-use-state.js:23:35:23:38 | prev | -| react-use-state.js:22:14:22:17 | prev | react-use-state.js:23:35:23:38 | prev | -| react-use-state.js:25:20:25:30 | window.name | react-use-state.js:21:10:21:14 | state | -| react-use-state.js:25:20:25:30 | window.name | react-use-state.js:21:10:21:14 | state | -| react-use-state.js:25:20:25:30 | window.name | react-use-state.js:21:10:21:14 | state | -| react-use-state.js:25:20:25:30 | window.name | react-use-state.js:21:10:21:14 | state | -| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:23:29:23:35 | tainted | -| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:30:29:30:35 | tainted | -| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:33:29:33:35 | tainted | -| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:38:29:38:35 | tainted | -| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:45:29:45:35 | tainted | -| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:48:19:48:25 | tainted | -| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:48:19:48:25 | tainted | -| sanitiser.js:16:17:16:27 | window.name | sanitiser.js:16:7:16:27 | tainted | -| sanitiser.js:16:17:16:27 | window.name | sanitiser.js:16:7:16:27 | tainted | -| sanitiser.js:16:17:16:27 | window.name | sanitiser.js:16:7:16:27 | tainted | -| sanitiser.js:16:17:16:27 | window.name | sanitiser.js:16:7:16:27 | tainted | -| sanitiser.js:23:29:23:35 | tainted | sanitiser.js:23:21:23:44 | '' + ... '' | -| sanitiser.js:23:29:23:35 | tainted | sanitiser.js:23:21:23:44 | '' + ... '' | -| sanitiser.js:30:29:30:35 | tainted | sanitiser.js:30:21:30:44 | '' + ... '' | -| sanitiser.js:30:29:30:35 | tainted | sanitiser.js:30:21:30:44 | '' + ... '' | -| sanitiser.js:33:29:33:35 | tainted | sanitiser.js:33:21:33:44 | '' + ... '' | -| sanitiser.js:33:29:33:35 | tainted | sanitiser.js:33:21:33:44 | '' + ... '' | -| sanitiser.js:38:29:38:35 | tainted | sanitiser.js:38:21:38:44 | '' + ... '' | -| sanitiser.js:38:29:38:35 | tainted | sanitiser.js:38:21:38:44 | '' + ... '' | -| sanitiser.js:45:29:45:35 | tainted | sanitiser.js:45:21:45:44 | '' + ... '' | -| sanitiser.js:45:29:45:35 | tainted | sanitiser.js:45:21:45:44 | '' + ... '' | -| sanitiser.js:48:19:48:25 | tainted | sanitiser.js:48:19:48:46 | tainted ... /g, '') | -| sanitiser.js:48:19:48:25 | tainted | sanitiser.js:48:19:48:46 | tainted ... /g, '') | -| sanitiser.js:48:19:48:25 | tainted | sanitiser.js:48:19:48:46 | tainted ... /g, '') | -| sanitiser.js:48:19:48:25 | tainted | sanitiser.js:48:19:48:46 | tainted ... /g, '') | -| stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') | -| stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') | -| stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') | -| stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') | -| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') | -| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') | -| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') | -| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') | -| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:10:16:10:44 | localSt ... local') | -| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:10:16:10:44 | localSt ... local') | -| stored-xss.js:10:9:10:44 | href | stored-xss.js:12:35:12:38 | href | -| stored-xss.js:10:16:10:44 | localSt ... local') | stored-xss.js:10:9:10:44 | href | -| stored-xss.js:12:35:12:38 | href | stored-xss.js:12:20:12:54 | "" | -| stored-xss.js:12:35:12:38 | href | stored-xss.js:12:20:12:54 | "" | -| stored-xss.js:12:35:12:38 | href | stored-xss.js:12:20:12:54 | "" | -| string-manipulations.js:3:16:3:32 | document.location | string-manipulations.js:3:16:3:32 | document.location | -| string-manipulations.js:4:16:4:37 | documen ... on.href | string-manipulations.js:4:16:4:37 | documen ... on.href | -| string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() | -| string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() | -| string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() | -| string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() | -| string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() | -| string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() | -| string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() | -| string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() | -| string-manipulations.js:7:16:7:37 | documen ... on.href | string-manipulations.js:7:16:7:51 | documen ... rCase() | -| string-manipulations.js:7:16:7:37 | documen ... on.href | string-manipulations.js:7:16:7:51 | documen ... rCase() | -| string-manipulations.js:7:16:7:37 | documen ... on.href | string-manipulations.js:7:16:7:51 | documen ... rCase() | -| string-manipulations.js:7:16:7:37 | documen ... on.href | string-manipulations.js:7:16:7:51 | documen ... rCase() | -| string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() | -| string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() | -| string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() | -| string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() | -| string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) | -| string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) | -| string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) | -| string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) | -| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | -| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | -| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | -| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | -| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:10:25:10:30 | source | -| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:10:25:10:30 | source | -| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:10:25:10:30 | source | -| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:10:25:10:30 | source | -| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:11:25:11:30 | source | -| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:11:25:11:30 | source | -| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:11:25:11:30 | source | -| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:11:25:11:30 | source | -| tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:6:11:6:30 | source | -| tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:6:11:6:30 | source | -| tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:6:11:6:30 | source | -| tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:6:11:6:30 | source | -| tooltip.jsx:22:11:22:30 | source | tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:22:11:22:30 | source | tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:22:11:22:30 | source | tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:22:11:22:30 | source | tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:22:11:22:30 | source | tooltip.jsx:23:38:23:43 | source | -| tooltip.jsx:22:11:22:30 | source | tooltip.jsx:23:38:23:43 | source | -| tooltip.jsx:22:20:22:30 | window.name | tooltip.jsx:22:11:22:30 | source | -| tooltip.jsx:22:20:22:30 | window.name | tooltip.jsx:22:11:22:30 | source | -| tooltip.jsx:22:20:22:30 | window.name | tooltip.jsx:22:11:22:30 | source | -| tooltip.jsx:22:20:22:30 | window.name | tooltip.jsx:22:11:22:30 | source | -| tooltip.jsx:23:38:23:43 | source | tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:23:38:23:43 | source | tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:23:38:23:43 | source | tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:23:38:23:43 | source | tooltip.jsx:18:51:18:59 | provide() | -| translate.js:6:7:6:39 | target | translate.js:7:42:7:47 | target | -| translate.js:6:16:6:39 | documen ... .search | translate.js:6:7:6:39 | target | -| translate.js:6:16:6:39 | documen ... .search | translate.js:6:7:6:39 | target | -| translate.js:7:7:7:61 | searchParams | translate.js:9:27:9:38 | searchParams | -| translate.js:7:22:7:61 | new URL ... ing(1)) | translate.js:7:7:7:61 | searchParams | -| translate.js:7:42:7:47 | target | translate.js:7:42:7:60 | target.substring(1) | -| translate.js:7:42:7:47 | target | translate.js:7:42:7:60 | target.substring(1) | -| translate.js:7:42:7:47 | target | translate.js:7:42:7:60 | target.substring(1) | -| translate.js:7:42:7:60 | target.substring(1) | translate.js:7:22:7:61 | new URL ... ing(1)) | -| translate.js:7:42:7:60 | target.substring(1) | translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:7:42:7:60 | target.substring(1) | translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:7:42:7:60 | target.substring(1) | translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:7:42:7:60 | target.substring(1) | translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:7:42:7:60 | target.substring(1) | translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:7:42:7:60 | target.substring(1) | translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:9:27:9:38 | searchParams | translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:9:27:9:38 | searchParams | translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:9:27:9:38 | searchParams | translate.js:9:27:9:50 | searchP ... 'term') | -| trusted-types-lib.js:1:28:1:28 | x | trusted-types-lib.js:2:12:2:12 | x | -| trusted-types-lib.js:1:28:1:28 | x | trusted-types-lib.js:2:12:2:12 | x | -| trusted-types-lib.js:1:28:1:28 | x | trusted-types-lib.js:2:12:2:12 | x | -| trusted-types-lib.js:1:28:1:28 | x | trusted-types-lib.js:2:12:2:12 | x | -| trusted-types.js:3:62:3:62 | x | trusted-types.js:3:67:3:67 | x | -| trusted-types.js:3:62:3:62 | x | trusted-types.js:3:67:3:67 | x | -| trusted-types.js:3:62:3:62 | x | trusted-types.js:3:67:3:67 | x | -| trusted-types.js:3:62:3:62 | x | trusted-types.js:3:67:3:67 | x | -| trusted-types.js:4:20:4:30 | window.name | trusted-types.js:3:62:3:62 | x | -| trusted-types.js:4:20:4:30 | window.name | trusted-types.js:3:62:3:62 | x | -| trusted-types.js:4:20:4:30 | window.name | trusted-types.js:3:62:3:62 | x | -| trusted-types.js:4:20:4:30 | window.name | trusted-types.js:3:62:3:62 | x | -| trusted-types.js:13:20:13:30 | window.name | trusted-types-lib.js:1:28:1:28 | x | -| trusted-types.js:13:20:13:30 | window.name | trusted-types-lib.js:1:28:1:28 | x | -| trusted-types.js:13:20:13:30 | window.name | trusted-types-lib.js:1:28:1:28 | x | -| trusted-types.js:13:20:13:30 | window.name | trusted-types-lib.js:1:28:1:28 | x | -| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:4:25:4:28 | data | -| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:5:26:5:29 | data | -| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:7:32:7:35 | data | -| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:9:37:9:40 | data | -| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:10:38:10:41 | data | -| tst3.js:2:23:2:74 | decodeU ... str(1)) | tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | -| tst3.js:2:42:2:63 | window. ... .search | tst3.js:2:42:2:73 | window. ... bstr(1) | -| tst3.js:2:42:2:63 | window. ... .search | tst3.js:2:42:2:73 | window. ... bstr(1) | -| tst3.js:2:42:2:73 | window. ... bstr(1) | tst3.js:2:23:2:74 | decodeU ... str(1)) | -| tst3.js:4:25:4:28 | data | tst3.js:4:25:4:32 | data.src | -| tst3.js:4:25:4:28 | data | tst3.js:4:25:4:32 | data.src | -| tst3.js:5:26:5:29 | data | tst3.js:5:26:5:31 | data.p | -| tst3.js:5:26:5:29 | data | tst3.js:5:26:5:31 | data.p | -| tst3.js:7:32:7:35 | data | tst3.js:7:32:7:37 | data.p | -| tst3.js:7:32:7:35 | data | tst3.js:7:32:7:37 | data.p | -| tst3.js:9:37:9:40 | data | tst3.js:9:37:9:42 | data.p | -| tst3.js:9:37:9:40 | data | tst3.js:9:37:9:42 | data.p | -| tst3.js:10:38:10:41 | data | tst3.js:10:38:10:43 | data.p | -| tst3.js:10:38:10:41 | data | tst3.js:10:38:10:43 | data.p | -| tst.js:2:7:2:39 | target | tst.js:5:18:5:23 | target | -| tst.js:2:7:2:39 | target | tst.js:5:18:5:23 | target | -| tst.js:2:7:2:39 | target | tst.js:12:28:12:33 | target | -| tst.js:2:7:2:39 | target | tst.js:20:42:20:47 | target | -| tst.js:2:16:2:39 | documen ... .search | tst.js:2:7:2:39 | target | -| tst.js:2:16:2:39 | documen ... .search | tst.js:2:7:2:39 | target | -| tst.js:8:37:8:58 | documen ... on.href | tst.js:8:37:8:114 | documen ... t=")+8) | -| tst.js:8:37:8:58 | documen ... on.href | tst.js:8:37:8:114 | documen ... t=")+8) | -| tst.js:8:37:8:58 | documen ... on.href | tst.js:8:37:8:114 | documen ... t=")+8) | -| tst.js:8:37:8:58 | documen ... on.href | tst.js:8:37:8:114 | documen ... t=")+8) | -| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | -| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | -| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | -| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | -| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | -| tst.js:12:28:12:33 | target | tst.js:12:5:12:42 | '
' | -| tst.js:12:28:12:33 | target | tst.js:12:5:12:42 | '
' | -| tst.js:17:7:17:56 | params | tst.js:18:18:18:23 | params | -| tst.js:17:16:17:56 | (new UR ... hParams | tst.js:17:7:17:56 | params | -| tst.js:17:25:17:41 | document.location | tst.js:17:16:17:56 | (new UR ... hParams | -| tst.js:17:25:17:41 | document.location | tst.js:17:16:17:56 | (new UR ... hParams | -| tst.js:17:25:17:41 | document.location | tst.js:18:18:18:35 | params.get('name') | -| tst.js:17:25:17:41 | document.location | tst.js:18:18:18:35 | params.get('name') | -| tst.js:17:25:17:41 | document.location | tst.js:18:18:18:35 | params.get('name') | -| tst.js:17:25:17:41 | document.location | tst.js:18:18:18:35 | params.get('name') | -| tst.js:18:18:18:23 | params | tst.js:18:18:18:35 | params.get('name') | -| tst.js:18:18:18:23 | params | tst.js:18:18:18:35 | params.get('name') | -| tst.js:18:18:18:23 | params | tst.js:18:18:18:35 | params.get('name') | -| tst.js:20:7:20:61 | searchParams | tst.js:21:18:21:29 | searchParams | -| tst.js:20:22:20:61 | new URL ... ing(1)) | tst.js:20:7:20:61 | searchParams | -| tst.js:20:42:20:47 | target | tst.js:20:42:20:60 | target.substring(1) | -| tst.js:20:42:20:47 | target | tst.js:20:42:20:60 | target.substring(1) | -| tst.js:20:42:20:47 | target | tst.js:20:42:20:60 | target.substring(1) | -| tst.js:20:42:20:60 | target.substring(1) | tst.js:20:22:20:61 | new URL ... ing(1)) | -| tst.js:20:42:20:60 | target.substring(1) | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:20:42:20:60 | target.substring(1) | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:20:42:20:60 | target.substring(1) | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:20:42:20:60 | target.substring(1) | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:20:42:20:60 | target.substring(1) | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:20:42:20:60 | target.substring(1) | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:21:18:21:29 | searchParams | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:21:18:21:29 | searchParams | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:21:18:21:29 | searchParams | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:24:14:24:19 | target | tst.js:26:18:26:23 | target | -| tst.js:24:14:24:19 | target | tst.js:26:18:26:23 | target | -| tst.js:28:5:28:28 | documen ... .search | tst.js:24:14:24:19 | target | -| tst.js:28:5:28:28 | documen ... .search | tst.js:24:14:24:19 | target | -| tst.js:31:10:31:33 | documen ... .search | tst.js:34:16:34:20 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:34:16:34:20 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:34:16:34:20 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:34:16:34:20 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:58:26:58:30 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:58:26:58:30 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:68:16:68:20 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:68:16:68:20 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:68:16:68:20 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:68:16:68:20 | bar() | -| tst.js:40:20:40:43 | documen ... .search | tst.js:40:16:40:44 | baz(doc ... search) | -| tst.js:40:20:40:43 | documen ... .search | tst.js:40:16:40:44 | baz(doc ... search) | -| tst.js:40:20:40:43 | documen ... .search | tst.js:40:16:40:44 | baz(doc ... search) | -| tst.js:40:20:40:43 | documen ... .search | tst.js:40:16:40:44 | baz(doc ... search) | -| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:26:58:30 | bar() | tst.js:58:21:58:31 | chop(bar()) | -| tst.js:58:26:58:30 | bar() | tst.js:58:21:58:31 | chop(bar()) | -| tst.js:60:34:60:34 | s | tst.js:62:18:62:18 | s | -| tst.js:60:34:60:34 | s | tst.js:62:18:62:18 | s | -| tst.js:64:25:64:48 | documen ... .search | tst.js:60:34:60:34 | s | -| tst.js:64:25:64:48 | documen ... .search | tst.js:60:34:60:34 | s | -| tst.js:65:25:65:48 | documen ... .search | tst.js:60:34:60:34 | s | -| tst.js:65:25:65:48 | documen ... .search | tst.js:60:34:60:34 | s | -| tst.js:70:1:70:27 | [,docum ... search] | tst.js:70:46:70:46 | x | -| tst.js:70:3:70:26 | documen ... .search | tst.js:70:1:70:27 | [,docum ... search] | -| tst.js:70:3:70:26 | documen ... .search | tst.js:70:1:70:27 | [,docum ... search] | -| tst.js:70:3:70:26 | documen ... .search | tst.js:70:46:70:46 | x | -| tst.js:70:3:70:26 | documen ... .search | tst.js:70:46:70:46 | x | -| tst.js:70:46:70:46 | x | tst.js:73:20:73:20 | x | -| tst.js:70:46:70:46 | x | tst.js:73:20:73:20 | x | -| tst.js:77:49:77:72 | documen ... .search | tst.js:77:49:77:72 | documen ... .search | -| tst.js:81:26:81:49 | documen ... .search | tst.js:81:26:81:49 | documen ... .search | -| tst.js:82:25:82:48 | documen ... .search | tst.js:82:25:82:48 | documen ... .search | -| tst.js:84:33:84:56 | documen ... .search | tst.js:84:33:84:56 | documen ... .search | -| tst.js:85:32:85:55 | documen ... .search | tst.js:85:32:85:55 | documen ... .search | -| tst.js:90:39:90:62 | documen ... .search | tst.js:90:39:90:62 | documen ... .search | -| tst.js:96:30:96:53 | documen ... .search | tst.js:96:30:96:53 | documen ... .search | -| tst.js:102:25:102:48 | documen ... .search | tst.js:102:25:102:48 | documen ... .search | -| tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v | -| tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v | -| tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v | -| tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v | -| tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v | -| tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v | -| tst.js:107:7:107:44 | v | tst.js:136:18:136:18 | v | -| tst.js:107:7:107:44 | v | tst.js:136:18:136:18 | v | -| tst.js:107:7:107:44 | v | tst.js:136:18:136:18 | v | -| tst.js:107:7:107:44 | v | tst.js:136:18:136:18 | v | -| tst.js:107:7:107:44 | v | tst.js:136:18:136:18 | v | -| tst.js:107:7:107:44 | v | tst.js:136:18:136:18 | v | -| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:44 | documen ... bstr(1) | tst.js:107:7:107:44 | v | -| tst.js:107:11:107:44 | documen ... bstr(1) | tst.js:107:7:107:44 | v | -| tst.js:107:11:107:44 | documen ... bstr(1) | tst.js:107:7:107:44 | v | -| tst.js:148:29:148:50 | window. ... .search | tst.js:151:29:151:29 | v | -| tst.js:148:29:148:50 | window. ... .search | tst.js:151:29:151:29 | v | -| tst.js:151:29:151:29 | v | tst.js:151:49:151:49 | v | -| tst.js:151:29:151:29 | v | tst.js:151:49:151:49 | v | -| tst.js:158:40:158:61 | window. ... .search | tst.js:155:29:155:46 | xssSourceService() | -| tst.js:158:40:158:61 | window. ... .search | tst.js:155:29:155:46 | xssSourceService() | -| tst.js:158:40:158:61 | window. ... .search | tst.js:155:29:155:46 | xssSourceService() | -| tst.js:158:40:158:61 | window. ... .search | tst.js:155:29:155:46 | xssSourceService() | -| tst.js:177:9:177:41 | target | tst.js:180:28:180:33 | target | -| tst.js:177:9:177:41 | target | tst.js:180:28:180:33 | target | -| tst.js:177:18:177:41 | documen ... .search | tst.js:177:9:177:41 | target | -| tst.js:177:18:177:41 | documen ... .search | tst.js:177:9:177:41 | target | -| tst.js:184:9:184:42 | tainted | tst.js:186:31:186:37 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:186:31:186:37 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:188:42:188:48 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:188:42:188:48 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:189:33:189:39 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:189:33:189:39 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:191:54:191:60 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:191:54:191:60 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:192:45:192:51 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:192:45:192:51 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:193:49:193:55 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:193:49:193:55 | tainted | -| tst.js:184:19:184:42 | documen ... .search | tst.js:184:9:184:42 | tainted | -| tst.js:184:19:184:42 | documen ... .search | tst.js:184:9:184:42 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:199:67:199:73 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:199:67:199:73 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:200:67:200:73 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:200:67:200:73 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:204:35:204:41 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:206:46:206:52 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:207:38:207:44 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:208:35:208:41 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:236:35:236:41 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:238:20:238:26 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:240:23:240:29 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:241:23:241:29 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:255:23:255:29 | tainted | -| tst.js:197:19:197:42 | documen ... .search | tst.js:197:9:197:42 | tainted | -| tst.js:197:19:197:42 | documen ... .search | tst.js:197:9:197:42 | tainted | -| tst.js:204:35:204:41 | tainted | tst.js:212:28:212:46 | this.state.tainted1 | -| tst.js:204:35:204:41 | tainted | tst.js:212:28:212:46 | this.state.tainted1 | -| tst.js:206:46:206:52 | tainted | tst.js:213:28:213:46 | this.state.tainted2 | -| tst.js:206:46:206:52 | tainted | tst.js:213:28:213:46 | this.state.tainted2 | -| tst.js:207:38:207:44 | tainted | tst.js:214:28:214:46 | this.state.tainted3 | -| tst.js:207:38:207:44 | tainted | tst.js:214:28:214:46 | this.state.tainted3 | -| tst.js:208:35:208:41 | tainted | tst.js:218:32:218:49 | prevState.tainted4 | -| tst.js:208:35:208:41 | tainted | tst.js:218:32:218:49 | prevState.tainted4 | -| tst.js:236:35:236:41 | tainted | tst.js:225:28:225:46 | this.props.tainted1 | -| tst.js:236:35:236:41 | tainted | tst.js:225:28:225:46 | this.props.tainted1 | -| tst.js:238:20:238:26 | tainted | tst.js:226:28:226:46 | this.props.tainted2 | -| tst.js:238:20:238:26 | tainted | tst.js:226:28:226:46 | this.props.tainted2 | -| tst.js:240:23:240:29 | tainted | tst.js:227:28:227:46 | this.props.tainted3 | -| tst.js:240:23:240:29 | tainted | tst.js:227:28:227:46 | this.props.tainted3 | -| tst.js:241:23:241:29 | tainted | tst.js:231:32:231:49 | prevProps.tainted4 | -| tst.js:241:23:241:29 | tainted | tst.js:231:32:231:49 | prevProps.tainted4 | -| tst.js:247:39:247:55 | props.propTainted | tst.js:251:60:251:82 | this.st ... Tainted | -| tst.js:247:39:247:55 | props.propTainted | tst.js:251:60:251:82 | this.st ... Tainted | -| tst.js:255:23:255:29 | tainted | tst.js:247:39:247:55 | props.propTainted | -| tst.js:259:7:259:17 | window.name | tst.js:259:7:259:17 | window.name | -| tst.js:260:7:260:10 | name | tst.js:260:7:260:10 | name | -| tst.js:264:11:264:21 | window.name | tst.js:264:11:264:21 | window.name | -| tst.js:280:22:280:29 | location | tst.js:280:22:280:29 | location | -| tst.js:285:9:285:29 | tainted | tst.js:288:59:288:65 | tainted | -| tst.js:285:9:285:29 | tainted | tst.js:288:59:288:65 | tainted | -| tst.js:285:9:285:29 | tainted | tst.js:288:59:288:65 | tainted | -| tst.js:285:9:285:29 | tainted | tst.js:288:59:288:65 | tainted | -| tst.js:285:19:285:29 | window.name | tst.js:285:9:285:29 | tainted | -| tst.js:285:19:285:29 | window.name | tst.js:285:9:285:29 | tainted | -| tst.js:285:19:285:29 | window.name | tst.js:285:9:285:29 | tainted | -| tst.js:285:19:285:29 | window.name | tst.js:285:9:285:29 | tainted | -| tst.js:301:9:301:16 | location | tst.js:302:10:302:10 | e | -| tst.js:301:9:301:16 | location | tst.js:302:10:302:10 | e | -| tst.js:302:10:302:10 | e | tst.js:303:20:303:20 | e | -| tst.js:302:10:302:10 | e | tst.js:303:20:303:20 | e | -| tst.js:308:10:308:17 | location | tst.js:310:10:310:10 | e | -| tst.js:308:10:308:17 | location | tst.js:310:10:310:10 | e | -| tst.js:310:10:310:10 | e | tst.js:311:20:311:20 | e | -| tst.js:310:10:310:10 | e | tst.js:311:20:311:20 | e | -| tst.js:316:35:316:42 | location | tst.js:316:35:316:42 | location | -| tst.js:327:18:327:34 | document.location | tst.js:331:16:331:43 | getTain ... hParams | -| tst.js:327:18:327:34 | document.location | tst.js:331:16:331:43 | getTain ... hParams | -| tst.js:327:18:327:34 | document.location | tst.js:332:18:332:35 | params.get('name') | -| tst.js:327:18:327:34 | document.location | tst.js:332:18:332:35 | params.get('name') | -| tst.js:327:18:327:34 | document.location | tst.js:332:18:332:35 | params.get('name') | -| tst.js:327:18:327:34 | document.location | tst.js:332:18:332:35 | params.get('name') | -| tst.js:331:7:331:43 | params | tst.js:332:18:332:23 | params | -| tst.js:331:16:331:43 | getTain ... hParams | tst.js:331:7:331:43 | params | -| tst.js:332:18:332:23 | params | tst.js:332:18:332:35 | params.get('name') | -| tst.js:332:18:332:23 | params | tst.js:332:18:332:35 | params.get('name') | -| tst.js:332:18:332:23 | params | tst.js:332:18:332:35 | params.get('name') | -| tst.js:341:20:341:36 | document.location | tst.js:343:5:343:17 | getUrl().hash | -| tst.js:341:20:341:36 | document.location | tst.js:343:5:343:17 | getUrl().hash | -| tst.js:343:5:343:17 | getUrl().hash | tst.js:343:5:343:30 | getUrl( ... ring(1) | -| tst.js:343:5:343:17 | getUrl().hash | tst.js:343:5:343:30 | getUrl( ... ring(1) | -| tst.js:343:5:343:17 | getUrl().hash | tst.js:343:5:343:30 | getUrl( ... ring(1) | -| tst.js:348:7:348:39 | target | tst.js:349:12:349:17 | target | -| tst.js:348:7:348:39 | target | tst.js:349:12:349:17 | target | -| tst.js:348:16:348:39 | documen ... .search | tst.js:348:7:348:39 | target | -| tst.js:348:16:348:39 | documen ... .search | tst.js:348:7:348:39 | target | -| tst.js:355:10:355:42 | target | tst.js:356:16:356:21 | target | -| tst.js:355:10:355:42 | target | tst.js:356:16:356:21 | target | -| tst.js:355:10:355:42 | target | tst.js:360:21:360:26 | target | -| tst.js:355:10:355:42 | target | tst.js:360:21:360:26 | target | -| tst.js:355:10:355:42 | target | tst.js:363:18:363:23 | target | -| tst.js:355:10:355:42 | target | tst.js:363:18:363:23 | target | -| tst.js:355:19:355:42 | documen ... .search | tst.js:355:10:355:42 | target | -| tst.js:355:19:355:42 | documen ... .search | tst.js:355:10:355:42 | target | -| tst.js:371:7:371:39 | target | tst.js:374:18:374:23 | target | -| tst.js:371:7:371:39 | target | tst.js:374:18:374:23 | target | -| tst.js:371:16:371:39 | documen ... .search | tst.js:371:7:371:39 | target | -| tst.js:371:16:371:39 | documen ... .search | tst.js:371:7:371:39 | target | -| tst.js:381:7:381:39 | target | tst.js:384:18:384:23 | target | -| tst.js:381:7:381:39 | target | tst.js:384:18:384:23 | target | -| tst.js:381:7:381:39 | target | tst.js:386:18:386:23 | target | -| tst.js:381:7:381:39 | target | tst.js:397:18:397:23 | target | -| tst.js:381:7:381:39 | target | tst.js:406:18:406:23 | target | -| tst.js:381:7:381:39 | target | tst.js:408:19:408:24 | target | -| tst.js:381:16:381:39 | documen ... .search | tst.js:381:7:381:39 | target | -| tst.js:381:16:381:39 | documen ... .search | tst.js:381:7:381:39 | target | -| tst.js:386:18:386:23 | target | tst.js:386:18:386:29 | target.taint | -| tst.js:386:18:386:23 | target | tst.js:386:18:386:29 | target.taint | -| tst.js:391:19:391:42 | documen ... .search | tst.js:392:18:392:30 | target.taint3 | -| tst.js:391:19:391:42 | documen ... .search | tst.js:392:18:392:30 | target.taint3 | -| tst.js:391:19:391:42 | documen ... .search | tst.js:392:18:392:30 | target.taint3 | -| tst.js:391:19:391:42 | documen ... .search | tst.js:392:18:392:30 | target.taint3 | -| tst.js:397:18:397:23 | target | tst.js:397:18:397:30 | target.taint5 | -| tst.js:397:18:397:23 | target | tst.js:397:18:397:30 | target.taint5 | -| tst.js:406:18:406:23 | target | tst.js:406:18:406:30 | target.taint7 | -| tst.js:406:18:406:23 | target | tst.js:406:18:406:30 | target.taint7 | -| tst.js:408:19:408:24 | target | tst.js:408:19:408:31 | target.taint8 | -| tst.js:408:19:408:31 | target.taint8 | tst.js:408:19:408:31 | target.taint8 | -| tst.js:408:19:408:31 | target.taint8 | tst.js:409:18:409:30 | target.taint8 | -| tst.js:408:19:408:31 | target.taint8 | tst.js:409:18:409:30 | target.taint8 | -| tst.js:416:7:416:46 | payload | tst.js:417:18:417:24 | payload | -| tst.js:416:7:416:46 | payload | tst.js:417:18:417:24 | payload | -| tst.js:416:7:416:46 | payload | tst.js:417:18:417:24 | payload | -| tst.js:416:7:416:46 | payload | tst.js:417:18:417:24 | payload | -| tst.js:416:7:416:46 | payload | tst.js:417:18:417:24 | payload | -| tst.js:416:7:416:46 | payload | tst.js:417:18:417:24 | payload | -| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:46 | window. ... bstr(1) | tst.js:416:7:416:46 | payload | -| tst.js:416:17:416:46 | window. ... bstr(1) | tst.js:416:7:416:46 | payload | -| tst.js:416:17:416:46 | window. ... bstr(1) | tst.js:416:7:416:46 | payload | -| tst.js:419:7:419:55 | match | tst.js:421:20:421:24 | match | -| tst.js:419:15:419:34 | window.location.hash | tst.js:419:15:419:55 | window. ... (\\w+)/) | -| tst.js:419:15:419:34 | window.location.hash | tst.js:419:15:419:55 | window. ... (\\w+)/) | -| tst.js:419:15:419:55 | window. ... (\\w+)/) | tst.js:419:7:419:55 | match | -| tst.js:421:20:421:24 | match | tst.js:421:20:421:27 | match[1] | -| tst.js:421:20:421:24 | match | tst.js:421:20:421:27 | match[1] | -| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:428:7:428:39 | target | tst.js:430:18:430:23 | target | -| tst.js:428:16:428:39 | documen ... .search | tst.js:428:7:428:39 | target | -| tst.js:428:16:428:39 | documen ... .search | tst.js:428:7:428:39 | target | -| tst.js:430:18:430:23 | target | tst.js:430:18:430:89 | target. ... data>') | -| tst.js:430:18:430:23 | target | tst.js:430:18:430:89 | target. ... data>') | -| tst.js:436:6:436:38 | source | tst.js:440:28:440:33 | source | -| tst.js:436:6:436:38 | source | tst.js:440:28:440:33 | source | -| tst.js:436:6:436:38 | source | tst.js:441:33:441:38 | source | -| tst.js:436:6:436:38 | source | tst.js:441:33:441:38 | source | -| tst.js:436:6:436:38 | source | tst.js:442:34:442:39 | source | -| tst.js:436:6:436:38 | source | tst.js:442:34:442:39 | source | -| tst.js:436:6:436:38 | source | tst.js:443:41:443:46 | source | -| tst.js:436:6:436:38 | source | tst.js:443:41:443:46 | source | -| tst.js:436:6:436:38 | source | tst.js:444:44:444:49 | source | -| tst.js:436:6:436:38 | source | tst.js:444:44:444:49 | source | -| tst.js:436:6:436:38 | source | tst.js:445:32:445:37 | source | -| tst.js:436:6:436:38 | source | tst.js:445:32:445:37 | source | -| tst.js:436:15:436:38 | documen ... .search | tst.js:436:6:436:38 | source | -| tst.js:436:15:436:38 | documen ... .search | tst.js:436:6:436:38 | source | -| tst.js:453:7:453:39 | source | tst.js:455:18:455:23 | source | -| tst.js:453:7:453:39 | source | tst.js:455:18:455:23 | source | -| tst.js:453:7:453:39 | source | tst.js:456:36:456:41 | source | -| tst.js:453:16:453:39 | documen ... .search | tst.js:453:7:453:39 | source | -| tst.js:453:16:453:39 | documen ... .search | tst.js:453:7:453:39 | source | -| tst.js:456:36:456:41 | source | tst.js:456:18:456:42 | ansiToH ... source) | -| tst.js:456:36:456:41 | source | tst.js:456:18:456:42 | ansiToH ... source) | -| tst.js:460:6:460:38 | source | tst.js:463:21:463:26 | source | -| tst.js:460:6:460:38 | source | tst.js:463:21:463:26 | source | -| tst.js:460:6:460:38 | source | tst.js:465:19:465:24 | source | -| tst.js:460:6:460:38 | source | tst.js:465:19:465:24 | source | -| tst.js:460:6:460:38 | source | tst.js:467:20:467:25 | source | -| tst.js:460:6:460:38 | source | tst.js:467:20:467:25 | source | -| tst.js:460:15:460:38 | documen ... .search | tst.js:460:6:460:38 | source | -| tst.js:460:15:460:38 | documen ... .search | tst.js:460:6:460:38 | source | -| tst.js:471:7:471:46 | url | tst.js:473:19:473:21 | url | -| tst.js:471:7:471:46 | url | tst.js:473:19:473:21 | url | -| tst.js:471:7:471:46 | url | tst.js:474:26:474:28 | url | -| tst.js:471:7:471:46 | url | tst.js:474:26:474:28 | url | -| tst.js:471:7:471:46 | url | tst.js:475:25:475:27 | url | -| tst.js:471:7:471:46 | url | tst.js:475:25:475:27 | url | -| tst.js:471:7:471:46 | url | tst.js:476:20:476:22 | url | -| tst.js:471:7:471:46 | url | tst.js:476:20:476:22 | url | -| tst.js:471:7:471:46 | url | tst.js:486:22:486:24 | url | -| tst.js:471:7:471:46 | url | tst.js:486:22:486:24 | url | -| tst.js:471:13:471:36 | documen ... .search | tst.js:471:13:471:46 | documen ... bstr(1) | -| tst.js:471:13:471:36 | documen ... .search | tst.js:471:13:471:46 | documen ... bstr(1) | -| tst.js:471:13:471:46 | documen ... bstr(1) | tst.js:471:7:471:46 | url | -| tst.js:491:23:491:35 | location.hash | tst.js:491:23:491:45 | locatio ... bstr(1) | -| tst.js:491:23:491:35 | location.hash | tst.js:491:23:491:45 | locatio ... bstr(1) | -| tst.js:491:23:491:35 | location.hash | tst.js:491:23:491:45 | locatio ... bstr(1) | -| tst.js:491:23:491:35 | location.hash | tst.js:491:23:491:45 | locatio ... bstr(1) | -| tst.js:494:18:494:30 | location.hash | tst.js:494:18:494:40 | locatio ... bstr(1) | -| tst.js:494:18:494:30 | location.hash | tst.js:494:18:494:40 | locatio ... bstr(1) | -| tst.js:494:18:494:30 | location.hash | tst.js:494:18:494:40 | locatio ... bstr(1) | -| tst.js:494:18:494:30 | location.hash | tst.js:494:18:494:40 | locatio ... bstr(1) | -| tst.js:501:43:501:62 | window.location.hash | tst.js:501:33:501:63 | decodeU ... n.hash) | -| tst.js:501:43:501:62 | window.location.hash | tst.js:501:33:501:63 | decodeU ... n.hash) | -| tst.js:501:43:501:62 | window.location.hash | tst.js:501:33:501:63 | decodeU ... n.hash) | -| tst.js:501:43:501:62 | window.location.hash | tst.js:501:33:501:63 | decodeU ... n.hash) | -| typeahead.js:20:13:20:45 | target | typeahead.js:21:12:21:17 | target | -| typeahead.js:20:22:20:45 | documen ... .search | typeahead.js:20:13:20:45 | target | -| typeahead.js:20:22:20:45 | documen ... .search | typeahead.js:20:13:20:45 | target | -| typeahead.js:21:12:21:17 | target | typeahead.js:24:30:24:32 | val | -| typeahead.js:24:30:24:32 | val | typeahead.js:25:18:25:20 | val | -| typeahead.js:24:30:24:32 | val | typeahead.js:25:18:25:20 | val | -| v-html.vue:6:42:6:58 | document.location | v-html.vue:2:8:2:23 | v-html=tainted | -| v-html.vue:6:42:6:58 | document.location | v-html.vue:2:8:2:23 | v-html=tainted | -| v-html.vue:6:42:6:58 | document.location | v-html.vue:2:8:2:23 | v-html=tainted | -| v-html.vue:6:42:6:58 | document.location | v-html.vue:2:8:2:23 | v-html=tainted | -| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:4:14:4:20 | tainted | -| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:5:12:5:18 | tainted | -| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:6:19:6:25 | tainted | -| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:7:14:7:20 | tainted | -| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:9:19:9:25 | tainted | -| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:10:16:10:22 | tainted | -| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:11:24:11:30 | tainted | -| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:12:19:12:25 | tainted | -| various-concat-obfuscations.js:2:16:2:39 | documen ... .search | various-concat-obfuscations.js:2:6:2:39 | tainted | -| various-concat-obfuscations.js:2:16:2:39 | documen ... .search | various-concat-obfuscations.js:2:6:2:39 | tainted | -| various-concat-obfuscations.js:4:14:4:20 | tainted | various-concat-obfuscations.js:4:4:4:31 | "
" ...
" | -| various-concat-obfuscations.js:4:14:4:20 | tainted | various-concat-obfuscations.js:4:4:4:31 | "
" ...
" | -| various-concat-obfuscations.js:5:12:5:18 | tainted | various-concat-obfuscations.js:5:4:5:26 | `
$ ...
` | -| various-concat-obfuscations.js:5:12:5:18 | tainted | various-concat-obfuscations.js:5:4:5:26 | `
$ ...
` | -| various-concat-obfuscations.js:6:4:6:26 | "
" ... ainted) | various-concat-obfuscations.js:6:4:6:43 | "
" ... /div>") | -| various-concat-obfuscations.js:6:4:6:26 | "
" ... ainted) | various-concat-obfuscations.js:6:4:6:43 | "
" ... /div>") | -| various-concat-obfuscations.js:6:19:6:25 | tainted | various-concat-obfuscations.js:6:4:6:26 | "
" ... ainted) | -| various-concat-obfuscations.js:7:4:7:31 | ["
... /div>"] | various-concat-obfuscations.js:7:4:7:38 | ["
... .join() | -| various-concat-obfuscations.js:7:4:7:31 | ["
... /div>"] | various-concat-obfuscations.js:7:4:7:38 | ["
... .join() | -| various-concat-obfuscations.js:7:14:7:20 | tainted | various-concat-obfuscations.js:7:4:7:31 | ["
... /div>"] | -| various-concat-obfuscations.js:9:19:9:25 | tainted | various-concat-obfuscations.js:9:4:9:34 | "
" | -| various-concat-obfuscations.js:9:19:9:25 | tainted | various-concat-obfuscations.js:9:4:9:34 | "
" | -| various-concat-obfuscations.js:10:16:10:22 | tainted | various-concat-obfuscations.js:10:4:10:27 | `
` | -| various-concat-obfuscations.js:10:16:10:22 | tainted | various-concat-obfuscations.js:10:4:10:27 | `
` | -| various-concat-obfuscations.js:11:4:11:31 | "
") | -| various-concat-obfuscations.js:11:4:11:31 | "
") | -| various-concat-obfuscations.js:11:24:11:30 | tainted | various-concat-obfuscations.js:11:4:11:31 | "
"] | various-concat-obfuscations.js:12:4:12:41 | ["
"] | various-concat-obfuscations.js:12:4:12:41 | ["
"] | -| various-concat-obfuscations.js:20:17:20:40 | documen ... .search | various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | -| various-concat-obfuscations.js:20:17:20:40 | documen ... .search | various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | -| various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | -| various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | -| various-concat-obfuscations.js:21:17:21:40 | documen ... .search | various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | -| various-concat-obfuscations.js:21:17:21:40 | documen ... .search | various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | -| various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | -| various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | -| winjs.js:2:7:2:53 | tainted | winjs.js:3:43:3:49 | tainted | -| winjs.js:2:7:2:53 | tainted | winjs.js:3:43:3:49 | tainted | -| winjs.js:2:7:2:53 | tainted | winjs.js:3:43:3:49 | tainted | -| winjs.js:2:7:2:53 | tainted | winjs.js:3:43:3:49 | tainted | -| winjs.js:2:7:2:53 | tainted | winjs.js:3:43:3:49 | tainted | -| winjs.js:2:7:2:53 | tainted | winjs.js:3:43:3:49 | tainted | -| winjs.js:2:7:2:53 | tainted | winjs.js:4:43:4:49 | tainted | -| winjs.js:2:7:2:53 | tainted | winjs.js:4:43:4:49 | tainted | -| winjs.js:2:7:2:53 | tainted | winjs.js:4:43:4:49 | tainted | -| winjs.js:2:7:2:53 | tainted | winjs.js:4:43:4:49 | tainted | -| winjs.js:2:7:2:53 | tainted | winjs.js:4:43:4:49 | tainted | -| winjs.js:2:7:2:53 | tainted | winjs.js:4:43:4:49 | tainted | -| winjs.js:2:17:2:40 | documen ... .search | winjs.js:2:17:2:53 | documen ... ring(1) | -| winjs.js:2:17:2:40 | documen ... .search | winjs.js:2:17:2:53 | documen ... ring(1) | -| winjs.js:2:17:2:40 | documen ... .search | winjs.js:2:17:2:53 | documen ... ring(1) | -| winjs.js:2:17:2:40 | documen ... .search | winjs.js:2:17:2:53 | documen ... ring(1) | -| winjs.js:2:17:2:40 | documen ... .search | winjs.js:2:17:2:53 | documen ... ring(1) | -| winjs.js:2:17:2:40 | documen ... .search | winjs.js:2:17:2:53 | documen ... ring(1) | -| winjs.js:2:17:2:53 | documen ... ring(1) | winjs.js:2:7:2:53 | tainted | -| winjs.js:2:17:2:53 | documen ... ring(1) | winjs.js:2:7:2:53 | tainted | -| winjs.js:2:17:2:53 | documen ... ring(1) | winjs.js:2:7:2:53 | tainted | +| addEventListener.js:1:43:1:47 | event | addEventListener.js:2:20:2:24 | event | provenance | | +| addEventListener.js:2:20:2:24 | event | addEventListener.js:2:20:2:29 | event.data | provenance | | +| addEventListener.js:5:43:5:48 | data | addEventListener.js:6:20:6:23 | data | provenance | | +| addEventListener.js:5:43:5:48 | {data} | addEventListener.js:5:44:5:47 | data | provenance | | +| addEventListener.js:5:44:5:47 | data | addEventListener.js:5:43:5:48 | data | provenance | | +| addEventListener.js:10:21:10:25 | event | addEventListener.js:12:24:12:28 | event | provenance | | +| addEventListener.js:12:24:12:28 | event | addEventListener.js:12:24:12:33 | event.data | provenance | | +| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | provenance | | +| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | provenance | | +| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | provenance | | +| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | provenance | | +| classnames.js:7:47:7:69 | classNa ... w.name) | classnames.js:7:31:7:84 | `` | provenance | | +| classnames.js:7:58:7:68 | window.name | classnames.js:7:47:7:69 | classNa ... w.name) | provenance | | +| classnames.js:8:47:8:70 | classNa ... w.name) | classnames.js:8:31:8:85 | `` | provenance | | +| classnames.js:8:59:8:69 | window.name | classnames.js:8:47:8:70 | classNa ... w.name) | provenance | | +| classnames.js:9:47:9:70 | classNa ... w.name) | classnames.js:9:31:9:85 | `` | provenance | | +| classnames.js:9:59:9:69 | window.name | classnames.js:9:47:9:70 | classNa ... w.name) | provenance | | +| classnames.js:10:45:10:55 | window.name | classnames.js:11:47:11:64 | unsafeStyle('foo') | provenance | | +| classnames.js:11:47:11:64 | unsafeStyle('foo') | classnames.js:11:31:11:79 | `` | provenance | | +| classnames.js:13:47:13:68 | safeSty ... w.name) | classnames.js:13:31:13:83 | `` | provenance | | +| classnames.js:13:57:13:67 | window.name | classnames.js:13:47:13:68 | safeSty ... w.name) | provenance | | +| classnames.js:15:47:15:63 | clsx(window.name) | classnames.js:15:31:15:78 | `` | provenance | | +| classnames.js:15:52:15:62 | window.name | classnames.js:15:47:15:63 | clsx(window.name) | provenance | | +| classnames.js:17:48:17:64 | clsx(window.name) | classnames.js:17:32:17:79 | `` | provenance | | +| classnames.js:17:53:17:63 | window.name | classnames.js:17:48:17:64 | clsx(window.name) | provenance | | +| clipboard.ts:8:11:8:51 | html | clipboard.ts:15:25:15:28 | html | provenance | | +| clipboard.ts:8:18:8:51 | clipboa ... /html') | clipboard.ts:8:11:8:51 | html | provenance | | +| clipboard.ts:43:15:43:55 | html | clipboard.ts:50:29:50:32 | html | provenance | | +| clipboard.ts:43:22:43:55 | clipboa ... /html') | clipboard.ts:43:15:43:55 | html | provenance | | +| clipboard.ts:71:13:71:62 | droppedHtml | clipboard.ts:73:29:73:39 | droppedHtml | provenance | | +| clipboard.ts:71:27:71:62 | e.clipb ... /html') | clipboard.ts:71:13:71:62 | droppedHtml | provenance | | +| clipboard.ts:98:15:98:54 | html | clipboard.ts:99:23:99:26 | html | provenance | | +| clipboard.ts:98:22:98:54 | dataTra ... /html') | clipboard.ts:98:15:98:54 | html | provenance | | +| d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | provenance | | +| d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | provenance | | +| d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | provenance | | +| d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | provenance | | +| dates.js:9:9:9:69 | taint | dates.js:11:63:11:67 | taint | provenance | | +| dates.js:9:9:9:69 | taint | dates.js:12:66:12:70 | taint | provenance | | +| dates.js:9:9:9:69 | taint | dates.js:13:59:13:63 | taint | provenance | | +| dates.js:9:9:9:69 | taint | dates.js:16:62:16:66 | taint | provenance | | +| dates.js:9:9:9:69 | taint | dates.js:18:59:18:63 | taint | provenance | | +| dates.js:9:9:9:69 | taint | dates.js:21:61:21:65 | taint | provenance | | +| dates.js:9:17:9:69 | decodeU ... ing(1)) | dates.js:9:9:9:69 | taint | provenance | | +| dates.js:9:36:9:55 | window.location.hash | dates.js:9:36:9:68 | window. ... ring(1) | provenance | | +| dates.js:9:36:9:55 | window.location.hash | dates.js:9:36:9:68 | window. ... ring(1) | provenance | Config | +| dates.js:9:36:9:68 | window. ... ring(1) | dates.js:9:17:9:69 | decodeU ... ing(1)) | provenance | | +| dates.js:9:36:9:68 | window. ... ring(1) | dates.js:9:17:9:69 | decodeU ... ing(1)) | provenance | Config | +| dates.js:11:42:11:68 | dateFns ... taint) | dates.js:11:31:11:70 | `Time i ... aint)}` | provenance | | +| dates.js:11:42:11:68 | dateFns ... taint) | dates.js:11:31:11:70 | `Time i ... aint)}` | provenance | Config | +| dates.js:11:63:11:67 | taint | dates.js:11:42:11:68 | dateFns ... taint) | provenance | | +| dates.js:11:63:11:67 | taint | dates.js:11:42:11:68 | dateFns ... taint) | provenance | Config | +| dates.js:12:42:12:71 | dateFns ... taint) | dates.js:12:31:12:73 | `Time i ... aint)}` | provenance | | +| dates.js:12:42:12:71 | dateFns ... taint) | dates.js:12:31:12:73 | `Time i ... aint)}` | provenance | Config | +| dates.js:12:66:12:70 | taint | dates.js:12:42:12:71 | dateFns ... taint) | provenance | | +| dates.js:12:66:12:70 | taint | dates.js:12:42:12:71 | dateFns ... taint) | provenance | Config | +| dates.js:13:42:13:70 | dateFns ... )(time) | dates.js:13:31:13:72 | `Time i ... time)}` | provenance | | +| dates.js:13:42:13:70 | dateFns ... )(time) | dates.js:13:31:13:72 | `Time i ... time)}` | provenance | Config | +| dates.js:13:59:13:63 | taint | dates.js:13:42:13:70 | dateFns ... )(time) | provenance | | +| dates.js:13:59:13:63 | taint | dates.js:13:42:13:70 | dateFns ... )(time) | provenance | Config | +| dates.js:16:42:16:67 | moment( ... (taint) | dates.js:16:31:16:69 | `Time i ... aint)}` | provenance | | +| dates.js:16:42:16:67 | moment( ... (taint) | dates.js:16:31:16:69 | `Time i ... aint)}` | provenance | Config | +| dates.js:16:62:16:66 | taint | dates.js:16:42:16:67 | moment( ... (taint) | provenance | | +| dates.js:16:62:16:66 | taint | dates.js:16:42:16:67 | moment( ... (taint) | provenance | Config | +| dates.js:18:42:18:64 | datefor ... taint) | dates.js:18:31:18:66 | `Time i ... aint)}` | provenance | | +| dates.js:18:42:18:64 | datefor ... taint) | dates.js:18:31:18:66 | `Time i ... aint)}` | provenance | Config | +| dates.js:18:59:18:63 | taint | dates.js:18:42:18:64 | datefor ... taint) | provenance | | +| dates.js:18:59:18:63 | taint | dates.js:18:42:18:64 | datefor ... taint) | provenance | Config | +| dates.js:21:42:21:66 | dayjs(t ... (taint) | dates.js:21:31:21:68 | `Time i ... aint)}` | provenance | | +| dates.js:21:42:21:66 | dayjs(t ... (taint) | dates.js:21:31:21:68 | `Time i ... aint)}` | provenance | Config | +| dates.js:21:61:21:65 | taint | dates.js:21:42:21:66 | dayjs(t ... (taint) | provenance | | +| dates.js:21:61:21:65 | taint | dates.js:21:42:21:66 | dayjs(t ... (taint) | provenance | Config | +| dates.js:30:9:30:69 | taint | dates.js:37:77:37:81 | taint | provenance | | +| dates.js:30:9:30:69 | taint | dates.js:38:77:38:81 | taint | provenance | | +| dates.js:30:9:30:69 | taint | dates.js:39:79:39:83 | taint | provenance | | +| dates.js:30:9:30:69 | taint | dates.js:40:77:40:81 | taint | provenance | | +| dates.js:30:17:30:69 | decodeU ... ing(1)) | dates.js:30:9:30:69 | taint | provenance | | +| dates.js:30:36:30:55 | window.location.hash | dates.js:30:36:30:68 | window. ... ring(1) | provenance | | +| dates.js:30:36:30:55 | window.location.hash | dates.js:30:36:30:68 | window. ... ring(1) | provenance | Config | +| dates.js:30:36:30:68 | window. ... ring(1) | dates.js:30:17:30:69 | decodeU ... ing(1)) | provenance | | +| dates.js:30:36:30:68 | window. ... ring(1) | dates.js:30:17:30:69 | decodeU ... ing(1)) | provenance | Config | +| dates.js:37:42:37:82 | dateFns ... taint) | dates.js:37:31:37:84 | `Time i ... aint)}` | provenance | | +| dates.js:37:42:37:82 | dateFns ... taint) | dates.js:37:31:37:84 | `Time i ... aint)}` | provenance | Config | +| dates.js:37:77:37:81 | taint | dates.js:37:42:37:82 | dateFns ... taint) | provenance | | +| dates.js:37:77:37:81 | taint | dates.js:37:42:37:82 | dateFns ... taint) | provenance | Config | +| dates.js:38:42:38:82 | luxon.f ... taint) | dates.js:38:31:38:84 | `Time i ... aint)}` | provenance | | +| dates.js:38:42:38:82 | luxon.f ... taint) | dates.js:38:31:38:84 | `Time i ... aint)}` | provenance | Config | +| dates.js:38:77:38:81 | taint | dates.js:38:42:38:82 | luxon.f ... taint) | provenance | | +| dates.js:38:77:38:81 | taint | dates.js:38:42:38:82 | luxon.f ... taint) | provenance | Config | +| dates.js:39:42:39:84 | moment. ... taint) | dates.js:39:31:39:86 | `Time i ... aint)}` | provenance | | +| dates.js:39:42:39:84 | moment. ... taint) | dates.js:39:31:39:86 | `Time i ... aint)}` | provenance | Config | +| dates.js:39:79:39:83 | taint | dates.js:39:42:39:84 | moment. ... taint) | provenance | | +| dates.js:39:79:39:83 | taint | dates.js:39:42:39:84 | moment. ... taint) | provenance | Config | +| dates.js:40:42:40:82 | dayjs.f ... taint) | dates.js:40:31:40:84 | `Time i ... aint)}` | provenance | | +| dates.js:40:42:40:82 | dayjs.f ... taint) | dates.js:40:31:40:84 | `Time i ... aint)}` | provenance | Config | +| dates.js:40:77:40:81 | taint | dates.js:40:42:40:82 | dayjs.f ... taint) | provenance | | +| dates.js:40:77:40:81 | taint | dates.js:40:42:40:82 | dayjs.f ... taint) | provenance | Config | +| dates.js:46:9:46:69 | taint | dates.js:48:83:48:87 | taint | provenance | | +| dates.js:46:9:46:69 | taint | dates.js:49:82:49:86 | taint | provenance | | +| dates.js:46:9:46:69 | taint | dates.js:50:97:50:101 | taint | provenance | | +| dates.js:46:17:46:69 | decodeU ... ing(1)) | dates.js:46:9:46:69 | taint | provenance | | +| dates.js:46:36:46:55 | window.location.hash | dates.js:46:36:46:68 | window. ... ring(1) | provenance | | +| dates.js:46:36:46:55 | window.location.hash | dates.js:46:36:46:68 | window. ... ring(1) | provenance | Config | +| dates.js:46:36:46:68 | window. ... ring(1) | dates.js:46:17:46:69 | decodeU ... ing(1)) | provenance | | +| dates.js:46:36:46:68 | window. ... ring(1) | dates.js:46:17:46:69 | decodeU ... ing(1)) | provenance | Config | +| dates.js:48:42:48:88 | DateTim ... (taint) | dates.js:48:31:48:90 | `Time i ... aint)}` | provenance | | +| dates.js:48:42:48:88 | DateTim ... (taint) | dates.js:48:31:48:90 | `Time i ... aint)}` | provenance | Config | +| dates.js:48:83:48:87 | taint | dates.js:48:42:48:88 | DateTim ... (taint) | provenance | | +| dates.js:48:83:48:87 | taint | dates.js:48:42:48:88 | DateTim ... (taint) | provenance | Config | +| dates.js:49:42:49:87 | new Dat ... (taint) | dates.js:49:31:49:89 | `Time i ... aint)}` | provenance | | +| dates.js:49:42:49:87 | new Dat ... (taint) | dates.js:49:31:49:89 | `Time i ... aint)}` | provenance | Config | +| dates.js:49:82:49:86 | taint | dates.js:49:42:49:87 | new Dat ... (taint) | provenance | | +| dates.js:49:82:49:86 | taint | dates.js:49:42:49:87 | new Dat ... (taint) | provenance | Config | +| dates.js:50:42:50:102 | DateTim ... (taint) | dates.js:50:31:50:104 | `Time i ... aint)}` | provenance | | +| dates.js:50:42:50:102 | DateTim ... (taint) | dates.js:50:31:50:104 | `Time i ... aint)}` | provenance | Config | +| dates.js:50:97:50:101 | taint | dates.js:50:42:50:102 | DateTim ... (taint) | provenance | | +| dates.js:50:97:50:101 | taint | dates.js:50:42:50:102 | DateTim ... (taint) | provenance | Config | +| dates.js:54:9:54:69 | taint | dates.js:57:94:57:98 | taint | provenance | | +| dates.js:54:9:54:69 | taint | dates.js:59:80:59:84 | taint | provenance | | +| dates.js:54:9:54:69 | taint | dates.js:61:81:61:85 | taint | provenance | | +| dates.js:54:17:54:69 | decodeU ... ing(1)) | dates.js:54:9:54:69 | taint | provenance | | +| dates.js:54:36:54:55 | window.location.hash | dates.js:54:36:54:68 | window. ... ring(1) | provenance | | +| dates.js:54:36:54:55 | window.location.hash | dates.js:54:36:54:68 | window. ... ring(1) | provenance | Config | +| dates.js:54:36:54:68 | window. ... ring(1) | dates.js:54:17:54:69 | decodeU ... ing(1)) | provenance | | +| dates.js:54:36:54:68 | window. ... ring(1) | dates.js:54:17:54:69 | decodeU ... ing(1)) | provenance | Config | +| dates.js:57:42:57:99 | moment. ... (taint) | dates.js:57:31:57:101 | `Time i ... aint)}` | provenance | | +| dates.js:57:42:57:99 | moment. ... (taint) | dates.js:57:31:57:101 | `Time i ... aint)}` | provenance | Config | +| dates.js:57:94:57:98 | taint | dates.js:57:42:57:99 | moment. ... (taint) | provenance | | +| dates.js:57:94:57:98 | taint | dates.js:57:42:57:99 | moment. ... (taint) | provenance | Config | +| dates.js:59:42:59:85 | luxon.e ... (taint) | dates.js:59:31:59:87 | `Time i ... aint)}` | provenance | | +| dates.js:59:42:59:85 | luxon.e ... (taint) | dates.js:59:31:59:87 | `Time i ... aint)}` | provenance | Config | +| dates.js:59:80:59:84 | taint | dates.js:59:42:59:85 | luxon.e ... (taint) | provenance | | +| dates.js:59:80:59:84 | taint | dates.js:59:42:59:85 | luxon.e ... (taint) | provenance | Config | +| dates.js:61:42:61:86 | dayjs.s ... (taint) | dates.js:61:31:61:88 | `Time i ... aint)}` | provenance | | +| dates.js:61:42:61:86 | dayjs.s ... (taint) | dates.js:61:31:61:88 | `Time i ... aint)}` | provenance | Config | +| dates.js:61:81:61:85 | taint | dates.js:61:42:61:86 | dayjs.s ... (taint) | provenance | | +| dates.js:61:81:61:85 | taint | dates.js:61:42:61:86 | dayjs.s ... (taint) | provenance | Config | +| dragAndDrop.ts:8:11:8:50 | html | dragAndDrop.ts:15:25:15:28 | html | provenance | | +| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | dragAndDrop.ts:8:11:8:50 | html | provenance | | +| dragAndDrop.ts:43:15:43:54 | html | dragAndDrop.ts:50:29:50:32 | html | provenance | | +| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | dragAndDrop.ts:43:15:43:54 | html | provenance | | +| dragAndDrop.ts:71:13:71:61 | droppedHtml | dragAndDrop.ts:73:29:73:39 | droppedHtml | provenance | | +| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | dragAndDrop.ts:71:13:71:61 | droppedHtml | provenance | | +| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

' | provenance | | +| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

' | provenance | Config | +| jquery.js:2:7:2:40 | tainted | jquery.js:7:20:7:26 | tainted | provenance | | +| jquery.js:2:7:2:40 | tainted | jquery.js:8:28:8:34 | tainted | provenance | | +| jquery.js:2:7:2:40 | tainted | jquery.js:36:25:36:31 | tainted | provenance | | +| jquery.js:2:7:2:40 | tainted | jquery.js:37:31:37:37 | tainted | provenance | | +| jquery.js:2:17:2:40 | documen ... .search | jquery.js:2:7:2:40 | tainted | provenance | | +| jquery.js:7:20:7:26 | tainted | jquery.js:7:5:7:34 | "
" | provenance | Config | +| jquery.js:8:28:8:34 | tainted | jquery.js:8:18:8:34 | "XSS: " + tainted | provenance | | +| jquery.js:8:28:8:34 | tainted | jquery.js:8:18:8:34 | "XSS: " + tainted | provenance | Config | +| jquery.js:10:13:10:20 | location | jquery.js:10:13:10:31 | location.toString() | provenance | | +| jquery.js:10:13:10:20 | location | jquery.js:10:13:10:31 | location.toString() | provenance | Config | +| jquery.js:10:13:10:31 | location.toString() | jquery.js:10:5:10:40 | "" + ... "" | provenance | Config | +| jquery.js:14:38:14:57 | window.location.hash | jquery.js:14:19:14:58 | decodeU ... n.hash) | provenance | | +| jquery.js:14:38:14:57 | window.location.hash | jquery.js:14:19:14:58 | decodeU ... n.hash) | provenance | Config | +| jquery.js:15:38:15:59 | window. ... .search | jquery.js:15:19:15:60 | decodeU ... search) | provenance | | +| jquery.js:15:38:15:59 | window. ... .search | jquery.js:15:19:15:60 | decodeU ... search) | provenance | Config | +| jquery.js:16:38:16:52 | window.location | jquery.js:16:38:16:63 | window. ... tring() | provenance | | +| jquery.js:16:38:16:52 | window.location | jquery.js:16:38:16:63 | window. ... tring() | provenance | Config | +| jquery.js:16:38:16:63 | window. ... tring() | jquery.js:16:19:16:64 | decodeU ... ring()) | provenance | | +| jquery.js:16:38:16:63 | window. ... tring() | jquery.js:16:19:16:64 | decodeU ... ring()) | provenance | Config | +| jquery.js:18:7:18:33 | hash | jquery.js:21:5:21:8 | hash | provenance | | +| jquery.js:18:7:18:33 | hash | jquery.js:22:5:22:8 | hash | provenance | | +| jquery.js:18:7:18:33 | hash | jquery.js:23:5:23:8 | hash | provenance | | +| jquery.js:18:7:18:33 | hash | jquery.js:24:5:24:8 | hash | provenance | | +| jquery.js:18:7:18:33 | hash | jquery.js:27:5:27:8 | hash | provenance | | +| jquery.js:18:7:18:33 | hash | jquery.js:34:13:34:16 | hash | provenance | | +| jquery.js:18:14:18:33 | window.location.hash | jquery.js:18:7:18:33 | hash | provenance | | +| jquery.js:21:5:21:8 | hash | jquery.js:21:5:21:21 | hash.substring(1) | provenance | Config | +| jquery.js:22:5:22:8 | hash | jquery.js:22:5:22:25 | hash.su ... (1, 10) | provenance | Config | +| jquery.js:23:5:23:8 | hash | jquery.js:23:5:23:18 | hash.substr(1) | provenance | Config | +| jquery.js:24:5:24:8 | hash | jquery.js:24:5:24:17 | hash.slice(1) | provenance | Config | +| jquery.js:27:5:27:8 | hash | jquery.js:27:5:27:25 | hash.re ... #', '') | provenance | Config | +| jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') | provenance | Config | +| jquery.js:34:13:34:16 | hash | jquery.js:34:5:34:25 | '' + ... '' | provenance | Config | +| jquery.js:37:31:37:37 | tainted | jquery.js:37:25:37:37 | () => tainted | provenance | Config | +| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:11:51:11:56 | locale | provenance | | +| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:19:56:19:61 | locale | provenance | | +| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:31:55:31:60 | locale | provenance | | +| json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:5:9:5:36 | locale | provenance | | +| json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | provenance | | +| json-stringify.jsx:11:51:11:56 | locale | json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | provenance | | +| json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | provenance | | +| json-stringify.jsx:19:56:19:61 | locale | json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | provenance | | +| json-stringify.jsx:31:55:31:60 | locale | json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | provenance | | +| jwt-server.js:7:9:7:35 | taint | jwt-server.js:9:16:9:20 | taint | provenance | | +| jwt-server.js:7:17:7:35 | req.param("wobble") | jwt-server.js:7:9:7:35 | taint | provenance | | +| jwt-server.js:9:16:9:20 | taint | jwt-server.js:9:55:9:61 | decoded | provenance | | +| jwt-server.js:9:55:9:61 | decoded | jwt-server.js:11:19:11:25 | decoded | provenance | | +| jwt-server.js:11:19:11:25 | decoded | jwt-server.js:11:19:11:29 | decoded.foo | provenance | | +| nodemailer.js:13:50:13:66 | req.query.message | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | provenance | | +| optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:6:18:6:23 | target | provenance | | +| optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:8:17:8:22 | target | provenance | | +| optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:15:9:15:14 | target | provenance | | +| optionalSanitizer.js:2:16:2:39 | documen ... .search | optionalSanitizer.js:2:7:2:39 | target | provenance | | +| optionalSanitizer.js:8:7:8:22 | tainted | optionalSanitizer.js:9:18:9:24 | tainted | provenance | | +| optionalSanitizer.js:8:17:8:22 | target | optionalSanitizer.js:8:7:8:22 | tainted | provenance | | +| optionalSanitizer.js:15:9:15:14 | target | optionalSanitizer.js:16:18:16:18 | x | provenance | | +| optionalSanitizer.js:16:18:16:18 | x | optionalSanitizer.js:17:20:17:20 | x | provenance | | +| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:31:18:31:23 | target | provenance | | +| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:38:18:38:23 | target | provenance | | +| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:45:41:45:46 | target | provenance | | +| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:45:51:45:56 | target | provenance | | +| optionalSanitizer.js:26:16:26:39 | documen ... .search | optionalSanitizer.js:26:7:26:39 | target | provenance | | +| optionalSanitizer.js:28:24:28:24 | x | optionalSanitizer.js:29:12:29:12 | x | provenance | | +| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:32:18:32:25 | tainted2 | provenance | | +| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:34:28:34:35 | tainted2 | provenance | | +| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:36:18:36:25 | tainted2 | provenance | | +| optionalSanitizer.js:31:18:31:23 | target | optionalSanitizer.js:31:7:31:23 | tainted2 | provenance | | +| optionalSanitizer.js:34:5:34:36 | tainted2 | optionalSanitizer.js:36:18:36:25 | tainted2 | provenance | | +| optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) | optionalSanitizer.js:34:5:34:36 | tainted2 | provenance | | +| optionalSanitizer.js:34:28:34:35 | tainted2 | optionalSanitizer.js:28:24:28:24 | x | provenance | | +| optionalSanitizer.js:34:28:34:35 | tainted2 | optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) | provenance | | +| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:39:18:39:25 | tainted3 | provenance | | +| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:41:28:41:35 | tainted3 | provenance | | +| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:43:18:43:25 | tainted3 | provenance | | +| optionalSanitizer.js:38:18:38:23 | target | optionalSanitizer.js:38:7:38:23 | tainted3 | provenance | | +| optionalSanitizer.js:41:5:41:36 | tainted3 | optionalSanitizer.js:43:18:43:25 | tainted3 | provenance | | +| optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) | optionalSanitizer.js:41:5:41:36 | tainted3 | provenance | | +| optionalSanitizer.js:41:28:41:35 | tainted3 | optionalSanitizer.js:28:24:28:24 | x | provenance | | +| optionalSanitizer.js:41:28:41:35 | tainted3 | optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) | provenance | | +| optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | optionalSanitizer.js:45:18:45:56 | sanitiz ... target | provenance | | +| optionalSanitizer.js:45:41:45:46 | target | optionalSanitizer.js:28:24:28:24 | x | provenance | | +| optionalSanitizer.js:45:41:45:46 | target | optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | provenance | | +| optionalSanitizer.js:45:51:45:56 | target | optionalSanitizer.js:45:18:45:56 | sanitiz ... target | provenance | | +| pages/[id].jsx:3:30:3:35 | params [id] | pages/[id].jsx:13:44:13:49 | params [id] | provenance | | +| pages/[id].jsx:3:30:3:35 | params [q] | pages/[id].jsx:16:44:16:49 | params [q] | provenance | | +| pages/[id].jsx:5:9:5:14 | { id } | pages/[id].jsx:5:11:5:12 | id | provenance | | +| pages/[id].jsx:5:9:5:29 | id | pages/[id].jsx:10:44:10:45 | id | provenance | | +| pages/[id].jsx:5:11:5:12 | id | pages/[id].jsx:5:9:5:29 | id | provenance | | +| pages/[id].jsx:5:18:5:29 | router.query | pages/[id].jsx:5:9:5:14 | { id } | provenance | | +| pages/[id].jsx:13:44:13:49 | params [id] | pages/[id].jsx:13:44:13:52 | params.id | provenance | | +| pages/[id].jsx:16:44:16:49 | params [q] | pages/[id].jsx:16:44:16:51 | params.q | provenance | | +| pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [id] | pages/[id].jsx:3:30:3:35 | params [id] | provenance | | +| pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [q] | pages/[id].jsx:3:30:3:35 | params [q] | provenance | | +| pages/[id].jsx:25:11:25:24 | context.params | pages/[id].jsx:25:11:25:27 | context.params.id | provenance | | +| pages/[id].jsx:25:11:25:27 | context.params.id | pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | provenance | | +| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [id] | provenance | | +| pages/[id].jsx:26:10:26:22 | context.query | pages/[id].jsx:26:10:26:30 | context ... .foobar | provenance | | +| pages/[id].jsx:26:10:26:30 | context ... .foobar | pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | provenance | | +| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [q] | provenance | | +| react-native.js:7:7:7:33 | tainted | react-native.js:8:18:8:24 | tainted | provenance | | +| react-native.js:7:7:7:33 | tainted | react-native.js:9:27:9:33 | tainted | provenance | | +| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | provenance | | +| react-use-router.js:8:21:8:32 | router.query | react-use-router.js:8:21:8:39 | router.query.foobar | provenance | | +| react-use-router.js:11:24:11:35 | router.query | react-use-router.js:11:24:11:42 | router.query.foobar | provenance | | +| react-use-router.js:23:31:23:36 | [post update] router | react-use-router.js:23:43:23:48 | router | provenance | | +| react-use-router.js:23:43:23:48 | router | react-use-router.js:23:43:23:54 | router.query | provenance | | +| react-use-router.js:23:43:23:54 | router.query | react-use-router.js:23:43:23:61 | router.query.foobar | provenance | | +| react-use-router.js:23:43:23:61 | router.query.foobar | react-use-router.js:23:31:23:36 | [post update] router | provenance | | +| react-use-router.js:33:21:33:32 | router.query | react-use-router.js:33:21:33:39 | router.query.foobar | provenance | | +| react-use-state.js:4:9:4:49 | state | react-use-state.js:5:51:5:55 | state | provenance | | +| react-use-state.js:4:10:4:14 | state | react-use-state.js:4:9:4:49 | state | provenance | | +| react-use-state.js:4:38:4:48 | window.name | react-use-state.js:4:10:4:14 | state | provenance | | +| react-use-state.js:9:9:9:43 | state | react-use-state.js:11:51:11:55 | state | provenance | | +| react-use-state.js:9:10:9:14 | state | react-use-state.js:9:9:9:43 | state | provenance | | +| react-use-state.js:10:14:10:24 | window.name | react-use-state.js:9:10:9:14 | state | provenance | | +| react-use-state.js:15:9:15:43 | state | react-use-state.js:17:51:17:55 | state | provenance | | +| react-use-state.js:15:10:15:14 | state | react-use-state.js:15:9:15:43 | state | provenance | | +| react-use-state.js:16:20:16:30 | window.name | react-use-state.js:15:10:15:14 | state | provenance | | +| react-use-state.js:21:10:21:14 | state | react-use-state.js:22:14:22:17 | prev | provenance | | +| react-use-state.js:22:14:22:17 | prev | react-use-state.js:23:35:23:38 | prev | provenance | | +| react-use-state.js:25:20:25:30 | window.name | react-use-state.js:21:10:21:14 | state | provenance | | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:23:29:23:35 | tainted | provenance | | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:25:29:25:35 | tainted | provenance | | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:28:29:28:35 | tainted | provenance | | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:30:29:30:35 | tainted | provenance | | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:33:29:33:35 | tainted | provenance | | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:35:29:35:35 | tainted | provenance | | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:38:29:38:35 | tainted | provenance | | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:45:29:45:35 | tainted | provenance | | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:48:19:48:25 | tainted | provenance | | +| sanitiser.js:16:17:16:27 | window.name | sanitiser.js:16:7:16:27 | tainted | provenance | | +| sanitiser.js:23:29:23:35 | tainted | sanitiser.js:23:21:23:44 | '' + ... '' | provenance | | +| sanitiser.js:25:29:25:35 | tainted | sanitiser.js:25:21:25:44 | '' + ... '' | provenance | | +| sanitiser.js:28:29:28:35 | tainted | sanitiser.js:28:21:28:44 | '' + ... '' | provenance | | +| sanitiser.js:30:29:30:35 | tainted | sanitiser.js:30:21:30:44 | '' + ... '' | provenance | | +| sanitiser.js:33:29:33:35 | tainted | sanitiser.js:33:21:33:44 | '' + ... '' | provenance | | +| sanitiser.js:35:29:35:35 | tainted | sanitiser.js:35:21:35:44 | '' + ... '' | provenance | | +| sanitiser.js:38:29:38:35 | tainted | sanitiser.js:38:21:38:44 | '' + ... '' | provenance | | +| sanitiser.js:45:29:45:35 | tainted | sanitiser.js:45:21:45:44 | '' + ... '' | provenance | | +| sanitiser.js:48:19:48:25 | tainted | sanitiser.js:48:19:48:46 | tainted ... /g, '') | provenance | | +| stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') | provenance | | +| stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') | provenance | Config | +| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') | provenance | | +| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') | provenance | Config | +| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:10:16:10:44 | localSt ... local') | provenance | | +| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:10:16:10:44 | localSt ... local') | provenance | Config | +| stored-xss.js:10:9:10:44 | href | stored-xss.js:12:35:12:38 | href | provenance | | +| stored-xss.js:10:16:10:44 | localSt ... local') | stored-xss.js:10:9:10:44 | href | provenance | | +| stored-xss.js:12:35:12:38 | href | stored-xss.js:12:20:12:54 | "" | provenance | | +| stored-xss.js:12:35:12:38 | href | stored-xss.js:12:20:12:54 | "" | provenance | Config | +| string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() | provenance | | +| string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() | provenance | Config | +| string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() | provenance | | +| string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() | provenance | Config | +| string-manipulations.js:7:16:7:37 | documen ... on.href | string-manipulations.js:7:16:7:51 | documen ... rCase() | provenance | | +| string-manipulations.js:7:16:7:37 | documen ... on.href | string-manipulations.js:7:16:7:51 | documen ... rCase() | provenance | Config | +| string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() | provenance | | +| string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() | provenance | Config | +| string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) | provenance | | +| string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) | provenance | Config | +| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | provenance | | +| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | provenance | Config | +| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:10:25:10:30 | source | provenance | | +| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:11:25:11:30 | source | provenance | | +| tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:6:11:6:30 | source | provenance | | +| tooltip.jsx:22:11:22:30 | source | tooltip.jsx:23:38:23:43 | source | provenance | | +| tooltip.jsx:22:20:22:30 | window.name | tooltip.jsx:22:11:22:30 | source | provenance | | +| tooltip.jsx:23:38:23:43 | source | tooltip.jsx:18:51:18:59 | provide() | provenance | | +| translate.js:6:7:6:39 | target | translate.js:7:42:7:47 | target | provenance | | +| translate.js:6:16:6:39 | documen ... .search | translate.js:6:7:6:39 | target | provenance | | +| translate.js:7:7:7:61 | searchParams | translate.js:9:27:9:38 | searchParams | provenance | | +| translate.js:7:22:7:61 | new URL ... ing(1)) | translate.js:7:7:7:61 | searchParams | provenance | | +| translate.js:7:42:7:47 | target | translate.js:7:42:7:60 | target.substring(1) | provenance | | +| translate.js:7:42:7:47 | target | translate.js:7:42:7:60 | target.substring(1) | provenance | Config | +| translate.js:7:42:7:60 | target.substring(1) | translate.js:7:22:7:61 | new URL ... ing(1)) | provenance | | +| translate.js:9:27:9:38 | searchParams | translate.js:9:27:9:50 | searchP ... 'term') | provenance | Config | +| trusted-types-lib.js:1:28:1:28 | x | trusted-types-lib.js:2:12:2:12 | x | provenance | | +| trusted-types.js:3:62:3:62 | x | trusted-types.js:3:67:3:67 | x | provenance | | +| trusted-types.js:4:20:4:30 | window.name | trusted-types.js:3:62:3:62 | x | provenance | | +| trusted-types.js:13:20:13:30 | window.name | trusted-types-lib.js:1:28:1:28 | x | provenance | | +| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:4:25:4:28 | data | provenance | | +| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:5:26:5:29 | data | provenance | | +| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:7:32:7:35 | data | provenance | | +| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:9:37:9:40 | data | provenance | | +| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:10:38:10:41 | data | provenance | | +| tst3.js:2:23:2:74 | decodeU ... str(1)) | tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | provenance | | +| tst3.js:2:42:2:63 | window. ... .search | tst3.js:2:42:2:73 | window. ... bstr(1) | provenance | Config | +| tst3.js:2:42:2:73 | window. ... bstr(1) | tst3.js:2:23:2:74 | decodeU ... str(1)) | provenance | | +| tst3.js:4:25:4:28 | data | tst3.js:4:25:4:32 | data.src | provenance | | +| tst3.js:5:26:5:29 | data | tst3.js:5:26:5:31 | data.p | provenance | | +| tst3.js:7:32:7:35 | data | tst3.js:7:32:7:37 | data.p | provenance | | +| tst3.js:9:37:9:40 | data | tst3.js:9:37:9:42 | data.p | provenance | | +| tst3.js:10:38:10:41 | data | tst3.js:10:38:10:43 | data.p | provenance | | +| tst.js:2:7:2:39 | target | tst.js:5:18:5:23 | target | provenance | | +| tst.js:2:7:2:39 | target | tst.js:12:28:12:33 | target | provenance | | +| tst.js:2:7:2:39 | target | tst.js:20:42:20:47 | target | provenance | | +| tst.js:2:16:2:39 | documen ... .search | tst.js:2:7:2:39 | target | provenance | | +| tst.js:8:37:8:58 | documen ... on.href | tst.js:8:37:8:114 | documen ... t=")+8) | provenance | | +| tst.js:8:37:8:58 | documen ... on.href | tst.js:8:37:8:114 | documen ... t=")+8) | provenance | Config | +| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | provenance | | +| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | provenance | Config | +| tst.js:12:28:12:33 | target | tst.js:12:5:12:42 | '
' | provenance | Config | +| tst.js:17:7:17:56 | params | tst.js:18:18:18:23 | params | provenance | | +| tst.js:17:16:17:43 | (new UR ... ation)) [searchParams] | tst.js:17:16:17:56 | (new UR ... hParams | provenance | | +| tst.js:17:16:17:56 | (new UR ... hParams | tst.js:17:7:17:56 | params | provenance | | +| tst.js:17:17:17:42 | new URL ... cation) [searchParams] | tst.js:17:16:17:43 | (new UR ... ation)) [searchParams] | provenance | | +| tst.js:17:25:17:41 | document.location | tst.js:17:17:17:42 | new URL ... cation) [searchParams] | provenance | | +| tst.js:18:18:18:23 | params | tst.js:18:18:18:35 | params.get('name') | provenance | Config | +| tst.js:20:7:20:61 | searchParams | tst.js:21:18:21:29 | searchParams | provenance | | +| tst.js:20:22:20:61 | new URL ... ing(1)) | tst.js:20:7:20:61 | searchParams | provenance | | +| tst.js:20:42:20:47 | target | tst.js:20:42:20:60 | target.substring(1) | provenance | | +| tst.js:20:42:20:47 | target | tst.js:20:42:20:60 | target.substring(1) | provenance | Config | +| tst.js:20:42:20:60 | target.substring(1) | tst.js:20:22:20:61 | new URL ... ing(1)) | provenance | | +| tst.js:21:18:21:29 | searchParams | tst.js:21:18:21:41 | searchP ... 'name') | provenance | Config | +| tst.js:24:14:24:19 | target | tst.js:26:18:26:23 | target | provenance | | +| tst.js:28:5:28:28 | documen ... .search | tst.js:24:14:24:19 | target | provenance | | +| tst.js:31:10:31:33 | documen ... .search | tst.js:34:16:34:20 | bar() | provenance | | +| tst.js:31:10:31:33 | documen ... .search | tst.js:58:26:58:30 | bar() | provenance | | +| tst.js:31:10:31:33 | documen ... .search | tst.js:68:16:68:20 | bar() | provenance | | +| tst.js:36:14:36:14 | x | tst.js:37:10:37:10 | x | provenance | | +| tst.js:40:20:40:43 | documen ... .search | tst.js:36:14:36:14 | x | provenance | | +| tst.js:40:20:40:43 | documen ... .search | tst.js:40:16:40:44 | baz(doc ... search) | provenance | | +| tst.js:42:15:42:15 | s | tst.js:43:20:43:20 | s | provenance | | +| tst.js:43:20:43:20 | s | tst.js:43:10:43:31 | "
" ...
" | provenance | | +| tst.js:43:20:43:20 | s | tst.js:43:10:43:31 | "
" ...
" | provenance | Config | +| tst.js:46:21:46:44 | documen ... .search | tst.js:42:15:42:15 | s | provenance | | +| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | provenance | | +| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | provenance | Config | +| tst.js:48:15:48:15 | s | tst.js:50:12:50:12 | s | provenance | | +| tst.js:50:12:50:12 | s | tst.js:50:12:50:22 | s.substr(1) | provenance | | +| tst.js:50:12:50:12 | s | tst.js:50:12:50:22 | s.substr(1) | provenance | Config | +| tst.js:54:21:54:44 | documen ... .search | tst.js:48:15:48:15 | s | provenance | | +| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | provenance | | +| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | provenance | Config | +| tst.js:56:21:56:44 | documen ... .search | tst.js:48:15:48:15 | s | provenance | | +| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | provenance | | +| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | provenance | Config | +| tst.js:58:21:58:31 | chop(bar()) | tst.js:42:15:42:15 | s | provenance | | +| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | provenance | | +| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | provenance | Config | +| tst.js:58:26:58:30 | bar() | tst.js:48:15:48:15 | s | provenance | | +| tst.js:58:26:58:30 | bar() | tst.js:58:21:58:31 | chop(bar()) | provenance | | +| tst.js:58:26:58:30 | bar() | tst.js:58:21:58:31 | chop(bar()) | provenance | Config | +| tst.js:60:34:60:34 | s | tst.js:62:18:62:18 | s | provenance | | +| tst.js:64:25:64:48 | documen ... .search | tst.js:60:34:60:34 | s | provenance | | +| tst.js:65:25:65:48 | documen ... .search | tst.js:60:34:60:34 | s | provenance | | +| tst.js:70:1:70:27 | [,docum ... search] | tst.js:70:46:70:46 | x | provenance | | +| tst.js:70:1:70:27 | [,docum ... search] | tst.js:70:46:70:46 | x | provenance | Config | +| tst.js:70:1:70:27 | [,docum ... search] [1] | tst.js:70:46:70:46 | x | provenance | | +| tst.js:70:3:70:26 | documen ... .search | tst.js:70:1:70:27 | [,docum ... search] | provenance | | +| tst.js:70:3:70:26 | documen ... .search | tst.js:70:1:70:27 | [,docum ... search] | provenance | Config | +| tst.js:70:3:70:26 | documen ... .search | tst.js:70:1:70:27 | [,docum ... search] [1] | provenance | | +| tst.js:70:46:70:46 | x | tst.js:73:20:73:20 | x | provenance | | +| tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v | provenance | | +| tst.js:107:7:107:44 | v | tst.js:136:18:136:18 | v | provenance | | +| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | provenance | | +| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | provenance | Config | +| tst.js:107:11:107:44 | documen ... bstr(1) | tst.js:107:7:107:44 | v | provenance | | +| tst.js:148:29:148:50 | window. ... .search | tst.js:151:29:151:29 | v | provenance | | +| tst.js:151:29:151:29 | v | tst.js:151:49:151:49 | v | provenance | | +| tst.js:158:40:158:61 | window. ... .search | tst.js:155:29:155:46 | xssSourceService() | provenance | | +| tst.js:177:9:177:41 | target | tst.js:180:28:180:33 | target | provenance | | +| tst.js:177:18:177:41 | documen ... .search | tst.js:177:9:177:41 | target | provenance | | +| tst.js:184:9:184:42 | tainted | tst.js:186:31:186:37 | tainted | provenance | | +| tst.js:184:9:184:42 | tainted | tst.js:188:42:188:48 | tainted | provenance | | +| tst.js:184:9:184:42 | tainted | tst.js:189:33:189:39 | tainted | provenance | | +| tst.js:184:9:184:42 | tainted | tst.js:191:54:191:60 | tainted | provenance | | +| tst.js:184:9:184:42 | tainted | tst.js:192:45:192:51 | tainted | provenance | | +| tst.js:184:9:184:42 | tainted | tst.js:193:49:193:55 | tainted | provenance | | +| tst.js:184:19:184:42 | documen ... .search | tst.js:184:9:184:42 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:199:67:199:73 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:200:67:200:73 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:204:35:204:41 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:206:46:206:52 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:207:38:207:44 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:208:35:208:41 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:236:35:236:41 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:238:20:238:26 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:240:23:240:29 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:241:23:241:29 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:255:23:255:29 | tainted | provenance | | +| tst.js:197:19:197:42 | documen ... .search | tst.js:197:9:197:42 | tainted | provenance | | +| tst.js:204:35:204:41 | tainted | tst.js:212:28:212:46 | this.state.tainted1 | provenance | | +| tst.js:204:35:204:41 | tainted | tst.js:212:28:212:46 | this.state.tainted1 | provenance | Config | +| tst.js:206:46:206:52 | tainted | tst.js:213:28:213:46 | this.state.tainted2 | provenance | | +| tst.js:206:46:206:52 | tainted | tst.js:213:28:213:46 | this.state.tainted2 | provenance | Config | +| tst.js:207:38:207:44 | tainted | tst.js:214:28:214:46 | this.state.tainted3 | provenance | | +| tst.js:207:38:207:44 | tainted | tst.js:214:28:214:46 | this.state.tainted3 | provenance | Config | +| tst.js:208:35:208:41 | tainted | tst.js:218:32:218:49 | prevState.tainted4 | provenance | | +| tst.js:208:35:208:41 | tainted | tst.js:218:32:218:49 | prevState.tainted4 | provenance | Config | +| tst.js:236:35:236:41 | tainted | tst.js:225:28:225:46 | this.props.tainted1 | provenance | | +| tst.js:238:20:238:26 | tainted | tst.js:226:28:226:46 | this.props.tainted2 | provenance | | +| tst.js:240:23:240:29 | tainted | tst.js:227:28:227:46 | this.props.tainted3 | provenance | | +| tst.js:241:23:241:29 | tainted | tst.js:231:32:231:49 | prevProps.tainted4 | provenance | | +| tst.js:247:39:247:55 | props.propTainted | tst.js:251:60:251:82 | this.st ... Tainted | provenance | | +| tst.js:247:39:247:55 | props.propTainted | tst.js:251:60:251:82 | this.st ... Tainted | provenance | Config | +| tst.js:255:23:255:29 | tainted | tst.js:247:39:247:55 | props.propTainted | provenance | | +| tst.js:285:9:285:29 | tainted | tst.js:288:59:288:65 | tainted | provenance | | +| tst.js:285:19:285:29 | window.name | tst.js:285:9:285:29 | tainted | provenance | | +| tst.js:301:9:301:16 | location | tst.js:302:10:302:10 | e | provenance | | +| tst.js:302:10:302:10 | e | tst.js:303:20:303:20 | e | provenance | | +| tst.js:308:10:308:17 | location | tst.js:310:10:310:10 | e | provenance | | +| tst.js:310:10:310:10 | e | tst.js:311:20:311:20 | e | provenance | | +| tst.js:327:10:327:35 | new URL ... cation) [searchParams] | tst.js:331:16:331:30 | getTaintedUrl() [searchParams] | provenance | | +| tst.js:327:18:327:34 | document.location | tst.js:327:10:327:35 | new URL ... cation) [searchParams] | provenance | | +| tst.js:331:7:331:43 | params | tst.js:332:18:332:23 | params | provenance | | +| tst.js:331:16:331:30 | getTaintedUrl() [searchParams] | tst.js:331:16:331:43 | getTain ... hParams | provenance | | +| tst.js:331:16:331:43 | getTain ... hParams | tst.js:331:7:331:43 | params | provenance | | +| tst.js:332:18:332:23 | params | tst.js:332:18:332:35 | params.get('name') | provenance | Config | +| tst.js:341:12:341:37 | new URL ... cation) [hash] | tst.js:343:5:343:12 | getUrl() [hash] | provenance | | +| tst.js:341:20:341:36 | document.location | tst.js:341:12:341:37 | new URL ... cation) [hash] | provenance | | +| tst.js:343:5:343:12 | getUrl() [hash] | tst.js:343:5:343:17 | getUrl().hash | provenance | | +| tst.js:343:5:343:17 | getUrl().hash | tst.js:343:5:343:30 | getUrl( ... ring(1) | provenance | Config | +| tst.js:348:7:348:39 | target | tst.js:349:12:349:17 | target | provenance | | +| tst.js:348:16:348:39 | documen ... .search | tst.js:348:7:348:39 | target | provenance | | +| tst.js:355:10:355:42 | target | tst.js:356:16:356:21 | target | provenance | | +| tst.js:355:10:355:42 | target | tst.js:360:21:360:26 | target | provenance | | +| tst.js:355:10:355:42 | target | tst.js:363:18:363:23 | target | provenance | | +| tst.js:355:19:355:42 | documen ... .search | tst.js:355:10:355:42 | target | provenance | | +| tst.js:371:7:371:39 | target | tst.js:374:18:374:23 | target | provenance | | +| tst.js:371:16:371:39 | documen ... .search | tst.js:371:7:371:39 | target | provenance | | +| tst.js:381:7:381:39 | target | tst.js:384:18:384:23 | target | provenance | | +| tst.js:381:7:381:39 | target | tst.js:386:18:386:23 | target | provenance | | +| tst.js:381:7:381:39 | target | tst.js:397:18:397:23 | target | provenance | | +| tst.js:381:7:381:39 | target | tst.js:406:18:406:23 | target | provenance | | +| tst.js:381:7:381:39 | target | tst.js:408:19:408:24 | target | provenance | | +| tst.js:381:7:381:39 | target [taint3] | tst.js:392:18:392:23 | target [taint3] | provenance | | +| tst.js:381:7:381:39 | target [taint8] | tst.js:408:19:408:24 | target [taint8] | provenance | | +| tst.js:381:7:381:39 | target [taint8] | tst.js:409:18:409:23 | target [taint8] | provenance | | +| tst.js:381:16:381:39 | documen ... .search | tst.js:381:7:381:39 | target | provenance | | +| tst.js:386:18:386:23 | target | tst.js:386:18:386:29 | target.taint | provenance | | +| tst.js:386:18:386:23 | target | tst.js:386:18:386:29 | target.taint | provenance | Config | +| tst.js:391:3:391:8 | [post update] target [taint3] | tst.js:381:7:381:39 | target [taint3] | provenance | | +| tst.js:391:19:391:42 | documen ... .search | tst.js:391:3:391:8 | [post update] target [taint3] | provenance | | +| tst.js:392:18:392:23 | target [taint3] | tst.js:392:18:392:30 | target.taint3 | provenance | | +| tst.js:397:18:397:23 | target | tst.js:397:18:397:30 | target.taint5 | provenance | | +| tst.js:397:18:397:23 | target | tst.js:397:18:397:30 | target.taint5 | provenance | Config | +| tst.js:406:18:406:23 | target | tst.js:406:18:406:30 | target.taint7 | provenance | | +| tst.js:406:18:406:23 | target | tst.js:406:18:406:30 | target.taint7 | provenance | Config | +| tst.js:408:3:408:8 | [post update] target [taint8] | tst.js:381:7:381:39 | target [taint8] | provenance | | +| tst.js:408:19:408:24 | target | tst.js:408:19:408:31 | target.taint8 | provenance | | +| tst.js:408:19:408:24 | target | tst.js:408:19:408:31 | target.taint8 | provenance | Config | +| tst.js:408:19:408:24 | target [taint8] | tst.js:408:19:408:31 | target.taint8 | provenance | | +| tst.js:408:19:408:31 | target.taint8 | tst.js:408:3:408:8 | [post update] target [taint8] | provenance | | +| tst.js:409:18:409:23 | target [taint8] | tst.js:409:18:409:30 | target.taint8 | provenance | | +| tst.js:416:7:416:46 | payload | tst.js:417:18:417:24 | payload | provenance | | +| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | provenance | | +| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | provenance | Config | +| tst.js:416:17:416:46 | window. ... bstr(1) | tst.js:416:7:416:46 | payload | provenance | | +| tst.js:419:7:419:55 | match | tst.js:421:20:421:24 | match | provenance | | +| tst.js:419:15:419:34 | window.location.hash | tst.js:419:15:419:55 | window. ... (\\w+)/) | provenance | | +| tst.js:419:15:419:34 | window.location.hash | tst.js:419:15:419:55 | window. ... (\\w+)/) | provenance | Config | +| tst.js:419:15:419:55 | window. ... (\\w+)/) | tst.js:419:7:419:55 | match | provenance | | +| tst.js:421:20:421:24 | match | tst.js:421:20:421:27 | match[1] | provenance | | +| tst.js:421:20:421:24 | match | tst.js:421:20:421:27 | match[1] | provenance | Config | +| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | provenance | | +| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | provenance | Config | +| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | provenance | | +| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | provenance | Config | +| tst.js:428:7:428:39 | target | tst.js:430:18:430:23 | target | provenance | | +| tst.js:428:16:428:39 | documen ... .search | tst.js:428:7:428:39 | target | provenance | | +| tst.js:430:18:430:23 | target | tst.js:430:18:430:89 | target. ... data>') | provenance | | +| tst.js:430:18:430:23 | target | tst.js:430:18:430:89 | target. ... data>') | provenance | Config | +| tst.js:436:6:436:38 | source | tst.js:440:28:440:33 | source | provenance | | +| tst.js:436:6:436:38 | source | tst.js:441:33:441:38 | source | provenance | | +| tst.js:436:6:436:38 | source | tst.js:442:34:442:39 | source | provenance | | +| tst.js:436:6:436:38 | source | tst.js:443:41:443:46 | source | provenance | | +| tst.js:436:6:436:38 | source | tst.js:444:44:444:49 | source | provenance | | +| tst.js:436:6:436:38 | source | tst.js:445:32:445:37 | source | provenance | | +| tst.js:436:15:436:38 | documen ... .search | tst.js:436:6:436:38 | source | provenance | | +| tst.js:453:7:453:39 | source | tst.js:455:18:455:23 | source | provenance | | +| tst.js:453:7:453:39 | source | tst.js:456:36:456:41 | source | provenance | | +| tst.js:453:16:453:39 | documen ... .search | tst.js:453:7:453:39 | source | provenance | | +| tst.js:456:36:456:41 | source | tst.js:456:18:456:42 | ansiToH ... source) | provenance | | +| tst.js:456:36:456:41 | source | tst.js:456:18:456:42 | ansiToH ... source) | provenance | Config | +| tst.js:460:6:460:38 | source | tst.js:463:21:463:26 | source | provenance | | +| tst.js:460:6:460:38 | source | tst.js:465:19:465:24 | source | provenance | | +| tst.js:460:6:460:38 | source | tst.js:467:20:467:25 | source | provenance | | +| tst.js:460:15:460:38 | documen ... .search | tst.js:460:6:460:38 | source | provenance | | +| tst.js:471:7:471:46 | url | tst.js:473:19:473:21 | url | provenance | | +| tst.js:471:7:471:46 | url | tst.js:474:26:474:28 | url | provenance | | +| tst.js:471:7:471:46 | url | tst.js:475:25:475:27 | url | provenance | | +| tst.js:471:7:471:46 | url | tst.js:476:20:476:22 | url | provenance | | +| tst.js:471:7:471:46 | url | tst.js:486:22:486:24 | url | provenance | | +| tst.js:471:13:471:36 | documen ... .search | tst.js:471:13:471:46 | documen ... bstr(1) | provenance | Config | +| tst.js:471:13:471:46 | documen ... bstr(1) | tst.js:471:7:471:46 | url | provenance | | +| tst.js:491:23:491:35 | location.hash | tst.js:491:23:491:45 | locatio ... bstr(1) | provenance | Config | +| tst.js:494:18:494:30 | location.hash | tst.js:494:18:494:40 | locatio ... bstr(1) | provenance | Config | +| tst.js:501:43:501:62 | window.location.hash | tst.js:501:33:501:63 | decodeU ... n.hash) | provenance | | +| tst.js:501:43:501:62 | window.location.hash | tst.js:501:33:501:63 | decodeU ... n.hash) | provenance | Config | +| typeahead.js:20:13:20:45 | target | typeahead.js:21:12:21:17 | target | provenance | | +| typeahead.js:20:22:20:45 | documen ... .search | typeahead.js:20:13:20:45 | target | provenance | | +| typeahead.js:21:12:21:17 | target | typeahead.js:24:30:24:32 | val | provenance | | +| typeahead.js:21:12:21:17 | target | typeahead.js:24:30:24:32 | val | provenance | Config | +| typeahead.js:24:30:24:32 | val | typeahead.js:25:18:25:20 | val | provenance | | +| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:4:14:4:20 | tainted | provenance | | +| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:5:12:5:18 | tainted | provenance | | +| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:6:19:6:25 | tainted | provenance | | +| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:7:14:7:20 | tainted | provenance | | +| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:9:19:9:25 | tainted | provenance | | +| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:10:16:10:22 | tainted | provenance | | +| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:11:24:11:30 | tainted | provenance | | +| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:12:19:12:25 | tainted | provenance | | +| various-concat-obfuscations.js:2:16:2:39 | documen ... .search | various-concat-obfuscations.js:2:6:2:39 | tainted | provenance | | +| various-concat-obfuscations.js:4:14:4:20 | tainted | various-concat-obfuscations.js:4:4:4:31 | "
" ...
" | provenance | Config | +| various-concat-obfuscations.js:5:12:5:18 | tainted | various-concat-obfuscations.js:5:4:5:26 | `
$ ...
` | provenance | Config | +| various-concat-obfuscations.js:6:4:6:26 | "
" ... ainted) | various-concat-obfuscations.js:6:4:6:43 | "
" ... /div>") | provenance | | +| various-concat-obfuscations.js:6:19:6:25 | tainted | various-concat-obfuscations.js:6:4:6:26 | "
" ... ainted) | provenance | Config | +| various-concat-obfuscations.js:7:4:7:31 | ["
... /div>"] | various-concat-obfuscations.js:7:4:7:38 | ["
... .join() | provenance | | +| various-concat-obfuscations.js:7:14:7:20 | tainted | various-concat-obfuscations.js:7:4:7:31 | ["
... /div>"] | provenance | Config | +| various-concat-obfuscations.js:9:19:9:25 | tainted | various-concat-obfuscations.js:9:4:9:34 | "
" | provenance | Config | +| various-concat-obfuscations.js:10:16:10:22 | tainted | various-concat-obfuscations.js:10:4:10:27 | `
` | provenance | Config | +| various-concat-obfuscations.js:11:4:11:31 | "
") | provenance | | +| various-concat-obfuscations.js:11:24:11:30 | tainted | various-concat-obfuscations.js:11:4:11:31 | "
"] | various-concat-obfuscations.js:12:4:12:41 | ["
"] | provenance | Config | +| various-concat-obfuscations.js:14:24:14:28 | attrs | various-concat-obfuscations.js:15:28:15:32 | attrs | provenance | | +| various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | various-concat-obfuscations.js:15:10:15:83 | '
' | provenance | Config | +| various-concat-obfuscations.js:15:28:15:32 | attrs | various-concat-obfuscations.js:15:28:15:44 | attrs.defaultattr | provenance | | +| various-concat-obfuscations.js:15:28:15:32 | attrs | various-concat-obfuscations.js:15:28:15:44 | attrs.defaultattr | provenance | Config | +| various-concat-obfuscations.js:15:28:15:44 | attrs.defaultattr | various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | provenance | | +| various-concat-obfuscations.js:17:24:17:28 | attrs | various-concat-obfuscations.js:18:32:18:36 | attrs | provenance | | +| various-concat-obfuscations.js:18:10:18:59 | '
') | provenance | | +| various-concat-obfuscations.js:18:10:18:88 | '
') | provenance | | +| various-concat-obfuscations.js:18:32:18:36 | attrs | various-concat-obfuscations.js:18:32:18:48 | attrs.defaultattr | provenance | | +| various-concat-obfuscations.js:18:32:18:36 | attrs | various-concat-obfuscations.js:18:32:18:48 | attrs.defaultattr | provenance | Config | +| various-concat-obfuscations.js:18:32:18:48 | attrs.defaultattr | various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | provenance | | +| various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | various-concat-obfuscations.js:18:10:18:59 | '
" ...
" | tst.js:46:16:46:45 | wrap(do ... search) | +| tst.js:54:21:54:44 | documen ... .search | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:54:16:54:45 | chop(do ... search) | +| tst.js:56:21:56:44 | documen ... .search | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:56:16:56:45 | chop(do ... search) | +| tst.js:58:21:58:31 | chop(bar()) | tst.js:42:15:42:15 | s | tst.js:43:10:43:31 | "
" ...
" | tst.js:58:16:58:32 | wrap(chop(bar())) | +| tst.js:58:26:58:30 | bar() | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:58:21:58:31 | chop(bar()) | +| various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | various-concat-obfuscations.js:14:24:14:28 | attrs | various-concat-obfuscations.js:15:10:15:83 | '
' | various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | +| various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | various-concat-obfuscations.js:17:24:17:28 | attrs | various-concat-obfuscations.js:18:10:18:105 | '
') | various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | #select | addEventListener.js:2:20:2:29 | event.data | addEventListener.js:1:43:1:47 | event | addEventListener.js:2:20:2:29 | event.data | Cross-site scripting vulnerability due to $@. | addEventListener.js:1:43:1:47 | event | user-provided value | | addEventListener.js:6:20:6:23 | data | addEventListener.js:5:43:5:48 | {data} | addEventListener.js:6:20:6:23 | data | Cross-site scripting vulnerability due to $@. | addEventListener.js:5:43:5:48 | {data} | user-provided value | @@ -2485,7 +1321,6 @@ edges | react-use-context.js:10:22:10:32 | window.name | react-use-context.js:10:22:10:32 | window.name | react-use-context.js:10:22:10:32 | window.name | Cross-site scripting vulnerability due to $@. | react-use-context.js:10:22:10:32 | window.name | user-provided value | | react-use-context.js:16:26:16:36 | window.name | react-use-context.js:16:26:16:36 | window.name | react-use-context.js:16:26:16:36 | window.name | Cross-site scripting vulnerability due to $@. | react-use-context.js:16:26:16:36 | window.name | user-provided value | | react-use-router.js:8:21:8:39 | router.query.foobar | react-use-router.js:8:21:8:32 | router.query | react-use-router.js:8:21:8:39 | router.query.foobar | Cross-site scripting vulnerability due to $@. | react-use-router.js:8:21:8:32 | router.query | user-provided value | -| react-use-router.js:11:24:11:42 | router.query.foobar | react-use-router.js:8:21:8:32 | router.query | react-use-router.js:11:24:11:42 | router.query.foobar | Cross-site scripting vulnerability due to $@. | react-use-router.js:8:21:8:32 | router.query | user-provided value | | react-use-router.js:11:24:11:42 | router.query.foobar | react-use-router.js:11:24:11:35 | router.query | react-use-router.js:11:24:11:42 | router.query.foobar | Cross-site scripting vulnerability due to $@. | react-use-router.js:11:24:11:35 | router.query | user-provided value | | react-use-router.js:23:43:23:61 | router.query.foobar | react-use-router.js:23:43:23:54 | router.query | react-use-router.js:23:43:23:61 | router.query.foobar | Cross-site scripting vulnerability due to $@. | react-use-router.js:23:43:23:54 | router.query | user-provided value | | react-use-router.js:33:21:33:39 | router.query.foobar | react-use-router.js:33:21:33:32 | router.query | react-use-router.js:33:21:33:39 | router.query.foobar | Cross-site scripting vulnerability due to $@. | react-use-router.js:33:21:33:32 | router.query | user-provided value | @@ -2494,8 +1329,11 @@ edges | react-use-state.js:17:51:17:55 | state | react-use-state.js:16:20:16:30 | window.name | react-use-state.js:17:51:17:55 | state | Cross-site scripting vulnerability due to $@. | react-use-state.js:16:20:16:30 | window.name | user-provided value | | react-use-state.js:23:35:23:38 | prev | react-use-state.js:25:20:25:30 | window.name | react-use-state.js:23:35:23:38 | prev | Cross-site scripting vulnerability due to $@. | react-use-state.js:25:20:25:30 | window.name | user-provided value | | sanitiser.js:23:21:23:44 | '' + ... '' | sanitiser.js:16:17:16:27 | window.name | sanitiser.js:23:21:23:44 | '' + ... '' | Cross-site scripting vulnerability due to $@. | sanitiser.js:16:17:16:27 | window.name | user-provided value | +| sanitiser.js:25:21:25:44 | '' + ... '' | sanitiser.js:16:17:16:27 | window.name | sanitiser.js:25:21:25:44 | '' + ... '' | Cross-site scripting vulnerability due to $@. | sanitiser.js:16:17:16:27 | window.name | user-provided value | +| sanitiser.js:28:21:28:44 | '' + ... '' | sanitiser.js:16:17:16:27 | window.name | sanitiser.js:28:21:28:44 | '' + ... '' | Cross-site scripting vulnerability due to $@. | sanitiser.js:16:17:16:27 | window.name | user-provided value | | sanitiser.js:30:21:30:44 | '' + ... '' | sanitiser.js:16:17:16:27 | window.name | sanitiser.js:30:21:30:44 | '' + ... '' | Cross-site scripting vulnerability due to $@. | sanitiser.js:16:17:16:27 | window.name | user-provided value | | sanitiser.js:33:21:33:44 | '' + ... '' | sanitiser.js:16:17:16:27 | window.name | sanitiser.js:33:21:33:44 | '' + ... '' | Cross-site scripting vulnerability due to $@. | sanitiser.js:16:17:16:27 | window.name | user-provided value | +| sanitiser.js:35:21:35:44 | '' + ... '' | sanitiser.js:16:17:16:27 | window.name | sanitiser.js:35:21:35:44 | '' + ... '' | Cross-site scripting vulnerability due to $@. | sanitiser.js:16:17:16:27 | window.name | user-provided value | | sanitiser.js:38:21:38:44 | '' + ... '' | sanitiser.js:16:17:16:27 | window.name | sanitiser.js:38:21:38:44 | '' + ... '' | Cross-site scripting vulnerability due to $@. | sanitiser.js:16:17:16:27 | window.name | user-provided value | | sanitiser.js:45:21:45:44 | '' + ... '' | sanitiser.js:16:17:16:27 | window.name | sanitiser.js:45:21:45:44 | '' + ... '' | Cross-site scripting vulnerability due to $@. | sanitiser.js:16:17:16:27 | window.name | user-provided value | | sanitiser.js:48:19:48:46 | tainted ... /g, '') | sanitiser.js:16:17:16:27 | window.name | sanitiser.js:48:19:48:46 | tainted ... /g, '') | Cross-site scripting vulnerability due to $@. | sanitiser.js:16:17:16:27 | window.name | user-provided value | @@ -2612,7 +1450,6 @@ edges | tst.js:494:18:494:40 | locatio ... bstr(1) | tst.js:494:18:494:30 | location.hash | tst.js:494:18:494:40 | locatio ... bstr(1) | Cross-site scripting vulnerability due to $@. | tst.js:494:18:494:30 | location.hash | user-provided value | | tst.js:501:33:501:63 | decodeU ... n.hash) | tst.js:501:43:501:62 | window.location.hash | tst.js:501:33:501:63 | decodeU ... n.hash) | Cross-site scripting vulnerability due to $@. | tst.js:501:43:501:62 | window.location.hash | user-provided value | | typeahead.js:25:18:25:20 | val | typeahead.js:20:22:20:45 | documen ... .search | typeahead.js:25:18:25:20 | val | Cross-site scripting vulnerability due to $@. | typeahead.js:20:22:20:45 | documen ... .search | user-provided value | -| v-html.vue:2:8:2:23 | v-html=tainted | v-html.vue:6:42:6:58 | document.location | v-html.vue:2:8:2:23 | v-html=tainted | Cross-site scripting vulnerability due to $@. | v-html.vue:6:42:6:58 | document.location | user-provided value | | various-concat-obfuscations.js:4:4:4:31 | "
" ...
" | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | various-concat-obfuscations.js:4:4:4:31 | "
" ...
" | Cross-site scripting vulnerability due to $@. | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | user-provided value | | various-concat-obfuscations.js:5:4:5:26 | `
$ ...
` | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | various-concat-obfuscations.js:5:4:5:26 | `
$ ...
` | Cross-site scripting vulnerability due to $@. | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | user-provided value | | various-concat-obfuscations.js:6:4:6:43 | "
" ... /div>") | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | various-concat-obfuscations.js:6:4:6:43 | "
" ... /div>") | Cross-site scripting vulnerability due to $@. | various-concat-obfuscations.js:2:16:2:39 | documen ... .search | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.expected b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.expected index 4da197bb047b..d08a55f938cf 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.expected @@ -1,2495 +1,1268 @@ nodes -| addEventListener.js:1:43:1:47 | event | -| addEventListener.js:1:43:1:47 | event | -| addEventListener.js:1:43:1:47 | event | -| addEventListener.js:2:20:2:24 | event | -| addEventListener.js:2:20:2:24 | event | -| addEventListener.js:2:20:2:29 | event.data | -| addEventListener.js:2:20:2:29 | event.data | -| addEventListener.js:2:20:2:29 | event.data | -| addEventListener.js:5:43:5:48 | data | -| addEventListener.js:5:43:5:48 | data | -| addEventListener.js:5:43:5:48 | {data} | -| addEventListener.js:5:43:5:48 | {data} | -| addEventListener.js:5:43:5:48 | {data} | -| addEventListener.js:5:44:5:47 | data | -| addEventListener.js:5:44:5:47 | data | -| addEventListener.js:6:20:6:23 | data | -| addEventListener.js:6:20:6:23 | data | -| addEventListener.js:6:20:6:23 | data | -| addEventListener.js:10:21:10:25 | event | -| addEventListener.js:10:21:10:25 | event | -| addEventListener.js:10:21:10:25 | event | -| addEventListener.js:12:24:12:28 | event | -| addEventListener.js:12:24:12:28 | event | -| addEventListener.js:12:24:12:33 | event.data | -| addEventListener.js:12:24:12:33 | event.data | -| addEventListener.js:12:24:12:33 | event.data | -| angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | -| angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | -| angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | -| angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | -| angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:26:44:26:71 | this.ro ... ragment | -| angular2-client.ts:26:44:26:71 | this.ro ... ragment | -| angular2-client.ts:26:44:26:71 | this.ro ... ragment | -| angular2-client.ts:26:44:26:71 | this.ro ... ragment | -| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | -| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | -| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | -| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | -| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | -| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | -| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | -| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | -| angular2-client.ts:30:46:30:59 | map.get('foo') | -| angular2-client.ts:30:46:30:59 | map.get('foo') | -| angular2-client.ts:30:46:30:59 | map.get('foo') | -| angular2-client.ts:30:46:30:59 | map.get('foo') | -| angular2-client.ts:33:44:33:74 | this.ro ... 1].path | -| angular2-client.ts:33:44:33:74 | this.ro ... 1].path | -| angular2-client.ts:33:44:33:74 | this.ro ... 1].path | -| angular2-client.ts:33:44:33:74 | this.ro ... 1].path | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | -| angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:35:44:35:91 | this.ro ... et('x') | -| angular2-client.ts:35:44:35:91 | this.ro ... et('x') | -| angular2-client.ts:35:44:35:91 | this.ro ... et('x') | -| angular2-client.ts:35:44:35:91 | this.ro ... et('x') | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | -| angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:38:44:38:58 | this.router.url | -| angular2-client.ts:38:44:38:58 | this.router.url | -| angular2-client.ts:38:44:38:58 | this.router.url | -| angular2-client.ts:40:45:40:59 | this.router.url | -| angular2-client.ts:40:45:40:59 | this.router.url | -| angular2-client.ts:40:45:40:59 | this.router.url | -| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | -| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | -| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | -| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | -| classnames.js:7:31:7:84 | `` | -| classnames.js:7:31:7:84 | `` | -| classnames.js:7:47:7:69 | classNa ... w.name) | -| classnames.js:7:58:7:68 | window.name | -| classnames.js:7:58:7:68 | window.name | -| classnames.js:8:31:8:85 | `` | -| classnames.js:8:31:8:85 | `` | -| classnames.js:8:47:8:70 | classNa ... w.name) | -| classnames.js:8:59:8:69 | window.name | -| classnames.js:8:59:8:69 | window.name | -| classnames.js:9:31:9:85 | `` | -| classnames.js:9:31:9:85 | `` | -| classnames.js:9:47:9:70 | classNa ... w.name) | -| classnames.js:9:59:9:69 | window.name | -| classnames.js:9:59:9:69 | window.name | -| classnames.js:10:45:10:55 | window.name | -| classnames.js:10:45:10:55 | window.name | -| classnames.js:11:31:11:79 | `` | -| classnames.js:11:31:11:79 | `` | -| classnames.js:11:47:11:64 | unsafeStyle('foo') | -| classnames.js:13:31:13:83 | `` | -| classnames.js:13:31:13:83 | `` | -| classnames.js:13:47:13:68 | safeSty ... w.name) | -| classnames.js:13:57:13:67 | window.name | -| classnames.js:13:57:13:67 | window.name | -| classnames.js:15:31:15:78 | `` | -| classnames.js:15:31:15:78 | `` | -| classnames.js:15:47:15:63 | clsx(window.name) | -| classnames.js:15:52:15:62 | window.name | -| classnames.js:15:52:15:62 | window.name | -| classnames.js:17:32:17:79 | `` | -| classnames.js:17:32:17:79 | `` | -| classnames.js:17:48:17:64 | clsx(window.name) | -| classnames.js:17:53:17:63 | window.name | -| classnames.js:17:53:17:63 | window.name | -| clipboard.ts:8:11:8:51 | html | -| clipboard.ts:8:11:8:51 | html | -| clipboard.ts:8:18:8:51 | clipboa ... /html') | -| clipboard.ts:8:18:8:51 | clipboa ... /html') | -| clipboard.ts:8:18:8:51 | clipboa ... /html') | -| clipboard.ts:15:25:15:28 | html | -| clipboard.ts:15:25:15:28 | html | -| clipboard.ts:15:25:15:28 | html | -| clipboard.ts:24:23:24:58 | e.clipb ... /html') | -| clipboard.ts:24:23:24:58 | e.clipb ... /html') | -| clipboard.ts:24:23:24:58 | e.clipb ... /html') | -| clipboard.ts:24:23:24:58 | e.clipb ... /html') | -| clipboard.ts:29:19:29:54 | e.clipb ... /html') | -| clipboard.ts:29:19:29:54 | e.clipb ... /html') | -| clipboard.ts:29:19:29:54 | e.clipb ... /html') | -| clipboard.ts:29:19:29:54 | e.clipb ... /html') | -| clipboard.ts:33:19:33:68 | e.origi ... /html') | -| clipboard.ts:33:19:33:68 | e.origi ... /html') | -| clipboard.ts:33:19:33:68 | e.origi ... /html') | -| clipboard.ts:33:19:33:68 | e.origi ... /html') | -| clipboard.ts:43:15:43:55 | html | -| clipboard.ts:43:15:43:55 | html | -| clipboard.ts:43:22:43:55 | clipboa ... /html') | -| clipboard.ts:43:22:43:55 | clipboa ... /html') | -| clipboard.ts:43:22:43:55 | clipboa ... /html') | -| clipboard.ts:50:29:50:32 | html | -| clipboard.ts:50:29:50:32 | html | -| clipboard.ts:50:29:50:32 | html | -| clipboard.ts:71:13:71:62 | droppedHtml | -| clipboard.ts:71:13:71:62 | droppedHtml | -| clipboard.ts:71:27:71:62 | e.clipb ... /html') | -| clipboard.ts:71:27:71:62 | e.clipb ... /html') | -| clipboard.ts:71:27:71:62 | e.clipb ... /html') | -| clipboard.ts:73:29:73:39 | droppedHtml | -| clipboard.ts:73:29:73:39 | droppedHtml | -| clipboard.ts:73:29:73:39 | droppedHtml | -| clipboard.ts:98:15:98:54 | html | -| clipboard.ts:98:15:98:54 | html | -| clipboard.ts:98:22:98:54 | dataTra ... /html') | -| clipboard.ts:98:22:98:54 | dataTra ... /html') | -| clipboard.ts:98:22:98:54 | dataTra ... /html') | -| clipboard.ts:99:23:99:26 | html | -| clipboard.ts:99:23:99:26 | html | -| clipboard.ts:99:23:99:26 | html | -| custom-element.js:5:26:5:36 | window.name | -| custom-element.js:5:26:5:36 | window.name | -| custom-element.js:5:26:5:36 | window.name | -| custom-element.js:5:26:5:36 | window.name | -| d3.js:4:12:4:22 | window.name | -| d3.js:4:12:4:22 | window.name | -| d3.js:4:12:4:22 | window.name | -| d3.js:11:15:11:24 | getTaint() | -| d3.js:11:15:11:24 | getTaint() | -| d3.js:11:15:11:24 | getTaint() | -| d3.js:12:20:12:29 | getTaint() | -| d3.js:12:20:12:29 | getTaint() | -| d3.js:12:20:12:29 | getTaint() | -| d3.js:14:20:14:29 | getTaint() | -| d3.js:14:20:14:29 | getTaint() | -| d3.js:14:20:14:29 | getTaint() | -| d3.js:21:15:21:24 | getTaint() | -| d3.js:21:15:21:24 | getTaint() | -| d3.js:21:15:21:24 | getTaint() | -| dates.js:9:9:9:69 | taint | -| dates.js:9:9:9:69 | taint | -| dates.js:9:17:9:69 | decodeU ... ing(1)) | -| dates.js:9:17:9:69 | decodeU ... ing(1)) | -| dates.js:9:36:9:55 | window.location.hash | -| dates.js:9:36:9:55 | window.location.hash | -| dates.js:9:36:9:68 | window. ... ring(1) | -| dates.js:9:36:9:68 | window. ... ring(1) | -| dates.js:11:31:11:70 | `Time i ... aint)}` | -| dates.js:11:31:11:70 | `Time i ... aint)}` | -| dates.js:11:31:11:70 | `Time i ... aint)}` | -| dates.js:11:42:11:68 | dateFns ... taint) | -| dates.js:11:42:11:68 | dateFns ... taint) | -| dates.js:11:63:11:67 | taint | -| dates.js:11:63:11:67 | taint | -| dates.js:12:31:12:73 | `Time i ... aint)}` | -| dates.js:12:31:12:73 | `Time i ... aint)}` | -| dates.js:12:31:12:73 | `Time i ... aint)}` | -| dates.js:12:42:12:71 | dateFns ... taint) | -| dates.js:12:42:12:71 | dateFns ... taint) | -| dates.js:12:66:12:70 | taint | -| dates.js:12:66:12:70 | taint | -| dates.js:13:31:13:72 | `Time i ... time)}` | -| dates.js:13:31:13:72 | `Time i ... time)}` | -| dates.js:13:31:13:72 | `Time i ... time)}` | -| dates.js:13:42:13:70 | dateFns ... )(time) | -| dates.js:13:42:13:70 | dateFns ... )(time) | -| dates.js:13:59:13:63 | taint | -| dates.js:13:59:13:63 | taint | -| dates.js:16:31:16:69 | `Time i ... aint)}` | -| dates.js:16:31:16:69 | `Time i ... aint)}` | -| dates.js:16:31:16:69 | `Time i ... aint)}` | -| dates.js:16:42:16:67 | moment( ... (taint) | -| dates.js:16:42:16:67 | moment( ... (taint) | -| dates.js:16:62:16:66 | taint | -| dates.js:16:62:16:66 | taint | -| dates.js:18:31:18:66 | `Time i ... aint)}` | -| dates.js:18:31:18:66 | `Time i ... aint)}` | -| dates.js:18:31:18:66 | `Time i ... aint)}` | -| dates.js:18:42:18:64 | datefor ... taint) | -| dates.js:18:42:18:64 | datefor ... taint) | -| dates.js:18:59:18:63 | taint | -| dates.js:18:59:18:63 | taint | -| dates.js:21:31:21:68 | `Time i ... aint)}` | -| dates.js:21:31:21:68 | `Time i ... aint)}` | -| dates.js:21:31:21:68 | `Time i ... aint)}` | -| dates.js:21:42:21:66 | dayjs(t ... (taint) | -| dates.js:21:42:21:66 | dayjs(t ... (taint) | -| dates.js:21:61:21:65 | taint | -| dates.js:21:61:21:65 | taint | -| dates.js:30:9:30:69 | taint | -| dates.js:30:9:30:69 | taint | -| dates.js:30:17:30:69 | decodeU ... ing(1)) | -| dates.js:30:17:30:69 | decodeU ... ing(1)) | -| dates.js:30:36:30:55 | window.location.hash | -| dates.js:30:36:30:55 | window.location.hash | -| dates.js:30:36:30:68 | window. ... ring(1) | -| dates.js:30:36:30:68 | window. ... ring(1) | -| dates.js:37:31:37:84 | `Time i ... aint)}` | -| dates.js:37:31:37:84 | `Time i ... aint)}` | -| dates.js:37:31:37:84 | `Time i ... aint)}` | -| dates.js:37:42:37:82 | dateFns ... taint) | -| dates.js:37:42:37:82 | dateFns ... taint) | -| dates.js:37:77:37:81 | taint | -| dates.js:37:77:37:81 | taint | -| dates.js:38:31:38:84 | `Time i ... aint)}` | -| dates.js:38:31:38:84 | `Time i ... aint)}` | -| dates.js:38:31:38:84 | `Time i ... aint)}` | -| dates.js:38:42:38:82 | luxon.f ... taint) | -| dates.js:38:42:38:82 | luxon.f ... taint) | -| dates.js:38:77:38:81 | taint | -| dates.js:38:77:38:81 | taint | -| dates.js:39:31:39:86 | `Time i ... aint)}` | -| dates.js:39:31:39:86 | `Time i ... aint)}` | -| dates.js:39:31:39:86 | `Time i ... aint)}` | -| dates.js:39:42:39:84 | moment. ... taint) | -| dates.js:39:42:39:84 | moment. ... taint) | -| dates.js:39:79:39:83 | taint | -| dates.js:39:79:39:83 | taint | -| dates.js:40:31:40:84 | `Time i ... aint)}` | -| dates.js:40:31:40:84 | `Time i ... aint)}` | -| dates.js:40:31:40:84 | `Time i ... aint)}` | -| dates.js:40:42:40:82 | dayjs.f ... taint) | -| dates.js:40:42:40:82 | dayjs.f ... taint) | -| dates.js:40:77:40:81 | taint | -| dates.js:40:77:40:81 | taint | -| dates.js:46:9:46:69 | taint | -| dates.js:46:9:46:69 | taint | -| dates.js:46:17:46:69 | decodeU ... ing(1)) | -| dates.js:46:17:46:69 | decodeU ... ing(1)) | -| dates.js:46:36:46:55 | window.location.hash | -| dates.js:46:36:46:55 | window.location.hash | -| dates.js:46:36:46:68 | window. ... ring(1) | -| dates.js:46:36:46:68 | window. ... ring(1) | -| dates.js:48:31:48:90 | `Time i ... aint)}` | -| dates.js:48:31:48:90 | `Time i ... aint)}` | -| dates.js:48:31:48:90 | `Time i ... aint)}` | -| dates.js:48:42:48:88 | DateTim ... (taint) | -| dates.js:48:42:48:88 | DateTim ... (taint) | -| dates.js:48:83:48:87 | taint | -| dates.js:48:83:48:87 | taint | -| dates.js:49:31:49:89 | `Time i ... aint)}` | -| dates.js:49:31:49:89 | `Time i ... aint)}` | -| dates.js:49:31:49:89 | `Time i ... aint)}` | -| dates.js:49:42:49:87 | new Dat ... (taint) | -| dates.js:49:42:49:87 | new Dat ... (taint) | -| dates.js:49:82:49:86 | taint | -| dates.js:49:82:49:86 | taint | -| dates.js:50:31:50:104 | `Time i ... aint)}` | -| dates.js:50:31:50:104 | `Time i ... aint)}` | -| dates.js:50:31:50:104 | `Time i ... aint)}` | -| dates.js:50:42:50:102 | DateTim ... (taint) | -| dates.js:50:42:50:102 | DateTim ... (taint) | -| dates.js:50:97:50:101 | taint | -| dates.js:50:97:50:101 | taint | -| dates.js:54:9:54:69 | taint | -| dates.js:54:9:54:69 | taint | -| dates.js:54:17:54:69 | decodeU ... ing(1)) | -| dates.js:54:17:54:69 | decodeU ... ing(1)) | -| dates.js:54:36:54:55 | window.location.hash | -| dates.js:54:36:54:55 | window.location.hash | -| dates.js:54:36:54:68 | window. ... ring(1) | -| dates.js:54:36:54:68 | window. ... ring(1) | -| dates.js:57:31:57:101 | `Time i ... aint)}` | -| dates.js:57:31:57:101 | `Time i ... aint)}` | -| dates.js:57:31:57:101 | `Time i ... aint)}` | -| dates.js:57:42:57:99 | moment. ... (taint) | -| dates.js:57:42:57:99 | moment. ... (taint) | -| dates.js:57:94:57:98 | taint | -| dates.js:57:94:57:98 | taint | -| dates.js:59:31:59:87 | `Time i ... aint)}` | -| dates.js:59:31:59:87 | `Time i ... aint)}` | -| dates.js:59:31:59:87 | `Time i ... aint)}` | -| dates.js:59:42:59:85 | luxon.e ... (taint) | -| dates.js:59:42:59:85 | luxon.e ... (taint) | -| dates.js:59:80:59:84 | taint | -| dates.js:59:80:59:84 | taint | -| dates.js:61:31:61:88 | `Time i ... aint)}` | -| dates.js:61:31:61:88 | `Time i ... aint)}` | -| dates.js:61:31:61:88 | `Time i ... aint)}` | -| dates.js:61:42:61:86 | dayjs.s ... (taint) | -| dates.js:61:42:61:86 | dayjs.s ... (taint) | -| dates.js:61:81:61:85 | taint | -| dates.js:61:81:61:85 | taint | -| dragAndDrop.ts:8:11:8:50 | html | -| dragAndDrop.ts:8:11:8:50 | html | -| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | -| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | -| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | -| dragAndDrop.ts:15:25:15:28 | html | -| dragAndDrop.ts:15:25:15:28 | html | -| dragAndDrop.ts:15:25:15:28 | html | -| dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | -| dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | -| dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | -| dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | -| dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | -| dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | -| dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | -| dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | -| dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | -| dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | -| dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | -| dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | -| dragAndDrop.ts:43:15:43:54 | html | -| dragAndDrop.ts:43:15:43:54 | html | -| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | -| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | -| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | -| dragAndDrop.ts:50:29:50:32 | html | -| dragAndDrop.ts:50:29:50:32 | html | -| dragAndDrop.ts:50:29:50:32 | html | -| dragAndDrop.ts:71:13:71:61 | droppedHtml | -| dragAndDrop.ts:71:13:71:61 | droppedHtml | -| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | -| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | -| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | -| dragAndDrop.ts:73:29:73:39 | droppedHtml | -| dragAndDrop.ts:73:29:73:39 | droppedHtml | -| dragAndDrop.ts:73:29:73:39 | droppedHtml | -| event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:49:2:61 | location.href | -| event-handler-receiver.js:2:49:2:61 | location.href | -| express.js:7:15:7:33 | req.param("wobble") | -| express.js:7:15:7:33 | req.param("wobble") | -| express.js:7:15:7:33 | req.param("wobble") | -| express.js:7:15:7:33 | req.param("wobble") | -| jquery.js:2:7:2:40 | tainted | -| jquery.js:2:17:2:40 | documen ... .search | -| jquery.js:2:17:2:40 | documen ... .search | -| jquery.js:7:5:7:34 | "
" | -| jquery.js:7:5:7:34 | "
" | -| jquery.js:7:20:7:26 | tainted | -| jquery.js:8:18:8:34 | "XSS: " + tainted | -| jquery.js:8:18:8:34 | "XSS: " + tainted | -| jquery.js:8:28:8:34 | tainted | -| jquery.js:10:5:10:40 | "" + ... "" | -| jquery.js:10:5:10:40 | "" + ... "" | -| jquery.js:10:13:10:20 | location | -| jquery.js:10:13:10:20 | location | -| jquery.js:10:13:10:31 | location.toString() | -| jquery.js:14:19:14:58 | decodeU ... n.hash) | -| jquery.js:14:19:14:58 | decodeU ... n.hash) | -| jquery.js:14:38:14:57 | window.location.hash | -| jquery.js:14:38:14:57 | window.location.hash | -| jquery.js:15:19:15:60 | decodeU ... search) | -| jquery.js:15:19:15:60 | decodeU ... search) | -| jquery.js:15:38:15:59 | window. ... .search | -| jquery.js:15:38:15:59 | window. ... .search | -| jquery.js:16:19:16:64 | decodeU ... ring()) | -| jquery.js:16:19:16:64 | decodeU ... ring()) | -| jquery.js:16:38:16:52 | window.location | -| jquery.js:16:38:16:52 | window.location | -| jquery.js:16:38:16:63 | window. ... tring() | -| jquery.js:18:7:18:33 | hash | -| jquery.js:18:14:18:33 | window.location.hash | -| jquery.js:18:14:18:33 | window.location.hash | -| jquery.js:21:5:21:8 | hash | -| jquery.js:21:5:21:21 | hash.substring(1) | -| jquery.js:21:5:21:21 | hash.substring(1) | -| jquery.js:21:5:21:21 | hash.substring(1) | -| jquery.js:22:5:22:8 | hash | -| jquery.js:22:5:22:25 | hash.su ... (1, 10) | -| jquery.js:22:5:22:25 | hash.su ... (1, 10) | -| jquery.js:22:5:22:25 | hash.su ... (1, 10) | -| jquery.js:23:5:23:8 | hash | -| jquery.js:23:5:23:18 | hash.substr(1) | -| jquery.js:23:5:23:18 | hash.substr(1) | -| jquery.js:23:5:23:18 | hash.substr(1) | -| jquery.js:24:5:24:8 | hash | -| jquery.js:24:5:24:17 | hash.slice(1) | -| jquery.js:24:5:24:17 | hash.slice(1) | -| jquery.js:24:5:24:17 | hash.slice(1) | -| jquery.js:27:5:27:8 | hash | -| jquery.js:27:5:27:25 | hash.re ... #', '') | -| jquery.js:27:5:27:25 | hash.re ... #', '') | -| jquery.js:27:5:27:25 | hash.re ... #', '') | -| jquery.js:28:5:28:26 | window. ... .search | -| jquery.js:28:5:28:26 | window. ... .search | -| jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:34:5:34:25 | '' + ... '' | -| jquery.js:34:5:34:25 | '' + ... '' | -| jquery.js:34:13:34:16 | hash | -| jquery.js:36:25:36:31 | tainted | -| jquery.js:36:25:36:31 | tainted | -| jquery.js:37:25:37:37 | () => tainted | -| jquery.js:37:25:37:37 | () => tainted | -| jquery.js:37:31:37:37 | tainted | -| json-stringify.jsx:5:9:5:36 | locale | -| json-stringify.jsx:5:9:5:36 | locale | -| json-stringify.jsx:5:18:5:36 | req.param("locale") | -| json-stringify.jsx:5:18:5:36 | req.param("locale") | -| json-stringify.jsx:5:18:5:36 | req.param("locale") | -| json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | -| json-stringify.jsx:11:51:11:56 | locale | -| json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | -| json-stringify.jsx:19:56:19:61 | locale | -| json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | -| json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | -| json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | -| json-stringify.jsx:31:55:31:60 | locale | -| json-stringify.jsx:31:55:31:60 | locale | -| json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | -| json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | -| jwt-server.js:7:9:7:35 | taint | -| jwt-server.js:7:9:7:35 | taint | -| jwt-server.js:7:17:7:35 | req.param("wobble") | -| jwt-server.js:7:17:7:35 | req.param("wobble") | -| jwt-server.js:7:17:7:35 | req.param("wobble") | -| jwt-server.js:9:16:9:20 | taint | -| jwt-server.js:9:16:9:20 | taint | -| jwt-server.js:9:55:9:61 | decoded | -| jwt-server.js:9:55:9:61 | decoded | -| jwt-server.js:11:19:11:25 | decoded | -| jwt-server.js:11:19:11:25 | decoded | -| jwt-server.js:11:19:11:29 | decoded.foo | -| jwt-server.js:11:19:11:29 | decoded.foo | -| jwt-server.js:11:19:11:29 | decoded.foo | -| jwt.js:4:36:4:39 | data | -| jwt.js:4:36:4:39 | data | -| jwt.js:4:36:4:39 | data | -| jwt.js:5:9:5:34 | decoded | -| jwt.js:5:9:5:34 | decoded | -| jwt.js:5:19:5:34 | jwt_decode(data) | -| jwt.js:5:19:5:34 | jwt_decode(data) | -| jwt.js:5:30:5:33 | data | -| jwt.js:5:30:5:33 | data | -| jwt.js:6:14:6:20 | decoded | -| jwt.js:6:14:6:20 | decoded | -| jwt.js:6:14:6:20 | decoded | -| nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | -| nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | -| nodemailer.js:13:50:13:66 | req.query.message | -| nodemailer.js:13:50:13:66 | req.query.message | -| optionalSanitizer.js:2:7:2:39 | target | -| optionalSanitizer.js:2:16:2:39 | documen ... .search | -| optionalSanitizer.js:2:16:2:39 | documen ... .search | -| optionalSanitizer.js:6:18:6:23 | target | -| optionalSanitizer.js:6:18:6:23 | target | -| optionalSanitizer.js:8:7:8:22 | tainted | -| optionalSanitizer.js:8:17:8:22 | target | -| optionalSanitizer.js:9:18:9:24 | tainted | -| optionalSanitizer.js:9:18:9:24 | tainted | -| optionalSanitizer.js:15:9:15:14 | target | -| optionalSanitizer.js:16:18:16:18 | x | -| optionalSanitizer.js:17:20:17:20 | x | -| optionalSanitizer.js:17:20:17:20 | x | -| optionalSanitizer.js:26:7:26:39 | target | -| optionalSanitizer.js:26:16:26:39 | documen ... .search | -| optionalSanitizer.js:26:16:26:39 | documen ... .search | -| optionalSanitizer.js:31:7:31:23 | tainted2 | -| optionalSanitizer.js:31:18:31:23 | target | -| optionalSanitizer.js:32:18:32:25 | tainted2 | -| optionalSanitizer.js:32:18:32:25 | tainted2 | -| optionalSanitizer.js:34:5:34:36 | tainted2 | -| optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) | -| optionalSanitizer.js:34:28:34:35 | tainted2 | -| optionalSanitizer.js:36:18:36:25 | tainted2 | -| optionalSanitizer.js:36:18:36:25 | tainted2 | -| optionalSanitizer.js:38:7:38:23 | tainted3 | -| optionalSanitizer.js:38:18:38:23 | target | -| optionalSanitizer.js:39:18:39:25 | tainted3 | -| optionalSanitizer.js:39:18:39:25 | tainted3 | -| optionalSanitizer.js:41:5:41:36 | tainted3 | -| optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) | -| optionalSanitizer.js:41:28:41:35 | tainted3 | -| optionalSanitizer.js:43:18:43:25 | tainted3 | -| optionalSanitizer.js:43:18:43:25 | tainted3 | -| optionalSanitizer.js:45:18:45:56 | sanitiz ... target | -| optionalSanitizer.js:45:18:45:56 | sanitiz ... target | -| optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | -| optionalSanitizer.js:45:41:45:46 | target | -| optionalSanitizer.js:45:51:45:56 | target | -| pages/[id].jsx:5:9:5:14 | { id } | -| pages/[id].jsx:5:9:5:14 | { id } | -| pages/[id].jsx:5:9:5:29 | id | -| pages/[id].jsx:5:9:5:29 | id | -| pages/[id].jsx:5:11:5:12 | id | -| pages/[id].jsx:5:11:5:12 | id | -| pages/[id].jsx:5:18:5:29 | router.query | -| pages/[id].jsx:5:18:5:29 | router.query | -| pages/[id].jsx:5:18:5:29 | router.query | -| pages/[id].jsx:10:44:10:45 | id | -| pages/[id].jsx:10:44:10:45 | id | -| pages/[id].jsx:10:44:10:45 | id | -| pages/[id].jsx:13:44:13:52 | params.id | -| pages/[id].jsx:13:44:13:52 | params.id | -| pages/[id].jsx:13:44:13:52 | params.id | -| pages/[id].jsx:16:44:16:51 | params.q | -| pages/[id].jsx:16:44:16:51 | params.q | -| pages/[id].jsx:16:44:16:51 | params.q | -| pages/[id].jsx:25:11:25:24 | context.params | -| pages/[id].jsx:25:11:25:24 | context.params | -| pages/[id].jsx:25:11:25:24 | context.params | -| pages/[id].jsx:25:11:25:27 | context.params.id | -| pages/[id].jsx:25:11:25:27 | context.params.id | -| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | -| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | -| pages/[id].jsx:26:10:26:22 | context.query | -| pages/[id].jsx:26:10:26:22 | context.query | -| pages/[id].jsx:26:10:26:22 | context.query | -| pages/[id].jsx:26:10:26:30 | context ... .foobar | -| pages/[id].jsx:26:10:26:30 | context ... .foobar | -| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | -| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | -| react-native.js:7:7:7:33 | tainted | -| react-native.js:7:7:7:33 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | -| react-native.js:7:17:7:33 | req.param("code") | -| react-native.js:7:17:7:33 | req.param("code") | -| react-native.js:8:18:8:24 | tainted | -| react-native.js:8:18:8:24 | tainted | -| react-native.js:8:18:8:24 | tainted | -| react-native.js:9:27:9:33 | tainted | -| react-native.js:9:27:9:33 | tainted | -| react-native.js:9:27:9:33 | tainted | -| react-use-context.js:10:22:10:32 | window.name | -| react-use-context.js:10:22:10:32 | window.name | -| react-use-context.js:10:22:10:32 | window.name | -| react-use-context.js:10:22:10:32 | window.name | -| react-use-context.js:16:26:16:36 | window.name | -| react-use-context.js:16:26:16:36 | window.name | -| react-use-context.js:16:26:16:36 | window.name | -| react-use-context.js:16:26:16:36 | window.name | -| react-use-router.js:4:9:4:28 | router | -| react-use-router.js:4:18:4:28 | useRouter() | -| react-use-router.js:8:21:8:26 | router | -| react-use-router.js:8:21:8:32 | router.query | -| react-use-router.js:8:21:8:32 | router.query | -| react-use-router.js:8:21:8:39 | router.query.foobar | -| react-use-router.js:8:21:8:39 | router.query.foobar | -| react-use-router.js:11:24:11:29 | router | -| react-use-router.js:11:24:11:35 | router.query | -| react-use-router.js:11:24:11:35 | router.query | -| react-use-router.js:11:24:11:42 | router.query.foobar | -| react-use-router.js:11:24:11:42 | router.query.foobar | -| react-use-router.js:22:15:22:24 | router | -| react-use-router.js:22:17:22:22 | router | -| react-use-router.js:23:43:23:48 | router | -| react-use-router.js:23:43:23:54 | router.query | -| react-use-router.js:23:43:23:54 | router.query | -| react-use-router.js:23:43:23:61 | router.query.foobar | -| react-use-router.js:23:43:23:61 | router.query.foobar | -| react-use-router.js:29:9:29:30 | router | -| react-use-router.js:29:18:29:30 | myUseRouter() | -| react-use-router.js:33:21:33:26 | router | -| react-use-router.js:33:21:33:32 | router.query | -| react-use-router.js:33:21:33:32 | router.query | -| react-use-router.js:33:21:33:39 | router.query.foobar | -| react-use-router.js:33:21:33:39 | router.query.foobar | -| react-use-state.js:4:9:4:49 | state | -| react-use-state.js:4:9:4:49 | state | -| react-use-state.js:4:10:4:14 | state | -| react-use-state.js:4:10:4:14 | state | -| react-use-state.js:4:38:4:48 | window.name | -| react-use-state.js:4:38:4:48 | window.name | -| react-use-state.js:4:38:4:48 | window.name | -| react-use-state.js:5:51:5:55 | state | -| react-use-state.js:5:51:5:55 | state | -| react-use-state.js:5:51:5:55 | state | -| react-use-state.js:9:9:9:43 | state | -| react-use-state.js:9:9:9:43 | state | -| react-use-state.js:9:10:9:14 | state | -| react-use-state.js:9:10:9:14 | state | -| react-use-state.js:10:14:10:24 | window.name | -| react-use-state.js:10:14:10:24 | window.name | -| react-use-state.js:10:14:10:24 | window.name | -| react-use-state.js:11:51:11:55 | state | -| react-use-state.js:11:51:11:55 | state | -| react-use-state.js:11:51:11:55 | state | -| react-use-state.js:15:9:15:43 | state | -| react-use-state.js:15:9:15:43 | state | -| react-use-state.js:15:10:15:14 | state | -| react-use-state.js:15:10:15:14 | state | -| react-use-state.js:16:20:16:30 | window.name | -| react-use-state.js:16:20:16:30 | window.name | -| react-use-state.js:16:20:16:30 | window.name | -| react-use-state.js:17:51:17:55 | state | -| react-use-state.js:17:51:17:55 | state | -| react-use-state.js:17:51:17:55 | state | -| react-use-state.js:21:10:21:14 | state | -| react-use-state.js:21:10:21:14 | state | -| react-use-state.js:22:14:22:17 | prev | -| react-use-state.js:22:14:22:17 | prev | -| react-use-state.js:23:35:23:38 | prev | -| react-use-state.js:23:35:23:38 | prev | -| react-use-state.js:23:35:23:38 | prev | -| react-use-state.js:25:20:25:30 | window.name | -| react-use-state.js:25:20:25:30 | window.name | -| react-use-state.js:25:20:25:30 | window.name | -| sanitiser.js:16:7:16:27 | tainted | -| sanitiser.js:16:7:16:27 | tainted | -| sanitiser.js:16:17:16:27 | window.name | -| sanitiser.js:16:17:16:27 | window.name | -| sanitiser.js:16:17:16:27 | window.name | -| sanitiser.js:23:21:23:44 | '' + ... '' | -| sanitiser.js:23:21:23:44 | '' + ... '' | -| sanitiser.js:23:29:23:35 | tainted | -| sanitiser.js:30:21:30:44 | '' + ... '' | -| sanitiser.js:30:21:30:44 | '' + ... '' | -| sanitiser.js:30:29:30:35 | tainted | -| sanitiser.js:33:21:33:44 | '' + ... '' | -| sanitiser.js:33:21:33:44 | '' + ... '' | -| sanitiser.js:33:29:33:35 | tainted | -| sanitiser.js:38:21:38:44 | '' + ... '' | -| sanitiser.js:38:21:38:44 | '' + ... '' | -| sanitiser.js:38:29:38:35 | tainted | -| sanitiser.js:45:21:45:44 | '' + ... '' | -| sanitiser.js:45:21:45:44 | '' + ... '' | -| sanitiser.js:45:29:45:35 | tainted | -| sanitiser.js:48:19:48:25 | tainted | -| sanitiser.js:48:19:48:25 | tainted | -| sanitiser.js:48:19:48:46 | tainted ... /g, '') | -| sanitiser.js:48:19:48:46 | tainted ... /g, '') | -| sanitiser.js:48:19:48:46 | tainted ... /g, '') | -| stored-xss.js:2:39:2:62 | documen ... .search | -| stored-xss.js:2:39:2:62 | documen ... .search | -| stored-xss.js:3:35:3:58 | documen ... .search | -| stored-xss.js:3:35:3:58 | documen ... .search | -| stored-xss.js:5:20:5:52 | session ... ssion') | -| stored-xss.js:5:20:5:52 | session ... ssion') | -| stored-xss.js:8:20:8:48 | localSt ... local') | -| stored-xss.js:8:20:8:48 | localSt ... local') | -| stored-xss.js:10:9:10:44 | href | -| stored-xss.js:10:16:10:44 | localSt ... local') | -| stored-xss.js:12:20:12:54 | "" | -| stored-xss.js:12:20:12:54 | "" | -| stored-xss.js:12:20:12:54 | "" | -| stored-xss.js:12:35:12:38 | href | -| string-manipulations.js:3:16:3:32 | document.location | -| string-manipulations.js:3:16:3:32 | document.location | -| string-manipulations.js:3:16:3:32 | document.location | -| string-manipulations.js:4:16:4:37 | documen ... on.href | -| string-manipulations.js:4:16:4:37 | documen ... on.href | -| string-manipulations.js:4:16:4:37 | documen ... on.href | -| string-manipulations.js:5:16:5:37 | documen ... on.href | -| string-manipulations.js:5:16:5:37 | documen ... on.href | -| string-manipulations.js:5:16:5:47 | documen ... lueOf() | -| string-manipulations.js:5:16:5:47 | documen ... lueOf() | -| string-manipulations.js:6:16:6:37 | documen ... on.href | -| string-manipulations.js:6:16:6:37 | documen ... on.href | -| string-manipulations.js:6:16:6:43 | documen ... f.sup() | -| string-manipulations.js:6:16:6:43 | documen ... f.sup() | -| string-manipulations.js:7:16:7:37 | documen ... on.href | -| string-manipulations.js:7:16:7:37 | documen ... on.href | -| string-manipulations.js:7:16:7:51 | documen ... rCase() | -| string-manipulations.js:7:16:7:51 | documen ... rCase() | -| string-manipulations.js:8:16:8:37 | documen ... on.href | -| string-manipulations.js:8:16:8:37 | documen ... on.href | -| string-manipulations.js:8:16:8:48 | documen ... mLeft() | -| string-manipulations.js:8:16:8:48 | documen ... mLeft() | -| string-manipulations.js:9:16:9:58 | String. ... n.href) | -| string-manipulations.js:9:16:9:58 | String. ... n.href) | -| string-manipulations.js:9:36:9:57 | documen ... on.href | -| string-manipulations.js:9:36:9:57 | documen ... on.href | -| string-manipulations.js:10:16:10:45 | String( ... n.href) | -| string-manipulations.js:10:16:10:45 | String( ... n.href) | -| string-manipulations.js:10:23:10:44 | documen ... on.href | -| string-manipulations.js:10:23:10:44 | documen ... on.href | -| tooltip.jsx:6:11:6:30 | source | -| tooltip.jsx:6:11:6:30 | source | -| tooltip.jsx:6:20:6:30 | window.name | -| tooltip.jsx:6:20:6:30 | window.name | -| tooltip.jsx:6:20:6:30 | window.name | -| tooltip.jsx:10:25:10:30 | source | -| tooltip.jsx:10:25:10:30 | source | -| tooltip.jsx:10:25:10:30 | source | -| tooltip.jsx:11:25:11:30 | source | -| tooltip.jsx:11:25:11:30 | source | -| tooltip.jsx:11:25:11:30 | source | -| tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:22:11:22:30 | source | -| tooltip.jsx:22:11:22:30 | source | -| tooltip.jsx:22:20:22:30 | window.name | -| tooltip.jsx:22:20:22:30 | window.name | -| tooltip.jsx:22:20:22:30 | window.name | -| tooltip.jsx:23:38:23:43 | source | -| tooltip.jsx:23:38:23:43 | source | -| translate.js:6:7:6:39 | target | -| translate.js:6:16:6:39 | documen ... .search | -| translate.js:6:16:6:39 | documen ... .search | -| translate.js:7:7:7:61 | searchParams | -| translate.js:7:22:7:61 | new URL ... ing(1)) | -| translate.js:7:42:7:47 | target | -| translate.js:7:42:7:60 | target.substring(1) | -| translate.js:7:42:7:60 | target.substring(1) | -| translate.js:7:42:7:60 | target.substring(1) | -| translate.js:9:27:9:38 | searchParams | -| translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:9:27:9:50 | searchP ... 'term') | -| trusted-types-lib.js:1:28:1:28 | x | -| trusted-types-lib.js:1:28:1:28 | x | -| trusted-types-lib.js:2:12:2:12 | x | -| trusted-types-lib.js:2:12:2:12 | x | -| trusted-types-lib.js:2:12:2:12 | x | -| trusted-types.js:3:62:3:62 | x | -| trusted-types.js:3:62:3:62 | x | -| trusted-types.js:3:67:3:67 | x | -| trusted-types.js:3:67:3:67 | x | -| trusted-types.js:3:67:3:67 | x | -| trusted-types.js:4:20:4:30 | window.name | -| trusted-types.js:4:20:4:30 | window.name | -| trusted-types.js:4:20:4:30 | window.name | -| trusted-types.js:13:20:13:30 | window.name | -| trusted-types.js:13:20:13:30 | window.name | -| trusted-types.js:13:20:13:30 | window.name | -| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | -| tst3.js:2:23:2:74 | decodeU ... str(1)) | -| tst3.js:2:42:2:63 | window. ... .search | -| tst3.js:2:42:2:63 | window. ... .search | -| tst3.js:2:42:2:73 | window. ... bstr(1) | -| tst3.js:4:25:4:28 | data | -| tst3.js:4:25:4:32 | data.src | -| tst3.js:4:25:4:32 | data.src | -| tst3.js:5:26:5:29 | data | -| tst3.js:5:26:5:31 | data.p | -| tst3.js:5:26:5:31 | data.p | -| tst3.js:7:32:7:35 | data | -| tst3.js:7:32:7:37 | data.p | -| tst3.js:7:32:7:37 | data.p | -| tst3.js:9:37:9:40 | data | -| tst3.js:9:37:9:42 | data.p | -| tst3.js:9:37:9:42 | data.p | -| tst3.js:10:38:10:41 | data | -| tst3.js:10:38:10:43 | data.p | -| tst3.js:10:38:10:43 | data.p | -| tst.js:2:7:2:39 | target | -| tst.js:2:16:2:39 | documen ... .search | -| tst.js:2:16:2:39 | documen ... .search | -| tst.js:5:18:5:23 | target | -| tst.js:5:18:5:23 | target | -| tst.js:8:18:8:126 | "" | -| tst.js:8:18:8:126 | "" | -| tst.js:8:18:8:126 | "" | -| tst.js:8:37:8:58 | documen ... on.href | -| tst.js:8:37:8:58 | documen ... on.href | -| tst.js:8:37:8:114 | documen ... t=")+8) | -| tst.js:8:37:8:114 | documen ... t=")+8) | -| tst.js:12:5:12:42 | '
' | -| tst.js:12:5:12:42 | '
' | -| tst.js:12:28:12:33 | target | -| tst.js:17:7:17:56 | params | -| tst.js:17:16:17:56 | (new UR ... hParams | -| tst.js:17:25:17:41 | document.location | -| tst.js:17:25:17:41 | document.location | -| tst.js:18:18:18:23 | params | -| tst.js:18:18:18:35 | params.get('name') | -| tst.js:18:18:18:35 | params.get('name') | -| tst.js:18:18:18:35 | params.get('name') | -| tst.js:18:18:18:35 | params.get('name') | -| tst.js:20:7:20:61 | searchParams | -| tst.js:20:22:20:61 | new URL ... ing(1)) | -| tst.js:20:42:20:47 | target | -| tst.js:20:42:20:60 | target.substring(1) | -| tst.js:20:42:20:60 | target.substring(1) | -| tst.js:20:42:20:60 | target.substring(1) | -| tst.js:21:18:21:29 | searchParams | -| tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:24:14:24:19 | target | -| tst.js:26:18:26:23 | target | -| tst.js:26:18:26:23 | target | -| tst.js:28:5:28:28 | documen ... .search | -| tst.js:28:5:28:28 | documen ... .search | -| tst.js:31:10:31:33 | documen ... .search | -| tst.js:31:10:31:33 | documen ... .search | -| tst.js:34:16:34:20 | bar() | -| tst.js:34:16:34:20 | bar() | -| tst.js:40:16:40:44 | baz(doc ... search) | -| tst.js:40:16:40:44 | baz(doc ... search) | -| tst.js:40:20:40:43 | documen ... .search | -| tst.js:40:20:40:43 | documen ... .search | -| tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:21:46:44 | documen ... .search | -| tst.js:46:21:46:44 | documen ... .search | -| tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | -| tst.js:54:21:54:44 | documen ... .search | -| tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | -| tst.js:56:21:56:44 | documen ... .search | -| tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:21:58:31 | chop(bar()) | -| tst.js:58:21:58:31 | chop(bar()) | -| tst.js:58:26:58:30 | bar() | -| tst.js:60:34:60:34 | s | -| tst.js:62:18:62:18 | s | -| tst.js:62:18:62:18 | s | -| tst.js:64:25:64:48 | documen ... .search | -| tst.js:64:25:64:48 | documen ... .search | -| tst.js:65:25:65:48 | documen ... .search | -| tst.js:65:25:65:48 | documen ... .search | -| tst.js:68:16:68:20 | bar() | -| tst.js:68:16:68:20 | bar() | -| tst.js:70:1:70:27 | [,docum ... search] | -| tst.js:70:3:70:26 | documen ... .search | -| tst.js:70:3:70:26 | documen ... .search | -| tst.js:70:46:70:46 | x | -| tst.js:73:20:73:20 | x | -| tst.js:73:20:73:20 | x | -| tst.js:77:49:77:72 | documen ... .search | -| tst.js:77:49:77:72 | documen ... .search | -| tst.js:77:49:77:72 | documen ... .search | -| tst.js:81:26:81:49 | documen ... .search | -| tst.js:81:26:81:49 | documen ... .search | -| tst.js:81:26:81:49 | documen ... .search | -| tst.js:82:25:82:48 | documen ... .search | -| tst.js:82:25:82:48 | documen ... .search | -| tst.js:82:25:82:48 | documen ... .search | -| tst.js:84:33:84:56 | documen ... .search | -| tst.js:84:33:84:56 | documen ... .search | -| tst.js:84:33:84:56 | documen ... .search | -| tst.js:85:32:85:55 | documen ... .search | -| tst.js:85:32:85:55 | documen ... .search | -| tst.js:85:32:85:55 | documen ... .search | -| tst.js:90:39:90:62 | documen ... .search | -| tst.js:90:39:90:62 | documen ... .search | -| tst.js:90:39:90:62 | documen ... .search | -| tst.js:96:30:96:53 | documen ... .search | -| tst.js:96:30:96:53 | documen ... .search | -| tst.js:96:30:96:53 | documen ... .search | -| tst.js:102:25:102:48 | documen ... .search | -| tst.js:102:25:102:48 | documen ... .search | -| tst.js:102:25:102:48 | documen ... .search | -| tst.js:107:7:107:44 | v | -| tst.js:107:7:107:44 | v | -| tst.js:107:7:107:44 | v | -| tst.js:107:11:107:34 | documen ... .search | -| tst.js:107:11:107:34 | documen ... .search | -| tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:110:18:110:18 | v | -| tst.js:110:18:110:18 | v | -| tst.js:110:18:110:18 | v | -| tst.js:110:18:110:18 | v | -| tst.js:136:18:136:18 | v | -| tst.js:136:18:136:18 | v | -| tst.js:136:18:136:18 | v | -| tst.js:136:18:136:18 | v | -| tst.js:148:29:148:50 | window. ... .search | -| tst.js:148:29:148:50 | window. ... .search | -| tst.js:151:29:151:29 | v | -| tst.js:151:49:151:49 | v | -| tst.js:151:49:151:49 | v | -| tst.js:155:29:155:46 | xssSourceService() | -| tst.js:155:29:155:46 | xssSourceService() | -| tst.js:158:40:158:61 | window. ... .search | -| tst.js:158:40:158:61 | window. ... .search | -| tst.js:177:9:177:41 | target | -| tst.js:177:18:177:41 | documen ... .search | -| tst.js:177:18:177:41 | documen ... .search | -| tst.js:180:28:180:33 | target | -| tst.js:180:28:180:33 | target | -| tst.js:184:9:184:42 | tainted | -| tst.js:184:19:184:42 | documen ... .search | -| tst.js:184:19:184:42 | documen ... .search | -| tst.js:186:31:186:37 | tainted | -| tst.js:186:31:186:37 | tainted | -| tst.js:188:42:188:48 | tainted | -| tst.js:188:42:188:48 | tainted | -| tst.js:189:33:189:39 | tainted | -| tst.js:189:33:189:39 | tainted | -| tst.js:191:54:191:60 | tainted | -| tst.js:191:54:191:60 | tainted | -| tst.js:192:45:192:51 | tainted | -| tst.js:192:45:192:51 | tainted | -| tst.js:193:49:193:55 | tainted | -| tst.js:193:49:193:55 | tainted | -| tst.js:197:9:197:42 | tainted | -| tst.js:197:19:197:42 | documen ... .search | -| tst.js:197:19:197:42 | documen ... .search | -| tst.js:199:67:199:73 | tainted | -| tst.js:199:67:199:73 | tainted | -| tst.js:200:67:200:73 | tainted | -| tst.js:200:67:200:73 | tainted | -| tst.js:204:35:204:41 | tainted | -| tst.js:206:46:206:52 | tainted | -| tst.js:207:38:207:44 | tainted | -| tst.js:208:35:208:41 | tainted | -| tst.js:212:28:212:46 | this.state.tainted1 | -| tst.js:212:28:212:46 | this.state.tainted1 | -| tst.js:213:28:213:46 | this.state.tainted2 | -| tst.js:213:28:213:46 | this.state.tainted2 | -| tst.js:214:28:214:46 | this.state.tainted3 | -| tst.js:214:28:214:46 | this.state.tainted3 | -| tst.js:218:32:218:49 | prevState.tainted4 | -| tst.js:218:32:218:49 | prevState.tainted4 | -| tst.js:225:28:225:46 | this.props.tainted1 | -| tst.js:225:28:225:46 | this.props.tainted1 | -| tst.js:226:28:226:46 | this.props.tainted2 | -| tst.js:226:28:226:46 | this.props.tainted2 | -| tst.js:227:28:227:46 | this.props.tainted3 | -| tst.js:227:28:227:46 | this.props.tainted3 | -| tst.js:231:32:231:49 | prevProps.tainted4 | -| tst.js:231:32:231:49 | prevProps.tainted4 | -| tst.js:236:35:236:41 | tainted | -| tst.js:238:20:238:26 | tainted | -| tst.js:240:23:240:29 | tainted | -| tst.js:241:23:241:29 | tainted | -| tst.js:247:39:247:55 | props.propTainted | -| tst.js:251:60:251:82 | this.st ... Tainted | -| tst.js:251:60:251:82 | this.st ... Tainted | -| tst.js:255:23:255:29 | tainted | -| tst.js:259:7:259:17 | window.name | -| tst.js:259:7:259:17 | window.name | -| tst.js:259:7:259:17 | window.name | -| tst.js:259:7:259:17 | window.name | -| tst.js:260:7:260:10 | name | -| tst.js:260:7:260:10 | name | -| tst.js:260:7:260:10 | name | -| tst.js:260:7:260:10 | name | -| tst.js:264:11:264:21 | window.name | -| tst.js:264:11:264:21 | window.name | -| tst.js:264:11:264:21 | window.name | -| tst.js:264:11:264:21 | window.name | -| tst.js:280:22:280:29 | location | -| tst.js:280:22:280:29 | location | -| tst.js:280:22:280:29 | location | -| tst.js:285:9:285:29 | tainted | -| tst.js:285:9:285:29 | tainted | -| tst.js:285:19:285:29 | window.name | -| tst.js:285:19:285:29 | window.name | -| tst.js:285:19:285:29 | window.name | -| tst.js:288:59:288:65 | tainted | -| tst.js:288:59:288:65 | tainted | -| tst.js:288:59:288:65 | tainted | -| tst.js:301:9:301:16 | location | -| tst.js:301:9:301:16 | location | -| tst.js:302:10:302:10 | e | -| tst.js:303:20:303:20 | e | -| tst.js:303:20:303:20 | e | -| tst.js:308:10:308:17 | location | -| tst.js:308:10:308:17 | location | -| tst.js:310:10:310:10 | e | -| tst.js:311:20:311:20 | e | -| tst.js:311:20:311:20 | e | -| tst.js:316:35:316:42 | location | -| tst.js:316:35:316:42 | location | -| tst.js:316:35:316:42 | location | -| tst.js:327:18:327:34 | document.location | -| tst.js:327:18:327:34 | document.location | -| tst.js:331:7:331:43 | params | -| tst.js:331:16:331:43 | getTain ... hParams | -| tst.js:332:18:332:23 | params | -| tst.js:332:18:332:35 | params.get('name') | -| tst.js:332:18:332:35 | params.get('name') | -| tst.js:332:18:332:35 | params.get('name') | -| tst.js:332:18:332:35 | params.get('name') | -| tst.js:341:20:341:36 | document.location | -| tst.js:341:20:341:36 | document.location | -| tst.js:343:5:343:17 | getUrl().hash | -| tst.js:343:5:343:30 | getUrl( ... ring(1) | -| tst.js:343:5:343:30 | getUrl( ... ring(1) | -| tst.js:343:5:343:30 | getUrl( ... ring(1) | -| tst.js:348:7:348:39 | target | -| tst.js:348:16:348:39 | documen ... .search | -| tst.js:348:16:348:39 | documen ... .search | -| tst.js:349:12:349:17 | target | -| tst.js:349:12:349:17 | target | -| tst.js:355:10:355:42 | target | -| tst.js:355:19:355:42 | documen ... .search | -| tst.js:355:19:355:42 | documen ... .search | -| tst.js:356:16:356:21 | target | -| tst.js:356:16:356:21 | target | -| tst.js:360:21:360:26 | target | -| tst.js:360:21:360:26 | target | -| tst.js:363:18:363:23 | target | -| tst.js:363:18:363:23 | target | -| tst.js:371:7:371:39 | target | -| tst.js:371:16:371:39 | documen ... .search | -| tst.js:371:16:371:39 | documen ... .search | -| tst.js:374:18:374:23 | target | -| tst.js:374:18:374:23 | target | -| tst.js:381:7:381:39 | target | -| tst.js:381:16:381:39 | documen ... .search | -| tst.js:381:16:381:39 | documen ... .search | -| tst.js:384:18:384:23 | target | -| tst.js:384:18:384:23 | target | -| tst.js:386:18:386:23 | target | -| tst.js:386:18:386:29 | target.taint | -| tst.js:386:18:386:29 | target.taint | -| tst.js:391:19:391:42 | documen ... .search | -| tst.js:391:19:391:42 | documen ... .search | -| tst.js:392:18:392:30 | target.taint3 | -| tst.js:392:18:392:30 | target.taint3 | -| tst.js:397:18:397:23 | target | -| tst.js:397:18:397:30 | target.taint5 | -| tst.js:397:18:397:30 | target.taint5 | -| tst.js:406:18:406:23 | target | -| tst.js:406:18:406:30 | target.taint7 | -| tst.js:406:18:406:30 | target.taint7 | -| tst.js:408:19:408:24 | target | -| tst.js:408:19:408:31 | target.taint8 | -| tst.js:409:18:409:30 | target.taint8 | -| tst.js:409:18:409:30 | target.taint8 | -| tst.js:416:7:416:46 | payload | -| tst.js:416:7:416:46 | payload | -| tst.js:416:7:416:46 | payload | -| tst.js:416:17:416:36 | window.location.hash | -| tst.js:416:17:416:36 | window.location.hash | -| tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:417:18:417:24 | payload | -| tst.js:417:18:417:24 | payload | -| tst.js:417:18:417:24 | payload | -| tst.js:417:18:417:24 | payload | -| tst.js:419:7:419:55 | match | -| tst.js:419:15:419:34 | window.location.hash | -| tst.js:419:15:419:34 | window.location.hash | -| tst.js:419:15:419:55 | window. ... (\\w+)/) | -| tst.js:421:20:421:24 | match | -| tst.js:421:20:421:27 | match[1] | -| tst.js:421:20:421:27 | match[1] | -| tst.js:424:18:424:37 | window.location.hash | -| tst.js:424:18:424:37 | window.location.hash | -| tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:428:7:428:39 | target | -| tst.js:428:16:428:39 | documen ... .search | -| tst.js:428:16:428:39 | documen ... .search | -| tst.js:430:18:430:23 | target | -| tst.js:430:18:430:89 | target. ... data>') | -| tst.js:430:18:430:89 | target. ... data>') | -| tst.js:436:6:436:38 | source | -| tst.js:436:15:436:38 | documen ... .search | -| tst.js:436:15:436:38 | documen ... .search | -| tst.js:440:28:440:33 | source | -| tst.js:440:28:440:33 | source | -| tst.js:441:33:441:38 | source | -| tst.js:441:33:441:38 | source | -| tst.js:442:34:442:39 | source | -| tst.js:442:34:442:39 | source | -| tst.js:443:41:443:46 | source | -| tst.js:443:41:443:46 | source | -| tst.js:444:44:444:49 | source | -| tst.js:444:44:444:49 | source | -| tst.js:445:32:445:37 | source | -| tst.js:445:32:445:37 | source | -| tst.js:453:7:453:39 | source | -| tst.js:453:16:453:39 | documen ... .search | -| tst.js:453:16:453:39 | documen ... .search | -| tst.js:455:18:455:23 | source | -| tst.js:455:18:455:23 | source | -| tst.js:456:18:456:42 | ansiToH ... source) | -| tst.js:456:18:456:42 | ansiToH ... source) | -| tst.js:456:36:456:41 | source | -| tst.js:460:6:460:38 | source | -| tst.js:460:15:460:38 | documen ... .search | -| tst.js:460:15:460:38 | documen ... .search | -| tst.js:463:21:463:26 | source | -| tst.js:463:21:463:26 | source | -| tst.js:465:19:465:24 | source | -| tst.js:465:19:465:24 | source | -| tst.js:467:20:467:25 | source | -| tst.js:467:20:467:25 | source | -| tst.js:471:7:471:46 | url | -| tst.js:471:13:471:36 | documen ... .search | -| tst.js:471:13:471:36 | documen ... .search | -| tst.js:471:13:471:46 | documen ... bstr(1) | -| tst.js:473:19:473:21 | url | -| tst.js:473:19:473:21 | url | -| tst.js:474:26:474:28 | url | -| tst.js:474:26:474:28 | url | -| tst.js:475:25:475:27 | url | -| tst.js:475:25:475:27 | url | -| tst.js:476:20:476:22 | url | -| tst.js:476:20:476:22 | url | -| tst.js:486:22:486:24 | url | -| tst.js:486:22:486:24 | url | -| tst.js:491:23:491:35 | location.hash | -| tst.js:491:23:491:35 | location.hash | -| tst.js:491:23:491:45 | locatio ... bstr(1) | -| tst.js:491:23:491:45 | locatio ... bstr(1) | -| tst.js:494:18:494:30 | location.hash | -| tst.js:494:18:494:30 | location.hash | -| tst.js:494:18:494:40 | locatio ... bstr(1) | -| tst.js:494:18:494:40 | locatio ... bstr(1) | -| tst.js:501:33:501:63 | decodeU ... n.hash) | -| tst.js:501:33:501:63 | decodeU ... n.hash) | -| tst.js:501:43:501:62 | window.location.hash | -| tst.js:501:43:501:62 | window.location.hash | -| typeahead.js:9:28:9:30 | loc | -| typeahead.js:9:28:9:30 | loc | -| typeahead.js:9:28:9:30 | loc | -| typeahead.js:10:16:10:18 | loc | -| typeahead.js:10:16:10:18 | loc | -| typeahead.js:10:16:10:18 | loc | -| typeahead.js:20:13:20:45 | target | -| typeahead.js:20:22:20:45 | documen ... .search | -| typeahead.js:20:22:20:45 | documen ... .search | -| typeahead.js:21:12:21:17 | target | -| typeahead.js:24:30:24:32 | val | -| typeahead.js:25:18:25:20 | val | -| typeahead.js:25:18:25:20 | val | -| v-html.vue:2:8:2:23 | v-html=tainted | -| v-html.vue:2:8:2:23 | v-html=tainted | -| v-html.vue:6:42:6:58 | document.location | -| v-html.vue:6:42:6:58 | document.location | -| various-concat-obfuscations.js:2:6:2:39 | tainted | -| various-concat-obfuscations.js:2:16:2:39 | documen ... .search | -| various-concat-obfuscations.js:2:16:2:39 | documen ... .search | -| various-concat-obfuscations.js:4:4:4:31 | "
" ...
" | -| various-concat-obfuscations.js:4:4:4:31 | "
" ...
" | -| various-concat-obfuscations.js:4:14:4:20 | tainted | -| various-concat-obfuscations.js:5:4:5:26 | `
$ ...
` | -| various-concat-obfuscations.js:5:4:5:26 | `
$ ...
` | -| various-concat-obfuscations.js:5:12:5:18 | tainted | -| various-concat-obfuscations.js:6:4:6:26 | "
" ... ainted) | -| various-concat-obfuscations.js:6:4:6:43 | "
" ... /div>") | -| various-concat-obfuscations.js:6:4:6:43 | "
" ... /div>") | -| various-concat-obfuscations.js:6:19:6:25 | tainted | -| various-concat-obfuscations.js:7:4:7:31 | ["
... /div>"] | -| various-concat-obfuscations.js:7:4:7:38 | ["
... .join() | -| various-concat-obfuscations.js:7:4:7:38 | ["
... .join() | -| various-concat-obfuscations.js:7:14:7:20 | tainted | -| various-concat-obfuscations.js:9:4:9:34 | "
" | -| various-concat-obfuscations.js:9:4:9:34 | "
" | -| various-concat-obfuscations.js:9:19:9:25 | tainted | -| various-concat-obfuscations.js:10:4:10:27 | `
` | -| various-concat-obfuscations.js:10:4:10:27 | `
` | -| various-concat-obfuscations.js:10:16:10:22 | tainted | -| various-concat-obfuscations.js:11:4:11:31 | "
") | -| various-concat-obfuscations.js:11:4:11:44 | "
") | -| various-concat-obfuscations.js:11:24:11:30 | tainted | -| various-concat-obfuscations.js:12:4:12:34 | ["
"] | -| various-concat-obfuscations.js:12:4:12:41 | ["
` | semmle.label | `` | +| classnames.js:7:47:7:69 | classNa ... w.name) | semmle.label | classNa ... w.name) | +| classnames.js:7:58:7:68 | window.name | semmle.label | window.name | +| classnames.js:8:31:8:85 | `` | semmle.label | `` | +| classnames.js:8:47:8:70 | classNa ... w.name) | semmle.label | classNa ... w.name) | +| classnames.js:8:59:8:69 | window.name | semmle.label | window.name | +| classnames.js:9:31:9:85 | `` | semmle.label | `` | +| classnames.js:9:47:9:70 | classNa ... w.name) | semmle.label | classNa ... w.name) | +| classnames.js:9:59:9:69 | window.name | semmle.label | window.name | +| classnames.js:10:45:10:55 | window.name | semmle.label | window.name | +| classnames.js:11:31:11:79 | `` | semmle.label | `` | +| classnames.js:11:47:11:64 | unsafeStyle('foo') | semmle.label | unsafeStyle('foo') | +| classnames.js:13:31:13:83 | `` | semmle.label | `` | +| classnames.js:13:47:13:68 | safeSty ... w.name) | semmle.label | safeSty ... w.name) | +| classnames.js:13:57:13:67 | window.name | semmle.label | window.name | +| classnames.js:15:31:15:78 | `` | semmle.label | `` | +| classnames.js:15:47:15:63 | clsx(window.name) | semmle.label | clsx(window.name) | +| classnames.js:15:52:15:62 | window.name | semmle.label | window.name | +| classnames.js:17:32:17:79 | `` | semmle.label | `` | +| classnames.js:17:48:17:64 | clsx(window.name) | semmle.label | clsx(window.name) | +| classnames.js:17:53:17:63 | window.name | semmle.label | window.name | +| clipboard.ts:8:11:8:51 | html | semmle.label | html | +| clipboard.ts:8:18:8:51 | clipboa ... /html') | semmle.label | clipboa ... /html') | +| clipboard.ts:15:25:15:28 | html | semmle.label | html | +| clipboard.ts:24:23:24:58 | e.clipb ... /html') | semmle.label | e.clipb ... /html') | +| clipboard.ts:29:19:29:54 | e.clipb ... /html') | semmle.label | e.clipb ... /html') | +| clipboard.ts:33:19:33:68 | e.origi ... /html') | semmle.label | e.origi ... /html') | +| clipboard.ts:43:15:43:55 | html | semmle.label | html | +| clipboard.ts:43:22:43:55 | clipboa ... /html') | semmle.label | clipboa ... /html') | +| clipboard.ts:50:29:50:32 | html | semmle.label | html | +| clipboard.ts:71:13:71:62 | droppedHtml | semmle.label | droppedHtml | +| clipboard.ts:71:27:71:62 | e.clipb ... /html') | semmle.label | e.clipb ... /html') | +| clipboard.ts:73:29:73:39 | droppedHtml | semmle.label | droppedHtml | +| clipboard.ts:98:15:98:54 | html | semmle.label | html | +| clipboard.ts:98:22:98:54 | dataTra ... /html') | semmle.label | dataTra ... /html') | +| clipboard.ts:99:23:99:26 | html | semmle.label | html | +| custom-element.js:5:26:5:36 | window.name | semmle.label | window.name | +| d3.js:4:12:4:22 | window.name | semmle.label | window.name | +| d3.js:11:15:11:24 | getTaint() | semmle.label | getTaint() | +| d3.js:12:20:12:29 | getTaint() | semmle.label | getTaint() | +| d3.js:14:20:14:29 | getTaint() | semmle.label | getTaint() | +| d3.js:21:15:21:24 | getTaint() | semmle.label | getTaint() | +| dates.js:9:9:9:69 | taint | semmle.label | taint | +| dates.js:9:17:9:69 | decodeU ... ing(1)) | semmle.label | decodeU ... ing(1)) | +| dates.js:9:36:9:55 | window.location.hash | semmle.label | window.location.hash | +| dates.js:9:36:9:68 | window. ... ring(1) | semmle.label | window. ... ring(1) | +| dates.js:11:31:11:70 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:11:42:11:68 | dateFns ... taint) | semmle.label | dateFns ... taint) | +| dates.js:11:63:11:67 | taint | semmle.label | taint | +| dates.js:12:31:12:73 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:12:42:12:71 | dateFns ... taint) | semmle.label | dateFns ... taint) | +| dates.js:12:66:12:70 | taint | semmle.label | taint | +| dates.js:13:31:13:72 | `Time i ... time)}` | semmle.label | `Time i ... time)}` | +| dates.js:13:42:13:70 | dateFns ... )(time) | semmle.label | dateFns ... )(time) | +| dates.js:13:59:13:63 | taint | semmle.label | taint | +| dates.js:16:31:16:69 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:16:42:16:67 | moment( ... (taint) | semmle.label | moment( ... (taint) | +| dates.js:16:62:16:66 | taint | semmle.label | taint | +| dates.js:18:31:18:66 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:18:42:18:64 | datefor ... taint) | semmle.label | datefor ... taint) | +| dates.js:18:59:18:63 | taint | semmle.label | taint | +| dates.js:21:31:21:68 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:21:42:21:66 | dayjs(t ... (taint) | semmle.label | dayjs(t ... (taint) | +| dates.js:21:61:21:65 | taint | semmle.label | taint | +| dates.js:30:9:30:69 | taint | semmle.label | taint | +| dates.js:30:17:30:69 | decodeU ... ing(1)) | semmle.label | decodeU ... ing(1)) | +| dates.js:30:36:30:55 | window.location.hash | semmle.label | window.location.hash | +| dates.js:30:36:30:68 | window. ... ring(1) | semmle.label | window. ... ring(1) | +| dates.js:37:31:37:84 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:37:42:37:82 | dateFns ... taint) | semmle.label | dateFns ... taint) | +| dates.js:37:77:37:81 | taint | semmle.label | taint | +| dates.js:38:31:38:84 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:38:42:38:82 | luxon.f ... taint) | semmle.label | luxon.f ... taint) | +| dates.js:38:77:38:81 | taint | semmle.label | taint | +| dates.js:39:31:39:86 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:39:42:39:84 | moment. ... taint) | semmle.label | moment. ... taint) | +| dates.js:39:79:39:83 | taint | semmle.label | taint | +| dates.js:40:31:40:84 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:40:42:40:82 | dayjs.f ... taint) | semmle.label | dayjs.f ... taint) | +| dates.js:40:77:40:81 | taint | semmle.label | taint | +| dates.js:46:9:46:69 | taint | semmle.label | taint | +| dates.js:46:17:46:69 | decodeU ... ing(1)) | semmle.label | decodeU ... ing(1)) | +| dates.js:46:36:46:55 | window.location.hash | semmle.label | window.location.hash | +| dates.js:46:36:46:68 | window. ... ring(1) | semmle.label | window. ... ring(1) | +| dates.js:48:31:48:90 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:48:42:48:88 | DateTim ... (taint) | semmle.label | DateTim ... (taint) | +| dates.js:48:83:48:87 | taint | semmle.label | taint | +| dates.js:49:31:49:89 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:49:42:49:87 | new Dat ... (taint) | semmle.label | new Dat ... (taint) | +| dates.js:49:82:49:86 | taint | semmle.label | taint | +| dates.js:50:31:50:104 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:50:42:50:102 | DateTim ... (taint) | semmle.label | DateTim ... (taint) | +| dates.js:50:97:50:101 | taint | semmle.label | taint | +| dates.js:54:9:54:69 | taint | semmle.label | taint | +| dates.js:54:17:54:69 | decodeU ... ing(1)) | semmle.label | decodeU ... ing(1)) | +| dates.js:54:36:54:55 | window.location.hash | semmle.label | window.location.hash | +| dates.js:54:36:54:68 | window. ... ring(1) | semmle.label | window. ... ring(1) | +| dates.js:57:31:57:101 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:57:42:57:99 | moment. ... (taint) | semmle.label | moment. ... (taint) | +| dates.js:57:94:57:98 | taint | semmle.label | taint | +| dates.js:59:31:59:87 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:59:42:59:85 | luxon.e ... (taint) | semmle.label | luxon.e ... (taint) | +| dates.js:59:80:59:84 | taint | semmle.label | taint | +| dates.js:61:31:61:88 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | +| dates.js:61:42:61:86 | dayjs.s ... (taint) | semmle.label | dayjs.s ... (taint) | +| dates.js:61:81:61:85 | taint | semmle.label | taint | +| dragAndDrop.ts:8:11:8:50 | html | semmle.label | html | +| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | semmle.label | dataTra ... /html') | +| dragAndDrop.ts:15:25:15:28 | html | semmle.label | html | +| dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | semmle.label | e.dataT ... /html') | +| dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | semmle.label | e.dataT ... /html') | +| dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | semmle.label | e.origi ... /html') | +| dragAndDrop.ts:43:15:43:54 | html | semmle.label | html | +| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | semmle.label | dataTra ... /html') | +| dragAndDrop.ts:50:29:50:32 | html | semmle.label | html | +| dragAndDrop.ts:71:13:71:61 | droppedHtml | semmle.label | droppedHtml | +| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | semmle.label | e.dataT ... /html') | +| dragAndDrop.ts:73:29:73:39 | droppedHtml | semmle.label | droppedHtml | +| event-handler-receiver.js:2:31:2:83 | '

' | semmle.label | '

' | +| event-handler-receiver.js:2:49:2:61 | location.href | semmle.label | location.href | +| express.js:7:15:7:33 | req.param("wobble") | semmle.label | req.param("wobble") | +| jquery.js:2:7:2:40 | tainted | semmle.label | tainted | +| jquery.js:2:17:2:40 | documen ... .search | semmle.label | documen ... .search | +| jquery.js:7:5:7:34 | "
" | semmle.label | "
" | +| jquery.js:7:20:7:26 | tainted | semmle.label | tainted | +| jquery.js:8:18:8:34 | "XSS: " + tainted | semmle.label | "XSS: " + tainted | +| jquery.js:8:28:8:34 | tainted | semmle.label | tainted | +| jquery.js:10:5:10:40 | "" + ... "" | semmle.label | "" + ... "" | +| jquery.js:10:13:10:20 | location | semmle.label | location | +| jquery.js:10:13:10:31 | location.toString() | semmle.label | location.toString() | +| jquery.js:14:19:14:58 | decodeU ... n.hash) | semmle.label | decodeU ... n.hash) | +| jquery.js:14:38:14:57 | window.location.hash | semmle.label | window.location.hash | +| jquery.js:15:19:15:60 | decodeU ... search) | semmle.label | decodeU ... search) | +| jquery.js:15:38:15:59 | window. ... .search | semmle.label | window. ... .search | +| jquery.js:16:19:16:64 | decodeU ... ring()) | semmle.label | decodeU ... ring()) | +| jquery.js:16:38:16:52 | window.location | semmle.label | window.location | +| jquery.js:16:38:16:63 | window. ... tring() | semmle.label | window. ... tring() | +| jquery.js:18:7:18:33 | hash | semmle.label | hash | +| jquery.js:18:14:18:33 | window.location.hash | semmle.label | window.location.hash | +| jquery.js:21:5:21:8 | hash | semmle.label | hash | +| jquery.js:21:5:21:21 | hash.substring(1) | semmle.label | hash.substring(1) | +| jquery.js:22:5:22:8 | hash | semmle.label | hash | +| jquery.js:22:5:22:25 | hash.su ... (1, 10) | semmle.label | hash.su ... (1, 10) | +| jquery.js:23:5:23:8 | hash | semmle.label | hash | +| jquery.js:23:5:23:18 | hash.substr(1) | semmle.label | hash.substr(1) | +| jquery.js:24:5:24:8 | hash | semmle.label | hash | +| jquery.js:24:5:24:17 | hash.slice(1) | semmle.label | hash.slice(1) | +| jquery.js:27:5:27:8 | hash | semmle.label | hash | +| jquery.js:27:5:27:25 | hash.re ... #', '') | semmle.label | hash.re ... #', '') | +| jquery.js:28:5:28:26 | window. ... .search | semmle.label | window. ... .search | +| jquery.js:28:5:28:43 | window. ... ?', '') | semmle.label | window. ... ?', '') | +| jquery.js:34:5:34:25 | '' + ... '' | semmle.label | '' + ... '' | +| jquery.js:34:13:34:16 | hash | semmle.label | hash | +| jquery.js:36:25:36:31 | tainted | semmle.label | tainted | +| jquery.js:37:25:37:37 | () => tainted | semmle.label | () => tainted | +| jquery.js:37:31:37:37 | tainted | semmle.label | tainted | +| json-stringify.jsx:5:9:5:36 | locale | semmle.label | locale | +| json-stringify.jsx:5:18:5:36 | req.param("locale") | semmle.label | req.param("locale") | +| json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | semmle.label | `https: ... ocale}` | +| json-stringify.jsx:11:51:11:56 | locale | semmle.label | locale | +| json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | semmle.label | `https: ... ocale}` | +| json-stringify.jsx:19:56:19:61 | locale | semmle.label | locale | +| json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | semmle.label | JSON.st ... locale) | +| json-stringify.jsx:31:55:31:60 | locale | semmle.label | locale | +| json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | semmle.label | JSON.st ... jsonLD) | +| jwt-server.js:7:9:7:35 | taint | semmle.label | taint | +| jwt-server.js:7:17:7:35 | req.param("wobble") | semmle.label | req.param("wobble") | +| jwt-server.js:9:16:9:20 | taint | semmle.label | taint | +| jwt-server.js:9:55:9:61 | decoded | semmle.label | decoded | +| jwt-server.js:11:19:11:25 | decoded | semmle.label | decoded | +| jwt-server.js:11:19:11:29 | decoded.foo | semmle.label | decoded.foo | +| jwt.js:4:36:4:39 | data | semmle.label | data | +| jwt.js:5:9:5:34 | decoded | semmle.label | decoded | +| jwt.js:5:19:5:34 | jwt_decode(data) | semmle.label | jwt_decode(data) | +| jwt.js:5:30:5:33 | data | semmle.label | data | +| jwt.js:6:14:6:20 | decoded | semmle.label | decoded | +| nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | semmle.label | `Hi, yo ... sage}.` | +| nodemailer.js:13:50:13:66 | req.query.message | semmle.label | req.query.message | +| optionalSanitizer.js:2:7:2:39 | target | semmle.label | target | +| optionalSanitizer.js:2:16:2:39 | documen ... .search | semmle.label | documen ... .search | +| optionalSanitizer.js:6:18:6:23 | target | semmle.label | target | +| optionalSanitizer.js:8:7:8:22 | tainted | semmle.label | tainted | +| optionalSanitizer.js:8:17:8:22 | target | semmle.label | target | +| optionalSanitizer.js:9:18:9:24 | tainted | semmle.label | tainted | +| optionalSanitizer.js:15:9:15:14 | target | semmle.label | target | +| optionalSanitizer.js:16:18:16:18 | x | semmle.label | x | +| optionalSanitizer.js:17:20:17:20 | x | semmle.label | x | +| optionalSanitizer.js:26:7:26:39 | target | semmle.label | target | +| optionalSanitizer.js:26:16:26:39 | documen ... .search | semmle.label | documen ... .search | +| optionalSanitizer.js:28:24:28:24 | x | semmle.label | x | +| optionalSanitizer.js:29:12:29:12 | x | semmle.label | x | +| optionalSanitizer.js:31:7:31:23 | tainted2 | semmle.label | tainted2 | +| optionalSanitizer.js:31:18:31:23 | target | semmle.label | target | +| optionalSanitizer.js:32:18:32:25 | tainted2 | semmle.label | tainted2 | +| optionalSanitizer.js:34:5:34:36 | tainted2 | semmle.label | tainted2 | +| optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) | semmle.label | sanitiz ... inted2) | +| optionalSanitizer.js:34:28:34:35 | tainted2 | semmle.label | tainted2 | +| optionalSanitizer.js:36:18:36:25 | tainted2 | semmle.label | tainted2 | +| optionalSanitizer.js:38:7:38:23 | tainted3 | semmle.label | tainted3 | +| optionalSanitizer.js:38:18:38:23 | target | semmle.label | target | +| optionalSanitizer.js:39:18:39:25 | tainted3 | semmle.label | tainted3 | +| optionalSanitizer.js:41:5:41:36 | tainted3 | semmle.label | tainted3 | +| optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) | semmle.label | sanitiz ... inted3) | +| optionalSanitizer.js:41:28:41:35 | tainted3 | semmle.label | tainted3 | +| optionalSanitizer.js:43:18:43:25 | tainted3 | semmle.label | tainted3 | +| optionalSanitizer.js:45:18:45:56 | sanitiz ... target | semmle.label | sanitiz ... target | +| optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | semmle.label | sanitizeBad(target) | +| optionalSanitizer.js:45:41:45:46 | target | semmle.label | target | +| optionalSanitizer.js:45:51:45:56 | target | semmle.label | target | +| pages/[id].jsx:3:30:3:35 | params [id] | semmle.label | params [id] | +| pages/[id].jsx:3:30:3:35 | params [q] | semmle.label | params [q] | +| pages/[id].jsx:5:9:5:14 | { id } | semmle.label | { id } | +| pages/[id].jsx:5:9:5:29 | id | semmle.label | id | +| pages/[id].jsx:5:11:5:12 | id | semmle.label | id | +| pages/[id].jsx:5:18:5:29 | router.query | semmle.label | router.query | +| pages/[id].jsx:10:44:10:45 | id | semmle.label | id | +| pages/[id].jsx:13:44:13:49 | params [id] | semmle.label | params [id] | +| pages/[id].jsx:13:44:13:52 | params.id | semmle.label | params.id | +| pages/[id].jsx:16:44:16:49 | params [q] | semmle.label | params [q] | +| pages/[id].jsx:16:44:16:51 | params.q | semmle.label | params.q | +| pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [id] | semmle.label | {\\n ... ,\\n } [id] | +| pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [q] | semmle.label | {\\n ... ,\\n } [q] | +| pages/[id].jsx:25:11:25:24 | context.params | semmle.label | context.params | +| pages/[id].jsx:25:11:25:27 | context.params.id | semmle.label | context.params.id | +| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | semmle.label | context ... d \|\| "" | +| pages/[id].jsx:26:10:26:22 | context.query | semmle.label | context.query | +| pages/[id].jsx:26:10:26:30 | context ... .foobar | semmle.label | context ... .foobar | +| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | semmle.label | context ... r \|\| "" | +| react-native.js:7:7:7:33 | tainted | semmle.label | tainted | +| react-native.js:7:17:7:33 | req.param("code") | semmle.label | req.param("code") | +| react-native.js:8:18:8:24 | tainted | semmle.label | tainted | +| react-native.js:9:27:9:33 | tainted | semmle.label | tainted | +| react-use-context.js:10:22:10:32 | window.name | semmle.label | window.name | +| react-use-context.js:16:26:16:36 | window.name | semmle.label | window.name | +| react-use-router.js:8:21:8:32 | router.query | semmle.label | router.query | +| react-use-router.js:8:21:8:39 | router.query.foobar | semmle.label | router.query.foobar | +| react-use-router.js:11:24:11:35 | router.query | semmle.label | router.query | +| react-use-router.js:11:24:11:42 | router.query.foobar | semmle.label | router.query.foobar | +| react-use-router.js:23:31:23:36 | [post update] router | semmle.label | [post update] router | +| react-use-router.js:23:43:23:48 | router | semmle.label | router | +| react-use-router.js:23:43:23:54 | router.query | semmle.label | router.query | +| react-use-router.js:23:43:23:61 | router.query.foobar | semmle.label | router.query.foobar | +| react-use-router.js:33:21:33:32 | router.query | semmle.label | router.query | +| react-use-router.js:33:21:33:39 | router.query.foobar | semmle.label | router.query.foobar | +| react-use-state.js:4:9:4:49 | state | semmle.label | state | +| react-use-state.js:4:10:4:14 | state | semmle.label | state | +| react-use-state.js:4:38:4:48 | window.name | semmle.label | window.name | +| react-use-state.js:5:51:5:55 | state | semmle.label | state | +| react-use-state.js:9:9:9:43 | state | semmle.label | state | +| react-use-state.js:9:10:9:14 | state | semmle.label | state | +| react-use-state.js:10:14:10:24 | window.name | semmle.label | window.name | +| react-use-state.js:11:51:11:55 | state | semmle.label | state | +| react-use-state.js:15:9:15:43 | state | semmle.label | state | +| react-use-state.js:15:10:15:14 | state | semmle.label | state | +| react-use-state.js:16:20:16:30 | window.name | semmle.label | window.name | +| react-use-state.js:17:51:17:55 | state | semmle.label | state | +| react-use-state.js:21:10:21:14 | state | semmle.label | state | +| react-use-state.js:22:14:22:17 | prev | semmle.label | prev | +| react-use-state.js:23:35:23:38 | prev | semmle.label | prev | +| react-use-state.js:25:20:25:30 | window.name | semmle.label | window.name | +| sanitiser.js:16:7:16:27 | tainted | semmle.label | tainted | +| sanitiser.js:16:17:16:27 | window.name | semmle.label | window.name | +| sanitiser.js:23:21:23:44 | '' + ... '' | semmle.label | '' + ... '' | +| sanitiser.js:23:29:23:35 | tainted | semmle.label | tainted | +| sanitiser.js:25:21:25:44 | '' + ... '' | semmle.label | '' + ... '' | +| sanitiser.js:25:29:25:35 | tainted | semmle.label | tainted | +| sanitiser.js:28:21:28:44 | '' + ... '' | semmle.label | '' + ... '' | +| sanitiser.js:28:29:28:35 | tainted | semmle.label | tainted | +| sanitiser.js:30:21:30:44 | '' + ... '' | semmle.label | '' + ... '' | +| sanitiser.js:30:29:30:35 | tainted | semmle.label | tainted | +| sanitiser.js:33:21:33:44 | '' + ... '' | semmle.label | '' + ... '' | +| sanitiser.js:33:29:33:35 | tainted | semmle.label | tainted | +| sanitiser.js:35:21:35:44 | '' + ... '' | semmle.label | '' + ... '' | +| sanitiser.js:35:29:35:35 | tainted | semmle.label | tainted | +| sanitiser.js:38:21:38:44 | '' + ... '' | semmle.label | '' + ... '' | +| sanitiser.js:38:29:38:35 | tainted | semmle.label | tainted | +| sanitiser.js:45:21:45:44 | '' + ... '' | semmle.label | '' + ... '' | +| sanitiser.js:45:29:45:35 | tainted | semmle.label | tainted | +| sanitiser.js:48:19:48:25 | tainted | semmle.label | tainted | +| sanitiser.js:48:19:48:46 | tainted ... /g, '') | semmle.label | tainted ... /g, '') | +| stored-xss.js:2:39:2:62 | documen ... .search | semmle.label | documen ... .search | +| stored-xss.js:3:35:3:58 | documen ... .search | semmle.label | documen ... .search | +| stored-xss.js:5:20:5:52 | session ... ssion') | semmle.label | session ... ssion') | +| stored-xss.js:8:20:8:48 | localSt ... local') | semmle.label | localSt ... local') | +| stored-xss.js:10:9:10:44 | href | semmle.label | href | +| stored-xss.js:10:16:10:44 | localSt ... local') | semmle.label | localSt ... local') | +| stored-xss.js:12:20:12:54 | "" | semmle.label | "" | +| stored-xss.js:12:35:12:38 | href | semmle.label | href | +| string-manipulations.js:3:16:3:32 | document.location | semmle.label | document.location | +| string-manipulations.js:4:16:4:37 | documen ... on.href | semmle.label | documen ... on.href | +| string-manipulations.js:5:16:5:37 | documen ... on.href | semmle.label | documen ... on.href | +| string-manipulations.js:5:16:5:47 | documen ... lueOf() | semmle.label | documen ... lueOf() | +| string-manipulations.js:6:16:6:37 | documen ... on.href | semmle.label | documen ... on.href | +| string-manipulations.js:6:16:6:43 | documen ... f.sup() | semmle.label | documen ... f.sup() | +| string-manipulations.js:7:16:7:37 | documen ... on.href | semmle.label | documen ... on.href | +| string-manipulations.js:7:16:7:51 | documen ... rCase() | semmle.label | documen ... rCase() | +| string-manipulations.js:8:16:8:37 | documen ... on.href | semmle.label | documen ... on.href | +| string-manipulations.js:8:16:8:48 | documen ... mLeft() | semmle.label | documen ... mLeft() | +| string-manipulations.js:9:16:9:58 | String. ... n.href) | semmle.label | String. ... n.href) | +| string-manipulations.js:9:36:9:57 | documen ... on.href | semmle.label | documen ... on.href | +| string-manipulations.js:10:16:10:45 | String( ... n.href) | semmle.label | String( ... n.href) | +| string-manipulations.js:10:23:10:44 | documen ... on.href | semmle.label | documen ... on.href | +| tooltip.jsx:6:11:6:30 | source | semmle.label | source | +| tooltip.jsx:6:20:6:30 | window.name | semmle.label | window.name | +| tooltip.jsx:10:25:10:30 | source | semmle.label | source | +| tooltip.jsx:11:25:11:30 | source | semmle.label | source | +| tooltip.jsx:18:51:18:59 | provide() | semmle.label | provide() | +| tooltip.jsx:22:11:22:30 | source | semmle.label | source | +| tooltip.jsx:22:20:22:30 | window.name | semmle.label | window.name | +| tooltip.jsx:23:38:23:43 | source | semmle.label | source | +| translate.js:6:7:6:39 | target | semmle.label | target | +| translate.js:6:16:6:39 | documen ... .search | semmle.label | documen ... .search | +| translate.js:7:7:7:61 | searchParams | semmle.label | searchParams | +| translate.js:7:22:7:61 | new URL ... ing(1)) | semmle.label | new URL ... ing(1)) | +| translate.js:7:42:7:47 | target | semmle.label | target | +| translate.js:7:42:7:60 | target.substring(1) | semmle.label | target.substring(1) | +| translate.js:9:27:9:38 | searchParams | semmle.label | searchParams | +| translate.js:9:27:9:50 | searchP ... 'term') | semmle.label | searchP ... 'term') | +| trusted-types-lib.js:1:28:1:28 | x | semmle.label | x | +| trusted-types-lib.js:2:12:2:12 | x | semmle.label | x | +| trusted-types.js:3:62:3:62 | x | semmle.label | x | +| trusted-types.js:3:67:3:67 | x | semmle.label | x | +| trusted-types.js:4:20:4:30 | window.name | semmle.label | window.name | +| trusted-types.js:13:20:13:30 | window.name | semmle.label | window.name | +| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | semmle.label | JSON.pa ... tr(1))) | +| tst3.js:2:23:2:74 | decodeU ... str(1)) | semmle.label | decodeU ... str(1)) | +| tst3.js:2:42:2:63 | window. ... .search | semmle.label | window. ... .search | +| tst3.js:2:42:2:73 | window. ... bstr(1) | semmle.label | window. ... bstr(1) | +| tst3.js:4:25:4:28 | data | semmle.label | data | +| tst3.js:4:25:4:32 | data.src | semmle.label | data.src | +| tst3.js:5:26:5:29 | data | semmle.label | data | +| tst3.js:5:26:5:31 | data.p | semmle.label | data.p | +| tst3.js:7:32:7:35 | data | semmle.label | data | +| tst3.js:7:32:7:37 | data.p | semmle.label | data.p | +| tst3.js:9:37:9:40 | data | semmle.label | data | +| tst3.js:9:37:9:42 | data.p | semmle.label | data.p | +| tst3.js:10:38:10:41 | data | semmle.label | data | +| tst3.js:10:38:10:43 | data.p | semmle.label | data.p | +| tst.js:2:7:2:39 | target | semmle.label | target | +| tst.js:2:16:2:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:5:18:5:23 | target | semmle.label | target | +| tst.js:8:18:8:126 | "" | semmle.label | "" | +| tst.js:8:37:8:58 | documen ... on.href | semmle.label | documen ... on.href | +| tst.js:8:37:8:114 | documen ... t=")+8) | semmle.label | documen ... t=")+8) | +| tst.js:12:5:12:42 | '
' | semmle.label | '
' | +| tst.js:12:28:12:33 | target | semmle.label | target | +| tst.js:17:7:17:56 | params | semmle.label | params | +| tst.js:17:16:17:43 | (new UR ... ation)) [searchParams] | semmle.label | (new UR ... ation)) [searchParams] | +| tst.js:17:16:17:56 | (new UR ... hParams | semmle.label | (new UR ... hParams | +| tst.js:17:17:17:42 | new URL ... cation) [searchParams] | semmle.label | new URL ... cation) [searchParams] | +| tst.js:17:25:17:41 | document.location | semmle.label | document.location | +| tst.js:18:18:18:23 | params | semmle.label | params | +| tst.js:18:18:18:35 | params.get('name') | semmle.label | params.get('name') | +| tst.js:20:7:20:61 | searchParams | semmle.label | searchParams | +| tst.js:20:22:20:61 | new URL ... ing(1)) | semmle.label | new URL ... ing(1)) | +| tst.js:20:42:20:47 | target | semmle.label | target | +| tst.js:20:42:20:60 | target.substring(1) | semmle.label | target.substring(1) | +| tst.js:21:18:21:29 | searchParams | semmle.label | searchParams | +| tst.js:21:18:21:41 | searchP ... 'name') | semmle.label | searchP ... 'name') | +| tst.js:24:14:24:19 | target | semmle.label | target | +| tst.js:26:18:26:23 | target | semmle.label | target | +| tst.js:28:5:28:28 | documen ... .search | semmle.label | documen ... .search | +| tst.js:31:10:31:33 | documen ... .search | semmle.label | documen ... .search | +| tst.js:34:16:34:20 | bar() | semmle.label | bar() | +| tst.js:36:14:36:14 | x | semmle.label | x | +| tst.js:37:10:37:10 | x | semmle.label | x | +| tst.js:40:16:40:44 | baz(doc ... search) | semmle.label | baz(doc ... search) | +| tst.js:40:20:40:43 | documen ... .search | semmle.label | documen ... .search | +| tst.js:42:15:42:15 | s | semmle.label | s | +| tst.js:43:10:43:31 | "
" ...
" | semmle.label | "
" ...
" | +| tst.js:43:20:43:20 | s | semmle.label | s | +| tst.js:46:16:46:45 | wrap(do ... search) | semmle.label | wrap(do ... search) | +| tst.js:46:21:46:44 | documen ... .search | semmle.label | documen ... .search | +| tst.js:48:15:48:15 | s | semmle.label | s | +| tst.js:50:12:50:12 | s | semmle.label | s | +| tst.js:50:12:50:22 | s.substr(1) | semmle.label | s.substr(1) | +| tst.js:54:16:54:45 | chop(do ... search) | semmle.label | chop(do ... search) | +| tst.js:54:21:54:44 | documen ... .search | semmle.label | documen ... .search | +| tst.js:56:16:56:45 | chop(do ... search) | semmle.label | chop(do ... search) | +| tst.js:56:21:56:44 | documen ... .search | semmle.label | documen ... .search | +| tst.js:58:16:58:32 | wrap(chop(bar())) | semmle.label | wrap(chop(bar())) | +| tst.js:58:21:58:31 | chop(bar()) | semmle.label | chop(bar()) | +| tst.js:58:26:58:30 | bar() | semmle.label | bar() | +| tst.js:60:34:60:34 | s | semmle.label | s | +| tst.js:62:18:62:18 | s | semmle.label | s | +| tst.js:64:25:64:48 | documen ... .search | semmle.label | documen ... .search | +| tst.js:65:25:65:48 | documen ... .search | semmle.label | documen ... .search | +| tst.js:68:16:68:20 | bar() | semmle.label | bar() | +| tst.js:70:1:70:27 | [,docum ... search] | semmle.label | [,docum ... search] | +| tst.js:70:1:70:27 | [,docum ... search] [1] | semmle.label | [,docum ... search] [1] | +| tst.js:70:3:70:26 | documen ... .search | semmle.label | documen ... .search | +| tst.js:70:46:70:46 | x | semmle.label | x | +| tst.js:73:20:73:20 | x | semmle.label | x | +| tst.js:77:49:77:72 | documen ... .search | semmle.label | documen ... .search | +| tst.js:81:26:81:49 | documen ... .search | semmle.label | documen ... .search | +| tst.js:82:25:82:48 | documen ... .search | semmle.label | documen ... .search | +| tst.js:84:33:84:56 | documen ... .search | semmle.label | documen ... .search | +| tst.js:85:32:85:55 | documen ... .search | semmle.label | documen ... .search | +| tst.js:90:39:90:62 | documen ... .search | semmle.label | documen ... .search | +| tst.js:96:30:96:53 | documen ... .search | semmle.label | documen ... .search | +| tst.js:102:25:102:48 | documen ... .search | semmle.label | documen ... .search | +| tst.js:107:7:107:44 | v | semmle.label | v | +| tst.js:107:11:107:34 | documen ... .search | semmle.label | documen ... .search | +| tst.js:107:11:107:44 | documen ... bstr(1) | semmle.label | documen ... bstr(1) | +| tst.js:110:18:110:18 | v | semmle.label | v | +| tst.js:136:18:136:18 | v | semmle.label | v | +| tst.js:148:29:148:50 | window. ... .search | semmle.label | window. ... .search | +| tst.js:151:29:151:29 | v | semmle.label | v | +| tst.js:151:49:151:49 | v | semmle.label | v | +| tst.js:155:29:155:46 | xssSourceService() | semmle.label | xssSourceService() | +| tst.js:158:40:158:61 | window. ... .search | semmle.label | window. ... .search | +| tst.js:177:9:177:41 | target | semmle.label | target | +| tst.js:177:18:177:41 | documen ... .search | semmle.label | documen ... .search | +| tst.js:180:28:180:33 | target | semmle.label | target | +| tst.js:184:9:184:42 | tainted | semmle.label | tainted | +| tst.js:184:19:184:42 | documen ... .search | semmle.label | documen ... .search | +| tst.js:186:31:186:37 | tainted | semmle.label | tainted | +| tst.js:188:42:188:48 | tainted | semmle.label | tainted | +| tst.js:189:33:189:39 | tainted | semmle.label | tainted | +| tst.js:191:54:191:60 | tainted | semmle.label | tainted | +| tst.js:192:45:192:51 | tainted | semmle.label | tainted | +| tst.js:193:49:193:55 | tainted | semmle.label | tainted | +| tst.js:197:9:197:42 | tainted | semmle.label | tainted | +| tst.js:197:19:197:42 | documen ... .search | semmle.label | documen ... .search | +| tst.js:199:67:199:73 | tainted | semmle.label | tainted | +| tst.js:200:67:200:73 | tainted | semmle.label | tainted | +| tst.js:204:35:204:41 | tainted | semmle.label | tainted | +| tst.js:206:46:206:52 | tainted | semmle.label | tainted | +| tst.js:207:38:207:44 | tainted | semmle.label | tainted | +| tst.js:208:35:208:41 | tainted | semmle.label | tainted | +| tst.js:212:28:212:46 | this.state.tainted1 | semmle.label | this.state.tainted1 | +| tst.js:213:28:213:46 | this.state.tainted2 | semmle.label | this.state.tainted2 | +| tst.js:214:28:214:46 | this.state.tainted3 | semmle.label | this.state.tainted3 | +| tst.js:218:32:218:49 | prevState.tainted4 | semmle.label | prevState.tainted4 | +| tst.js:225:28:225:46 | this.props.tainted1 | semmle.label | this.props.tainted1 | +| tst.js:226:28:226:46 | this.props.tainted2 | semmle.label | this.props.tainted2 | +| tst.js:227:28:227:46 | this.props.tainted3 | semmle.label | this.props.tainted3 | +| tst.js:231:32:231:49 | prevProps.tainted4 | semmle.label | prevProps.tainted4 | +| tst.js:236:35:236:41 | tainted | semmle.label | tainted | +| tst.js:238:20:238:26 | tainted | semmle.label | tainted | +| tst.js:240:23:240:29 | tainted | semmle.label | tainted | +| tst.js:241:23:241:29 | tainted | semmle.label | tainted | +| tst.js:247:39:247:55 | props.propTainted | semmle.label | props.propTainted | +| tst.js:251:60:251:82 | this.st ... Tainted | semmle.label | this.st ... Tainted | +| tst.js:255:23:255:29 | tainted | semmle.label | tainted | +| tst.js:259:7:259:17 | window.name | semmle.label | window.name | +| tst.js:260:7:260:10 | name | semmle.label | name | +| tst.js:264:11:264:21 | window.name | semmle.label | window.name | +| tst.js:280:22:280:29 | location | semmle.label | location | +| tst.js:285:9:285:29 | tainted | semmle.label | tainted | +| tst.js:285:19:285:29 | window.name | semmle.label | window.name | +| tst.js:288:59:288:65 | tainted | semmle.label | tainted | +| tst.js:301:9:301:16 | location | semmle.label | location | +| tst.js:302:10:302:10 | e | semmle.label | e | +| tst.js:303:20:303:20 | e | semmle.label | e | +| tst.js:308:10:308:17 | location | semmle.label | location | +| tst.js:310:10:310:10 | e | semmle.label | e | +| tst.js:311:20:311:20 | e | semmle.label | e | +| tst.js:316:35:316:42 | location | semmle.label | location | +| tst.js:327:10:327:35 | new URL ... cation) [searchParams] | semmle.label | new URL ... cation) [searchParams] | +| tst.js:327:18:327:34 | document.location | semmle.label | document.location | +| tst.js:331:7:331:43 | params | semmle.label | params | +| tst.js:331:16:331:30 | getTaintedUrl() [searchParams] | semmle.label | getTaintedUrl() [searchParams] | +| tst.js:331:16:331:43 | getTain ... hParams | semmle.label | getTain ... hParams | +| tst.js:332:18:332:23 | params | semmle.label | params | +| tst.js:332:18:332:35 | params.get('name') | semmle.label | params.get('name') | +| tst.js:341:12:341:37 | new URL ... cation) [hash] | semmle.label | new URL ... cation) [hash] | +| tst.js:341:20:341:36 | document.location | semmle.label | document.location | +| tst.js:343:5:343:12 | getUrl() [hash] | semmle.label | getUrl() [hash] | +| tst.js:343:5:343:17 | getUrl().hash | semmle.label | getUrl().hash | +| tst.js:343:5:343:30 | getUrl( ... ring(1) | semmle.label | getUrl( ... ring(1) | +| tst.js:348:7:348:39 | target | semmle.label | target | +| tst.js:348:16:348:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:349:12:349:17 | target | semmle.label | target | +| tst.js:355:10:355:42 | target | semmle.label | target | +| tst.js:355:19:355:42 | documen ... .search | semmle.label | documen ... .search | +| tst.js:356:16:356:21 | target | semmle.label | target | +| tst.js:360:21:360:26 | target | semmle.label | target | +| tst.js:363:18:363:23 | target | semmle.label | target | +| tst.js:371:7:371:39 | target | semmle.label | target | +| tst.js:371:16:371:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:374:18:374:23 | target | semmle.label | target | +| tst.js:381:7:381:39 | target | semmle.label | target | +| tst.js:381:7:381:39 | target [taint3] | semmle.label | target [taint3] | +| tst.js:381:7:381:39 | target [taint8] | semmle.label | target [taint8] | +| tst.js:381:16:381:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:384:18:384:23 | target | semmle.label | target | +| tst.js:386:18:386:23 | target | semmle.label | target | +| tst.js:386:18:386:29 | target.taint | semmle.label | target.taint | +| tst.js:391:3:391:8 | [post update] target [taint3] | semmle.label | [post update] target [taint3] | +| tst.js:391:19:391:42 | documen ... .search | semmle.label | documen ... .search | +| tst.js:392:18:392:23 | target [taint3] | semmle.label | target [taint3] | +| tst.js:392:18:392:30 | target.taint3 | semmle.label | target.taint3 | +| tst.js:397:18:397:23 | target | semmle.label | target | +| tst.js:397:18:397:30 | target.taint5 | semmle.label | target.taint5 | +| tst.js:406:18:406:23 | target | semmle.label | target | +| tst.js:406:18:406:30 | target.taint7 | semmle.label | target.taint7 | +| tst.js:408:3:408:8 | [post update] target [taint8] | semmle.label | [post update] target [taint8] | +| tst.js:408:19:408:24 | target | semmle.label | target | +| tst.js:408:19:408:24 | target [taint8] | semmle.label | target [taint8] | +| tst.js:408:19:408:31 | target.taint8 | semmle.label | target.taint8 | +| tst.js:409:18:409:23 | target [taint8] | semmle.label | target [taint8] | +| tst.js:409:18:409:30 | target.taint8 | semmle.label | target.taint8 | +| tst.js:416:7:416:46 | payload | semmle.label | payload | +| tst.js:416:17:416:36 | window.location.hash | semmle.label | window.location.hash | +| tst.js:416:17:416:46 | window. ... bstr(1) | semmle.label | window. ... bstr(1) | +| tst.js:417:18:417:24 | payload | semmle.label | payload | +| tst.js:419:7:419:55 | match | semmle.label | match | +| tst.js:419:15:419:34 | window.location.hash | semmle.label | window.location.hash | +| tst.js:419:15:419:55 | window. ... (\\w+)/) | semmle.label | window. ... (\\w+)/) | +| tst.js:421:20:421:24 | match | semmle.label | match | +| tst.js:421:20:421:27 | match[1] | semmle.label | match[1] | +| tst.js:424:18:424:37 | window.location.hash | semmle.label | window.location.hash | +| tst.js:424:18:424:48 | window. ... it('#') | semmle.label | window. ... it('#') | +| tst.js:424:18:424:51 | window. ... '#')[1] | semmle.label | window. ... '#')[1] | +| tst.js:428:7:428:39 | target | semmle.label | target | +| tst.js:428:16:428:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:430:18:430:23 | target | semmle.label | target | +| tst.js:430:18:430:89 | target. ... data>') | semmle.label | target. ... data>') | +| tst.js:436:6:436:38 | source | semmle.label | source | +| tst.js:436:15:436:38 | documen ... .search | semmle.label | documen ... .search | +| tst.js:440:28:440:33 | source | semmle.label | source | +| tst.js:441:33:441:38 | source | semmle.label | source | +| tst.js:442:34:442:39 | source | semmle.label | source | +| tst.js:443:41:443:46 | source | semmle.label | source | +| tst.js:444:44:444:49 | source | semmle.label | source | +| tst.js:445:32:445:37 | source | semmle.label | source | +| tst.js:453:7:453:39 | source | semmle.label | source | +| tst.js:453:16:453:39 | documen ... .search | semmle.label | documen ... .search | +| tst.js:455:18:455:23 | source | semmle.label | source | +| tst.js:456:18:456:42 | ansiToH ... source) | semmle.label | ansiToH ... source) | +| tst.js:456:36:456:41 | source | semmle.label | source | +| tst.js:460:6:460:38 | source | semmle.label | source | +| tst.js:460:15:460:38 | documen ... .search | semmle.label | documen ... .search | +| tst.js:463:21:463:26 | source | semmle.label | source | +| tst.js:465:19:465:24 | source | semmle.label | source | +| tst.js:467:20:467:25 | source | semmle.label | source | +| tst.js:471:7:471:46 | url | semmle.label | url | +| tst.js:471:13:471:36 | documen ... .search | semmle.label | documen ... .search | +| tst.js:471:13:471:46 | documen ... bstr(1) | semmle.label | documen ... bstr(1) | +| tst.js:473:19:473:21 | url | semmle.label | url | +| tst.js:474:26:474:28 | url | semmle.label | url | +| tst.js:475:25:475:27 | url | semmle.label | url | +| tst.js:476:20:476:22 | url | semmle.label | url | +| tst.js:486:22:486:24 | url | semmle.label | url | +| tst.js:491:23:491:35 | location.hash | semmle.label | location.hash | +| tst.js:491:23:491:45 | locatio ... bstr(1) | semmle.label | locatio ... bstr(1) | +| tst.js:494:18:494:30 | location.hash | semmle.label | location.hash | +| tst.js:494:18:494:40 | locatio ... bstr(1) | semmle.label | locatio ... bstr(1) | +| tst.js:501:33:501:63 | decodeU ... n.hash) | semmle.label | decodeU ... n.hash) | +| tst.js:501:43:501:62 | window.location.hash | semmle.label | window.location.hash | +| typeahead.js:9:28:9:30 | loc | semmle.label | loc | +| typeahead.js:10:16:10:18 | loc | semmle.label | loc | +| typeahead.js:20:13:20:45 | target | semmle.label | target | +| typeahead.js:20:22:20:45 | documen ... .search | semmle.label | documen ... .search | +| typeahead.js:21:12:21:17 | target | semmle.label | target | +| typeahead.js:24:30:24:32 | val | semmle.label | val | +| typeahead.js:25:18:25:20 | val | semmle.label | val | +| various-concat-obfuscations.js:2:6:2:39 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:2:16:2:39 | documen ... .search | semmle.label | documen ... .search | +| various-concat-obfuscations.js:4:4:4:31 | "
" ...
" | semmle.label | "
" ...
" | +| various-concat-obfuscations.js:4:14:4:20 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:5:4:5:26 | `
$ ...
` | semmle.label | `
$ ...
` | +| various-concat-obfuscations.js:5:12:5:18 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:6:4:6:26 | "
" ... ainted) | semmle.label | "
" ... ainted) | +| various-concat-obfuscations.js:6:4:6:43 | "
" ... /div>") | semmle.label | "
" ... /div>") | +| various-concat-obfuscations.js:6:19:6:25 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:7:4:7:31 | ["
... /div>"] | semmle.label | ["
... /div>"] | +| various-concat-obfuscations.js:7:4:7:38 | ["
... .join() | semmle.label | ["
... .join() | +| various-concat-obfuscations.js:7:14:7:20 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:9:4:9:34 | "
" | semmle.label | "
" | +| various-concat-obfuscations.js:9:19:9:25 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:10:4:10:27 | `
` | semmle.label | `
` | +| various-concat-obfuscations.js:10:16:10:22 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:11:4:11:31 | "
") | semmle.label | "
") | +| various-concat-obfuscations.js:11:24:11:30 | tainted | semmle.label | tainted | +| various-concat-obfuscations.js:12:4:12:34 | ["
"] | semmle.label | ["
"] | +| various-concat-obfuscations.js:12:4:12:41 | ["
' | semmle.label | '
' | +| various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | semmle.label | (attrs. ... 'left') | +| various-concat-obfuscations.js:15:28:15:32 | attrs | semmle.label | attrs | +| various-concat-obfuscations.js:15:28:15:44 | attrs.defaultattr | semmle.label | attrs.defaultattr | +| various-concat-obfuscations.js:17:24:17:28 | attrs | semmle.label | attrs | +| various-concat-obfuscations.js:18:10:18:59 | '
') | semmle.label | '
') | +| various-concat-obfuscations.js:18:32:18:36 | attrs | semmle.label | attrs | +| various-concat-obfuscations.js:18:32:18:48 | attrs.defaultattr | semmle.label | attrs.defaultattr | +| various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | semmle.label | attrs.d ... 'left' | +| various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | semmle.label | indirec ... .attrs) | +| various-concat-obfuscations.js:20:17:20:40 | documen ... .search | semmle.label | documen ... .search | +| various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | semmle.label | documen ... h.attrs | +| various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | semmle.label | indirec ... .attrs) | +| various-concat-obfuscations.js:21:17:21:40 | documen ... .search | semmle.label | documen ... .search | +| various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | semmle.label | documen ... h.attrs | +| winjs.js:2:7:2:53 | tainted | semmle.label | tainted | +| winjs.js:2:17:2:40 | documen ... .search | semmle.label | documen ... .search | +| winjs.js:2:17:2:53 | documen ... ring(1) | semmle.label | documen ... ring(1) | +| winjs.js:3:43:3:49 | tainted | semmle.label | tainted | +| winjs.js:4:43:4:49 | tainted | semmle.label | tainted | +| xmlRequest.js:8:13:8:47 | json | semmle.label | json | +| xmlRequest.js:8:20:8:47 | JSON.pa ... seText) | semmle.label | JSON.pa ... seText) | +| xmlRequest.js:8:31:8:46 | xhr.responseText | semmle.label | xhr.responseText | +| xmlRequest.js:9:28:9:31 | json | semmle.label | json | +| xmlRequest.js:9:28:9:39 | json.message | semmle.label | json.message | +| xmlRequest.js:20:11:20:48 | resp | semmle.label | resp | +| xmlRequest.js:20:18:20:48 | await g ... rl }}") | semmle.label | await g ... rl }}") | +| xmlRequest.js:20:24:20:48 | got.get ... rl }}") | semmle.label | got.get ... rl }}") | +| xmlRequest.js:21:11:21:38 | json | semmle.label | json | +| xmlRequest.js:21:18:21:38 | JSON.pa ... p.body) | semmle.label | JSON.pa ... p.body) | +| xmlRequest.js:21:29:21:32 | resp | semmle.label | resp | +| xmlRequest.js:21:29:21:37 | resp.body | semmle.label | resp.body | +| xmlRequest.js:22:24:22:27 | json | semmle.label | json | +| xmlRequest.js:22:24:22:35 | json.message | semmle.label | json.message | edges -| addEventListener.js:1:43:1:47 | event | addEventListener.js:2:20:2:24 | event | -| addEventListener.js:1:43:1:47 | event | addEventListener.js:2:20:2:24 | event | -| addEventListener.js:1:43:1:47 | event | addEventListener.js:2:20:2:24 | event | -| addEventListener.js:1:43:1:47 | event | addEventListener.js:2:20:2:24 | event | -| addEventListener.js:2:20:2:24 | event | addEventListener.js:2:20:2:29 | event.data | -| addEventListener.js:2:20:2:24 | event | addEventListener.js:2:20:2:29 | event.data | -| addEventListener.js:2:20:2:24 | event | addEventListener.js:2:20:2:29 | event.data | -| addEventListener.js:2:20:2:24 | event | addEventListener.js:2:20:2:29 | event.data | -| addEventListener.js:5:43:5:48 | data | addEventListener.js:6:20:6:23 | data | -| addEventListener.js:5:43:5:48 | data | addEventListener.js:6:20:6:23 | data | -| addEventListener.js:5:43:5:48 | data | addEventListener.js:6:20:6:23 | data | -| addEventListener.js:5:43:5:48 | data | addEventListener.js:6:20:6:23 | data | -| addEventListener.js:5:43:5:48 | {data} | addEventListener.js:5:44:5:47 | data | -| addEventListener.js:5:43:5:48 | {data} | addEventListener.js:5:44:5:47 | data | -| addEventListener.js:5:43:5:48 | {data} | addEventListener.js:5:44:5:47 | data | -| addEventListener.js:5:43:5:48 | {data} | addEventListener.js:5:44:5:47 | data | -| addEventListener.js:5:44:5:47 | data | addEventListener.js:5:43:5:48 | data | -| addEventListener.js:5:44:5:47 | data | addEventListener.js:5:43:5:48 | data | -| addEventListener.js:10:21:10:25 | event | addEventListener.js:12:24:12:28 | event | -| addEventListener.js:10:21:10:25 | event | addEventListener.js:12:24:12:28 | event | -| addEventListener.js:10:21:10:25 | event | addEventListener.js:12:24:12:28 | event | -| addEventListener.js:10:21:10:25 | event | addEventListener.js:12:24:12:28 | event | -| addEventListener.js:12:24:12:28 | event | addEventListener.js:12:24:12:33 | event.data | -| addEventListener.js:12:24:12:28 | event | addEventListener.js:12:24:12:33 | event.data | -| addEventListener.js:12:24:12:28 | event | addEventListener.js:12:24:12:33 | event.data | -| addEventListener.js:12:24:12:28 | event | addEventListener.js:12:24:12:33 | event.data | -| angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | angular2-client.ts:22:44:22:71 | \\u0275getDOM ... ().href | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | -| angular2-client.ts:26:44:26:71 | this.ro ... ragment | angular2-client.ts:26:44:26:71 | this.ro ... ragment | -| angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | angular2-client.ts:27:44:27:82 | this.ro ... ('foo') | -| angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | angular2-client.ts:28:44:28:87 | this.ro ... ('foo') | -| angular2-client.ts:30:46:30:59 | map.get('foo') | angular2-client.ts:30:46:30:59 | map.get('foo') | -| angular2-client.ts:33:44:33:74 | this.ro ... 1].path | angular2-client.ts:33:44:33:74 | this.ro ... 1].path | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | -| angular2-client.ts:35:44:35:91 | this.ro ... et('x') | angular2-client.ts:35:44:35:91 | this.ro ... et('x') | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | -| angular2-client.ts:38:44:38:58 | this.router.url | angular2-client.ts:38:44:38:58 | this.router.url | -| angular2-client.ts:40:45:40:59 | this.router.url | angular2-client.ts:40:45:40:59 | this.router.url | -| angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | angular2-client.ts:44:44:44:76 | routeSn ... ('foo') | -| classnames.js:7:47:7:69 | classNa ... w.name) | classnames.js:7:31:7:84 | `` | -| classnames.js:7:47:7:69 | classNa ... w.name) | classnames.js:7:31:7:84 | `` | -| classnames.js:7:58:7:68 | window.name | classnames.js:7:47:7:69 | classNa ... w.name) | -| classnames.js:7:58:7:68 | window.name | classnames.js:7:47:7:69 | classNa ... w.name) | -| classnames.js:8:47:8:70 | classNa ... w.name) | classnames.js:8:31:8:85 | `` | -| classnames.js:8:47:8:70 | classNa ... w.name) | classnames.js:8:31:8:85 | `` | -| classnames.js:8:59:8:69 | window.name | classnames.js:8:47:8:70 | classNa ... w.name) | -| classnames.js:8:59:8:69 | window.name | classnames.js:8:47:8:70 | classNa ... w.name) | -| classnames.js:9:47:9:70 | classNa ... w.name) | classnames.js:9:31:9:85 | `` | -| classnames.js:9:47:9:70 | classNa ... w.name) | classnames.js:9:31:9:85 | `` | -| classnames.js:9:59:9:69 | window.name | classnames.js:9:47:9:70 | classNa ... w.name) | -| classnames.js:9:59:9:69 | window.name | classnames.js:9:47:9:70 | classNa ... w.name) | -| classnames.js:10:45:10:55 | window.name | classnames.js:11:47:11:64 | unsafeStyle('foo') | -| classnames.js:10:45:10:55 | window.name | classnames.js:11:47:11:64 | unsafeStyle('foo') | -| classnames.js:11:47:11:64 | unsafeStyle('foo') | classnames.js:11:31:11:79 | `` | -| classnames.js:11:47:11:64 | unsafeStyle('foo') | classnames.js:11:31:11:79 | `` | -| classnames.js:13:47:13:68 | safeSty ... w.name) | classnames.js:13:31:13:83 | `` | -| classnames.js:13:47:13:68 | safeSty ... w.name) | classnames.js:13:31:13:83 | `` | -| classnames.js:13:57:13:67 | window.name | classnames.js:13:47:13:68 | safeSty ... w.name) | -| classnames.js:13:57:13:67 | window.name | classnames.js:13:47:13:68 | safeSty ... w.name) | -| classnames.js:15:47:15:63 | clsx(window.name) | classnames.js:15:31:15:78 | `` | -| classnames.js:15:47:15:63 | clsx(window.name) | classnames.js:15:31:15:78 | `` | -| classnames.js:15:52:15:62 | window.name | classnames.js:15:47:15:63 | clsx(window.name) | -| classnames.js:15:52:15:62 | window.name | classnames.js:15:47:15:63 | clsx(window.name) | -| classnames.js:17:48:17:64 | clsx(window.name) | classnames.js:17:32:17:79 | `` | -| classnames.js:17:48:17:64 | clsx(window.name) | classnames.js:17:32:17:79 | `` | -| classnames.js:17:53:17:63 | window.name | classnames.js:17:48:17:64 | clsx(window.name) | -| classnames.js:17:53:17:63 | window.name | classnames.js:17:48:17:64 | clsx(window.name) | -| clipboard.ts:8:11:8:51 | html | clipboard.ts:15:25:15:28 | html | -| clipboard.ts:8:11:8:51 | html | clipboard.ts:15:25:15:28 | html | -| clipboard.ts:8:11:8:51 | html | clipboard.ts:15:25:15:28 | html | -| clipboard.ts:8:11:8:51 | html | clipboard.ts:15:25:15:28 | html | -| clipboard.ts:8:18:8:51 | clipboa ... /html') | clipboard.ts:8:11:8:51 | html | -| clipboard.ts:8:18:8:51 | clipboa ... /html') | clipboard.ts:8:11:8:51 | html | -| clipboard.ts:8:18:8:51 | clipboa ... /html') | clipboard.ts:8:11:8:51 | html | -| clipboard.ts:8:18:8:51 | clipboa ... /html') | clipboard.ts:8:11:8:51 | html | -| clipboard.ts:24:23:24:58 | e.clipb ... /html') | clipboard.ts:24:23:24:58 | e.clipb ... /html') | -| clipboard.ts:29:19:29:54 | e.clipb ... /html') | clipboard.ts:29:19:29:54 | e.clipb ... /html') | -| clipboard.ts:33:19:33:68 | e.origi ... /html') | clipboard.ts:33:19:33:68 | e.origi ... /html') | -| clipboard.ts:43:15:43:55 | html | clipboard.ts:50:29:50:32 | html | -| clipboard.ts:43:15:43:55 | html | clipboard.ts:50:29:50:32 | html | -| clipboard.ts:43:15:43:55 | html | clipboard.ts:50:29:50:32 | html | -| clipboard.ts:43:15:43:55 | html | clipboard.ts:50:29:50:32 | html | -| clipboard.ts:43:22:43:55 | clipboa ... /html') | clipboard.ts:43:15:43:55 | html | -| clipboard.ts:43:22:43:55 | clipboa ... /html') | clipboard.ts:43:15:43:55 | html | -| clipboard.ts:43:22:43:55 | clipboa ... /html') | clipboard.ts:43:15:43:55 | html | -| clipboard.ts:43:22:43:55 | clipboa ... /html') | clipboard.ts:43:15:43:55 | html | -| clipboard.ts:71:13:71:62 | droppedHtml | clipboard.ts:73:29:73:39 | droppedHtml | -| clipboard.ts:71:13:71:62 | droppedHtml | clipboard.ts:73:29:73:39 | droppedHtml | -| clipboard.ts:71:13:71:62 | droppedHtml | clipboard.ts:73:29:73:39 | droppedHtml | -| clipboard.ts:71:13:71:62 | droppedHtml | clipboard.ts:73:29:73:39 | droppedHtml | -| clipboard.ts:71:27:71:62 | e.clipb ... /html') | clipboard.ts:71:13:71:62 | droppedHtml | -| clipboard.ts:71:27:71:62 | e.clipb ... /html') | clipboard.ts:71:13:71:62 | droppedHtml | -| clipboard.ts:71:27:71:62 | e.clipb ... /html') | clipboard.ts:71:13:71:62 | droppedHtml | -| clipboard.ts:71:27:71:62 | e.clipb ... /html') | clipboard.ts:71:13:71:62 | droppedHtml | -| clipboard.ts:98:15:98:54 | html | clipboard.ts:99:23:99:26 | html | -| clipboard.ts:98:15:98:54 | html | clipboard.ts:99:23:99:26 | html | -| clipboard.ts:98:15:98:54 | html | clipboard.ts:99:23:99:26 | html | -| clipboard.ts:98:15:98:54 | html | clipboard.ts:99:23:99:26 | html | -| clipboard.ts:98:22:98:54 | dataTra ... /html') | clipboard.ts:98:15:98:54 | html | -| clipboard.ts:98:22:98:54 | dataTra ... /html') | clipboard.ts:98:15:98:54 | html | -| clipboard.ts:98:22:98:54 | dataTra ... /html') | clipboard.ts:98:15:98:54 | html | -| clipboard.ts:98:22:98:54 | dataTra ... /html') | clipboard.ts:98:15:98:54 | html | -| custom-element.js:5:26:5:36 | window.name | custom-element.js:5:26:5:36 | window.name | -| d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | -| d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | -| dates.js:9:9:9:69 | taint | dates.js:11:63:11:67 | taint | -| dates.js:9:9:9:69 | taint | dates.js:11:63:11:67 | taint | -| dates.js:9:9:9:69 | taint | dates.js:12:66:12:70 | taint | -| dates.js:9:9:9:69 | taint | dates.js:12:66:12:70 | taint | -| dates.js:9:9:9:69 | taint | dates.js:13:59:13:63 | taint | -| dates.js:9:9:9:69 | taint | dates.js:13:59:13:63 | taint | -| dates.js:9:9:9:69 | taint | dates.js:16:62:16:66 | taint | -| dates.js:9:9:9:69 | taint | dates.js:16:62:16:66 | taint | -| dates.js:9:9:9:69 | taint | dates.js:18:59:18:63 | taint | -| dates.js:9:9:9:69 | taint | dates.js:18:59:18:63 | taint | -| dates.js:9:9:9:69 | taint | dates.js:21:61:21:65 | taint | -| dates.js:9:9:9:69 | taint | dates.js:21:61:21:65 | taint | -| dates.js:9:17:9:69 | decodeU ... ing(1)) | dates.js:9:9:9:69 | taint | -| dates.js:9:17:9:69 | decodeU ... ing(1)) | dates.js:9:9:9:69 | taint | -| dates.js:9:36:9:55 | window.location.hash | dates.js:9:36:9:68 | window. ... ring(1) | -| dates.js:9:36:9:55 | window.location.hash | dates.js:9:36:9:68 | window. ... ring(1) | -| dates.js:9:36:9:55 | window.location.hash | dates.js:9:36:9:68 | window. ... ring(1) | -| dates.js:9:36:9:55 | window.location.hash | dates.js:9:36:9:68 | window. ... ring(1) | -| dates.js:9:36:9:68 | window. ... ring(1) | dates.js:9:17:9:69 | decodeU ... ing(1)) | -| dates.js:9:36:9:68 | window. ... ring(1) | dates.js:9:17:9:69 | decodeU ... ing(1)) | -| dates.js:11:42:11:68 | dateFns ... taint) | dates.js:11:31:11:70 | `Time i ... aint)}` | -| dates.js:11:42:11:68 | dateFns ... taint) | dates.js:11:31:11:70 | `Time i ... aint)}` | -| dates.js:11:42:11:68 | dateFns ... taint) | dates.js:11:31:11:70 | `Time i ... aint)}` | -| dates.js:11:42:11:68 | dateFns ... taint) | dates.js:11:31:11:70 | `Time i ... aint)}` | -| dates.js:11:63:11:67 | taint | dates.js:11:42:11:68 | dateFns ... taint) | -| dates.js:11:63:11:67 | taint | dates.js:11:42:11:68 | dateFns ... taint) | -| dates.js:12:42:12:71 | dateFns ... taint) | dates.js:12:31:12:73 | `Time i ... aint)}` | -| dates.js:12:42:12:71 | dateFns ... taint) | dates.js:12:31:12:73 | `Time i ... aint)}` | -| dates.js:12:42:12:71 | dateFns ... taint) | dates.js:12:31:12:73 | `Time i ... aint)}` | -| dates.js:12:42:12:71 | dateFns ... taint) | dates.js:12:31:12:73 | `Time i ... aint)}` | -| dates.js:12:66:12:70 | taint | dates.js:12:42:12:71 | dateFns ... taint) | -| dates.js:12:66:12:70 | taint | dates.js:12:42:12:71 | dateFns ... taint) | -| dates.js:13:42:13:70 | dateFns ... )(time) | dates.js:13:31:13:72 | `Time i ... time)}` | -| dates.js:13:42:13:70 | dateFns ... )(time) | dates.js:13:31:13:72 | `Time i ... time)}` | -| dates.js:13:42:13:70 | dateFns ... )(time) | dates.js:13:31:13:72 | `Time i ... time)}` | -| dates.js:13:42:13:70 | dateFns ... )(time) | dates.js:13:31:13:72 | `Time i ... time)}` | -| dates.js:13:59:13:63 | taint | dates.js:13:42:13:70 | dateFns ... )(time) | -| dates.js:13:59:13:63 | taint | dates.js:13:42:13:70 | dateFns ... )(time) | -| dates.js:16:42:16:67 | moment( ... (taint) | dates.js:16:31:16:69 | `Time i ... aint)}` | -| dates.js:16:42:16:67 | moment( ... (taint) | dates.js:16:31:16:69 | `Time i ... aint)}` | -| dates.js:16:42:16:67 | moment( ... (taint) | dates.js:16:31:16:69 | `Time i ... aint)}` | -| dates.js:16:42:16:67 | moment( ... (taint) | dates.js:16:31:16:69 | `Time i ... aint)}` | -| dates.js:16:62:16:66 | taint | dates.js:16:42:16:67 | moment( ... (taint) | -| dates.js:16:62:16:66 | taint | dates.js:16:42:16:67 | moment( ... (taint) | -| dates.js:18:42:18:64 | datefor ... taint) | dates.js:18:31:18:66 | `Time i ... aint)}` | -| dates.js:18:42:18:64 | datefor ... taint) | dates.js:18:31:18:66 | `Time i ... aint)}` | -| dates.js:18:42:18:64 | datefor ... taint) | dates.js:18:31:18:66 | `Time i ... aint)}` | -| dates.js:18:42:18:64 | datefor ... taint) | dates.js:18:31:18:66 | `Time i ... aint)}` | -| dates.js:18:59:18:63 | taint | dates.js:18:42:18:64 | datefor ... taint) | -| dates.js:18:59:18:63 | taint | dates.js:18:42:18:64 | datefor ... taint) | -| dates.js:21:42:21:66 | dayjs(t ... (taint) | dates.js:21:31:21:68 | `Time i ... aint)}` | -| dates.js:21:42:21:66 | dayjs(t ... (taint) | dates.js:21:31:21:68 | `Time i ... aint)}` | -| dates.js:21:42:21:66 | dayjs(t ... (taint) | dates.js:21:31:21:68 | `Time i ... aint)}` | -| dates.js:21:42:21:66 | dayjs(t ... (taint) | dates.js:21:31:21:68 | `Time i ... aint)}` | -| dates.js:21:61:21:65 | taint | dates.js:21:42:21:66 | dayjs(t ... (taint) | -| dates.js:21:61:21:65 | taint | dates.js:21:42:21:66 | dayjs(t ... (taint) | -| dates.js:30:9:30:69 | taint | dates.js:37:77:37:81 | taint | -| dates.js:30:9:30:69 | taint | dates.js:37:77:37:81 | taint | -| dates.js:30:9:30:69 | taint | dates.js:38:77:38:81 | taint | -| dates.js:30:9:30:69 | taint | dates.js:38:77:38:81 | taint | -| dates.js:30:9:30:69 | taint | dates.js:39:79:39:83 | taint | -| dates.js:30:9:30:69 | taint | dates.js:39:79:39:83 | taint | -| dates.js:30:9:30:69 | taint | dates.js:40:77:40:81 | taint | -| dates.js:30:9:30:69 | taint | dates.js:40:77:40:81 | taint | -| dates.js:30:17:30:69 | decodeU ... ing(1)) | dates.js:30:9:30:69 | taint | -| dates.js:30:17:30:69 | decodeU ... ing(1)) | dates.js:30:9:30:69 | taint | -| dates.js:30:36:30:55 | window.location.hash | dates.js:30:36:30:68 | window. ... ring(1) | -| dates.js:30:36:30:55 | window.location.hash | dates.js:30:36:30:68 | window. ... ring(1) | -| dates.js:30:36:30:55 | window.location.hash | dates.js:30:36:30:68 | window. ... ring(1) | -| dates.js:30:36:30:55 | window.location.hash | dates.js:30:36:30:68 | window. ... ring(1) | -| dates.js:30:36:30:68 | window. ... ring(1) | dates.js:30:17:30:69 | decodeU ... ing(1)) | -| dates.js:30:36:30:68 | window. ... ring(1) | dates.js:30:17:30:69 | decodeU ... ing(1)) | -| dates.js:37:42:37:82 | dateFns ... taint) | dates.js:37:31:37:84 | `Time i ... aint)}` | -| dates.js:37:42:37:82 | dateFns ... taint) | dates.js:37:31:37:84 | `Time i ... aint)}` | -| dates.js:37:42:37:82 | dateFns ... taint) | dates.js:37:31:37:84 | `Time i ... aint)}` | -| dates.js:37:42:37:82 | dateFns ... taint) | dates.js:37:31:37:84 | `Time i ... aint)}` | -| dates.js:37:77:37:81 | taint | dates.js:37:42:37:82 | dateFns ... taint) | -| dates.js:37:77:37:81 | taint | dates.js:37:42:37:82 | dateFns ... taint) | -| dates.js:38:42:38:82 | luxon.f ... taint) | dates.js:38:31:38:84 | `Time i ... aint)}` | -| dates.js:38:42:38:82 | luxon.f ... taint) | dates.js:38:31:38:84 | `Time i ... aint)}` | -| dates.js:38:42:38:82 | luxon.f ... taint) | dates.js:38:31:38:84 | `Time i ... aint)}` | -| dates.js:38:42:38:82 | luxon.f ... taint) | dates.js:38:31:38:84 | `Time i ... aint)}` | -| dates.js:38:77:38:81 | taint | dates.js:38:42:38:82 | luxon.f ... taint) | -| dates.js:38:77:38:81 | taint | dates.js:38:42:38:82 | luxon.f ... taint) | -| dates.js:39:42:39:84 | moment. ... taint) | dates.js:39:31:39:86 | `Time i ... aint)}` | -| dates.js:39:42:39:84 | moment. ... taint) | dates.js:39:31:39:86 | `Time i ... aint)}` | -| dates.js:39:42:39:84 | moment. ... taint) | dates.js:39:31:39:86 | `Time i ... aint)}` | -| dates.js:39:42:39:84 | moment. ... taint) | dates.js:39:31:39:86 | `Time i ... aint)}` | -| dates.js:39:79:39:83 | taint | dates.js:39:42:39:84 | moment. ... taint) | -| dates.js:39:79:39:83 | taint | dates.js:39:42:39:84 | moment. ... taint) | -| dates.js:40:42:40:82 | dayjs.f ... taint) | dates.js:40:31:40:84 | `Time i ... aint)}` | -| dates.js:40:42:40:82 | dayjs.f ... taint) | dates.js:40:31:40:84 | `Time i ... aint)}` | -| dates.js:40:42:40:82 | dayjs.f ... taint) | dates.js:40:31:40:84 | `Time i ... aint)}` | -| dates.js:40:42:40:82 | dayjs.f ... taint) | dates.js:40:31:40:84 | `Time i ... aint)}` | -| dates.js:40:77:40:81 | taint | dates.js:40:42:40:82 | dayjs.f ... taint) | -| dates.js:40:77:40:81 | taint | dates.js:40:42:40:82 | dayjs.f ... taint) | -| dates.js:46:9:46:69 | taint | dates.js:48:83:48:87 | taint | -| dates.js:46:9:46:69 | taint | dates.js:48:83:48:87 | taint | -| dates.js:46:9:46:69 | taint | dates.js:49:82:49:86 | taint | -| dates.js:46:9:46:69 | taint | dates.js:49:82:49:86 | taint | -| dates.js:46:9:46:69 | taint | dates.js:50:97:50:101 | taint | -| dates.js:46:9:46:69 | taint | dates.js:50:97:50:101 | taint | -| dates.js:46:17:46:69 | decodeU ... ing(1)) | dates.js:46:9:46:69 | taint | -| dates.js:46:17:46:69 | decodeU ... ing(1)) | dates.js:46:9:46:69 | taint | -| dates.js:46:36:46:55 | window.location.hash | dates.js:46:36:46:68 | window. ... ring(1) | -| dates.js:46:36:46:55 | window.location.hash | dates.js:46:36:46:68 | window. ... ring(1) | -| dates.js:46:36:46:55 | window.location.hash | dates.js:46:36:46:68 | window. ... ring(1) | -| dates.js:46:36:46:55 | window.location.hash | dates.js:46:36:46:68 | window. ... ring(1) | -| dates.js:46:36:46:68 | window. ... ring(1) | dates.js:46:17:46:69 | decodeU ... ing(1)) | -| dates.js:46:36:46:68 | window. ... ring(1) | dates.js:46:17:46:69 | decodeU ... ing(1)) | -| dates.js:48:42:48:88 | DateTim ... (taint) | dates.js:48:31:48:90 | `Time i ... aint)}` | -| dates.js:48:42:48:88 | DateTim ... (taint) | dates.js:48:31:48:90 | `Time i ... aint)}` | -| dates.js:48:42:48:88 | DateTim ... (taint) | dates.js:48:31:48:90 | `Time i ... aint)}` | -| dates.js:48:42:48:88 | DateTim ... (taint) | dates.js:48:31:48:90 | `Time i ... aint)}` | -| dates.js:48:83:48:87 | taint | dates.js:48:42:48:88 | DateTim ... (taint) | -| dates.js:48:83:48:87 | taint | dates.js:48:42:48:88 | DateTim ... (taint) | -| dates.js:49:42:49:87 | new Dat ... (taint) | dates.js:49:31:49:89 | `Time i ... aint)}` | -| dates.js:49:42:49:87 | new Dat ... (taint) | dates.js:49:31:49:89 | `Time i ... aint)}` | -| dates.js:49:42:49:87 | new Dat ... (taint) | dates.js:49:31:49:89 | `Time i ... aint)}` | -| dates.js:49:42:49:87 | new Dat ... (taint) | dates.js:49:31:49:89 | `Time i ... aint)}` | -| dates.js:49:82:49:86 | taint | dates.js:49:42:49:87 | new Dat ... (taint) | -| dates.js:49:82:49:86 | taint | dates.js:49:42:49:87 | new Dat ... (taint) | -| dates.js:50:42:50:102 | DateTim ... (taint) | dates.js:50:31:50:104 | `Time i ... aint)}` | -| dates.js:50:42:50:102 | DateTim ... (taint) | dates.js:50:31:50:104 | `Time i ... aint)}` | -| dates.js:50:42:50:102 | DateTim ... (taint) | dates.js:50:31:50:104 | `Time i ... aint)}` | -| dates.js:50:42:50:102 | DateTim ... (taint) | dates.js:50:31:50:104 | `Time i ... aint)}` | -| dates.js:50:97:50:101 | taint | dates.js:50:42:50:102 | DateTim ... (taint) | -| dates.js:50:97:50:101 | taint | dates.js:50:42:50:102 | DateTim ... (taint) | -| dates.js:54:9:54:69 | taint | dates.js:57:94:57:98 | taint | -| dates.js:54:9:54:69 | taint | dates.js:57:94:57:98 | taint | -| dates.js:54:9:54:69 | taint | dates.js:59:80:59:84 | taint | -| dates.js:54:9:54:69 | taint | dates.js:59:80:59:84 | taint | -| dates.js:54:9:54:69 | taint | dates.js:61:81:61:85 | taint | -| dates.js:54:9:54:69 | taint | dates.js:61:81:61:85 | taint | -| dates.js:54:17:54:69 | decodeU ... ing(1)) | dates.js:54:9:54:69 | taint | -| dates.js:54:17:54:69 | decodeU ... ing(1)) | dates.js:54:9:54:69 | taint | -| dates.js:54:36:54:55 | window.location.hash | dates.js:54:36:54:68 | window. ... ring(1) | -| dates.js:54:36:54:55 | window.location.hash | dates.js:54:36:54:68 | window. ... ring(1) | -| dates.js:54:36:54:55 | window.location.hash | dates.js:54:36:54:68 | window. ... ring(1) | -| dates.js:54:36:54:55 | window.location.hash | dates.js:54:36:54:68 | window. ... ring(1) | -| dates.js:54:36:54:68 | window. ... ring(1) | dates.js:54:17:54:69 | decodeU ... ing(1)) | -| dates.js:54:36:54:68 | window. ... ring(1) | dates.js:54:17:54:69 | decodeU ... ing(1)) | -| dates.js:57:42:57:99 | moment. ... (taint) | dates.js:57:31:57:101 | `Time i ... aint)}` | -| dates.js:57:42:57:99 | moment. ... (taint) | dates.js:57:31:57:101 | `Time i ... aint)}` | -| dates.js:57:42:57:99 | moment. ... (taint) | dates.js:57:31:57:101 | `Time i ... aint)}` | -| dates.js:57:42:57:99 | moment. ... (taint) | dates.js:57:31:57:101 | `Time i ... aint)}` | -| dates.js:57:94:57:98 | taint | dates.js:57:42:57:99 | moment. ... (taint) | -| dates.js:57:94:57:98 | taint | dates.js:57:42:57:99 | moment. ... (taint) | -| dates.js:59:42:59:85 | luxon.e ... (taint) | dates.js:59:31:59:87 | `Time i ... aint)}` | -| dates.js:59:42:59:85 | luxon.e ... (taint) | dates.js:59:31:59:87 | `Time i ... aint)}` | -| dates.js:59:42:59:85 | luxon.e ... (taint) | dates.js:59:31:59:87 | `Time i ... aint)}` | -| dates.js:59:42:59:85 | luxon.e ... (taint) | dates.js:59:31:59:87 | `Time i ... aint)}` | -| dates.js:59:80:59:84 | taint | dates.js:59:42:59:85 | luxon.e ... (taint) | -| dates.js:59:80:59:84 | taint | dates.js:59:42:59:85 | luxon.e ... (taint) | -| dates.js:61:42:61:86 | dayjs.s ... (taint) | dates.js:61:31:61:88 | `Time i ... aint)}` | -| dates.js:61:42:61:86 | dayjs.s ... (taint) | dates.js:61:31:61:88 | `Time i ... aint)}` | -| dates.js:61:42:61:86 | dayjs.s ... (taint) | dates.js:61:31:61:88 | `Time i ... aint)}` | -| dates.js:61:42:61:86 | dayjs.s ... (taint) | dates.js:61:31:61:88 | `Time i ... aint)}` | -| dates.js:61:81:61:85 | taint | dates.js:61:42:61:86 | dayjs.s ... (taint) | -| dates.js:61:81:61:85 | taint | dates.js:61:42:61:86 | dayjs.s ... (taint) | -| dragAndDrop.ts:8:11:8:50 | html | dragAndDrop.ts:15:25:15:28 | html | -| dragAndDrop.ts:8:11:8:50 | html | dragAndDrop.ts:15:25:15:28 | html | -| dragAndDrop.ts:8:11:8:50 | html | dragAndDrop.ts:15:25:15:28 | html | -| dragAndDrop.ts:8:11:8:50 | html | dragAndDrop.ts:15:25:15:28 | html | -| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | dragAndDrop.ts:8:11:8:50 | html | -| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | dragAndDrop.ts:8:11:8:50 | html | -| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | dragAndDrop.ts:8:11:8:50 | html | -| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | dragAndDrop.ts:8:11:8:50 | html | -| dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | -| dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | -| dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | dragAndDrop.ts:33:19:33:67 | e.origi ... /html') | -| dragAndDrop.ts:43:15:43:54 | html | dragAndDrop.ts:50:29:50:32 | html | -| dragAndDrop.ts:43:15:43:54 | html | dragAndDrop.ts:50:29:50:32 | html | -| dragAndDrop.ts:43:15:43:54 | html | dragAndDrop.ts:50:29:50:32 | html | -| dragAndDrop.ts:43:15:43:54 | html | dragAndDrop.ts:50:29:50:32 | html | -| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | dragAndDrop.ts:43:15:43:54 | html | -| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | dragAndDrop.ts:43:15:43:54 | html | -| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | dragAndDrop.ts:43:15:43:54 | html | -| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | dragAndDrop.ts:43:15:43:54 | html | -| dragAndDrop.ts:71:13:71:61 | droppedHtml | dragAndDrop.ts:73:29:73:39 | droppedHtml | -| dragAndDrop.ts:71:13:71:61 | droppedHtml | dragAndDrop.ts:73:29:73:39 | droppedHtml | -| dragAndDrop.ts:71:13:71:61 | droppedHtml | dragAndDrop.ts:73:29:73:39 | droppedHtml | -| dragAndDrop.ts:71:13:71:61 | droppedHtml | dragAndDrop.ts:73:29:73:39 | droppedHtml | -| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | dragAndDrop.ts:71:13:71:61 | droppedHtml | -| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | dragAndDrop.ts:71:13:71:61 | droppedHtml | -| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | dragAndDrop.ts:71:13:71:61 | droppedHtml | -| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | dragAndDrop.ts:71:13:71:61 | droppedHtml | -| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

' | -| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

' | -| express.js:7:15:7:33 | req.param("wobble") | express.js:7:15:7:33 | req.param("wobble") | -| jquery.js:2:7:2:40 | tainted | jquery.js:7:20:7:26 | tainted | -| jquery.js:2:7:2:40 | tainted | jquery.js:8:28:8:34 | tainted | -| jquery.js:2:7:2:40 | tainted | jquery.js:36:25:36:31 | tainted | -| jquery.js:2:7:2:40 | tainted | jquery.js:36:25:36:31 | tainted | -| jquery.js:2:7:2:40 | tainted | jquery.js:37:31:37:37 | tainted | -| jquery.js:2:17:2:40 | documen ... .search | jquery.js:2:7:2:40 | tainted | -| jquery.js:2:17:2:40 | documen ... .search | jquery.js:2:7:2:40 | tainted | -| jquery.js:7:20:7:26 | tainted | jquery.js:7:5:7:34 | "
" | -| jquery.js:7:20:7:26 | tainted | jquery.js:7:5:7:34 | "
" | -| jquery.js:8:28:8:34 | tainted | jquery.js:8:18:8:34 | "XSS: " + tainted | -| jquery.js:8:28:8:34 | tainted | jquery.js:8:18:8:34 | "XSS: " + tainted | -| jquery.js:10:13:10:20 | location | jquery.js:10:13:10:31 | location.toString() | -| jquery.js:10:13:10:20 | location | jquery.js:10:13:10:31 | location.toString() | -| jquery.js:10:13:10:31 | location.toString() | jquery.js:10:5:10:40 | "" + ... "" | -| jquery.js:10:13:10:31 | location.toString() | jquery.js:10:5:10:40 | "" + ... "" | -| jquery.js:14:38:14:57 | window.location.hash | jquery.js:14:19:14:58 | decodeU ... n.hash) | -| jquery.js:14:38:14:57 | window.location.hash | jquery.js:14:19:14:58 | decodeU ... n.hash) | -| jquery.js:14:38:14:57 | window.location.hash | jquery.js:14:19:14:58 | decodeU ... n.hash) | -| jquery.js:14:38:14:57 | window.location.hash | jquery.js:14:19:14:58 | decodeU ... n.hash) | -| jquery.js:15:38:15:59 | window. ... .search | jquery.js:15:19:15:60 | decodeU ... search) | -| jquery.js:15:38:15:59 | window. ... .search | jquery.js:15:19:15:60 | decodeU ... search) | -| jquery.js:15:38:15:59 | window. ... .search | jquery.js:15:19:15:60 | decodeU ... search) | -| jquery.js:15:38:15:59 | window. ... .search | jquery.js:15:19:15:60 | decodeU ... search) | -| jquery.js:16:38:16:52 | window.location | jquery.js:16:38:16:63 | window. ... tring() | -| jquery.js:16:38:16:52 | window.location | jquery.js:16:38:16:63 | window. ... tring() | -| jquery.js:16:38:16:63 | window. ... tring() | jquery.js:16:19:16:64 | decodeU ... ring()) | -| jquery.js:16:38:16:63 | window. ... tring() | jquery.js:16:19:16:64 | decodeU ... ring()) | -| jquery.js:18:7:18:33 | hash | jquery.js:21:5:21:8 | hash | -| jquery.js:18:7:18:33 | hash | jquery.js:22:5:22:8 | hash | -| jquery.js:18:7:18:33 | hash | jquery.js:23:5:23:8 | hash | -| jquery.js:18:7:18:33 | hash | jquery.js:24:5:24:8 | hash | -| jquery.js:18:7:18:33 | hash | jquery.js:27:5:27:8 | hash | -| jquery.js:18:7:18:33 | hash | jquery.js:34:13:34:16 | hash | -| jquery.js:18:14:18:33 | window.location.hash | jquery.js:18:7:18:33 | hash | -| jquery.js:18:14:18:33 | window.location.hash | jquery.js:18:7:18:33 | hash | -| jquery.js:21:5:21:8 | hash | jquery.js:21:5:21:21 | hash.substring(1) | -| jquery.js:21:5:21:8 | hash | jquery.js:21:5:21:21 | hash.substring(1) | -| jquery.js:21:5:21:8 | hash | jquery.js:21:5:21:21 | hash.substring(1) | -| jquery.js:22:5:22:8 | hash | jquery.js:22:5:22:25 | hash.su ... (1, 10) | -| jquery.js:22:5:22:8 | hash | jquery.js:22:5:22:25 | hash.su ... (1, 10) | -| jquery.js:22:5:22:8 | hash | jquery.js:22:5:22:25 | hash.su ... (1, 10) | -| jquery.js:23:5:23:8 | hash | jquery.js:23:5:23:18 | hash.substr(1) | -| jquery.js:23:5:23:8 | hash | jquery.js:23:5:23:18 | hash.substr(1) | -| jquery.js:23:5:23:8 | hash | jquery.js:23:5:23:18 | hash.substr(1) | -| jquery.js:24:5:24:8 | hash | jquery.js:24:5:24:17 | hash.slice(1) | -| jquery.js:24:5:24:8 | hash | jquery.js:24:5:24:17 | hash.slice(1) | -| jquery.js:24:5:24:8 | hash | jquery.js:24:5:24:17 | hash.slice(1) | -| jquery.js:27:5:27:8 | hash | jquery.js:27:5:27:25 | hash.re ... #', '') | -| jquery.js:27:5:27:8 | hash | jquery.js:27:5:27:25 | hash.re ... #', '') | -| jquery.js:27:5:27:8 | hash | jquery.js:27:5:27:25 | hash.re ... #', '') | -| jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') | -| jquery.js:34:13:34:16 | hash | jquery.js:34:5:34:25 | '' + ... '' | -| jquery.js:34:13:34:16 | hash | jquery.js:34:5:34:25 | '' + ... '' | -| jquery.js:37:31:37:37 | tainted | jquery.js:37:25:37:37 | () => tainted | -| jquery.js:37:31:37:37 | tainted | jquery.js:37:25:37:37 | () => tainted | -| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:11:51:11:56 | locale | -| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:19:56:19:61 | locale | -| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:31:55:31:60 | locale | -| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:31:55:31:60 | locale | -| json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:5:9:5:36 | locale | -| json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:5:9:5:36 | locale | -| json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:5:9:5:36 | locale | -| json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:5:9:5:36 | locale | -| json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | -| json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | -| json-stringify.jsx:11:51:11:56 | locale | json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | -| json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | -| json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | -| json-stringify.jsx:19:56:19:61 | locale | json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | -| json-stringify.jsx:31:55:31:60 | locale | json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | -| json-stringify.jsx:31:55:31:60 | locale | json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | -| json-stringify.jsx:31:55:31:60 | locale | json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | -| json-stringify.jsx:31:55:31:60 | locale | json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | -| jwt-server.js:7:9:7:35 | taint | jwt-server.js:9:16:9:20 | taint | -| jwt-server.js:7:9:7:35 | taint | jwt-server.js:9:16:9:20 | taint | -| jwt-server.js:7:17:7:35 | req.param("wobble") | jwt-server.js:7:9:7:35 | taint | -| jwt-server.js:7:17:7:35 | req.param("wobble") | jwt-server.js:7:9:7:35 | taint | -| jwt-server.js:7:17:7:35 | req.param("wobble") | jwt-server.js:7:9:7:35 | taint | -| jwt-server.js:7:17:7:35 | req.param("wobble") | jwt-server.js:7:9:7:35 | taint | -| jwt-server.js:9:16:9:20 | taint | jwt-server.js:9:55:9:61 | decoded | -| jwt-server.js:9:16:9:20 | taint | jwt-server.js:9:55:9:61 | decoded | -| jwt-server.js:9:55:9:61 | decoded | jwt-server.js:11:19:11:25 | decoded | -| jwt-server.js:9:55:9:61 | decoded | jwt-server.js:11:19:11:25 | decoded | -| jwt-server.js:11:19:11:25 | decoded | jwt-server.js:11:19:11:29 | decoded.foo | -| jwt-server.js:11:19:11:25 | decoded | jwt-server.js:11:19:11:29 | decoded.foo | -| jwt-server.js:11:19:11:25 | decoded | jwt-server.js:11:19:11:29 | decoded.foo | -| jwt-server.js:11:19:11:25 | decoded | jwt-server.js:11:19:11:29 | decoded.foo | -| jwt.js:4:36:4:39 | data | jwt.js:5:30:5:33 | data | -| jwt.js:4:36:4:39 | data | jwt.js:5:30:5:33 | data | -| jwt.js:4:36:4:39 | data | jwt.js:5:30:5:33 | data | -| jwt.js:4:36:4:39 | data | jwt.js:5:30:5:33 | data | -| jwt.js:5:9:5:34 | decoded | jwt.js:6:14:6:20 | decoded | -| jwt.js:5:9:5:34 | decoded | jwt.js:6:14:6:20 | decoded | -| jwt.js:5:9:5:34 | decoded | jwt.js:6:14:6:20 | decoded | -| jwt.js:5:9:5:34 | decoded | jwt.js:6:14:6:20 | decoded | -| jwt.js:5:19:5:34 | jwt_decode(data) | jwt.js:5:9:5:34 | decoded | -| jwt.js:5:19:5:34 | jwt_decode(data) | jwt.js:5:9:5:34 | decoded | -| jwt.js:5:30:5:33 | data | jwt.js:5:19:5:34 | jwt_decode(data) | -| jwt.js:5:30:5:33 | data | jwt.js:5:19:5:34 | jwt_decode(data) | -| nodemailer.js:13:50:13:66 | req.query.message | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | -| nodemailer.js:13:50:13:66 | req.query.message | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | -| nodemailer.js:13:50:13:66 | req.query.message | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | -| nodemailer.js:13:50:13:66 | req.query.message | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | -| optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:6:18:6:23 | target | -| optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:6:18:6:23 | target | -| optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:8:17:8:22 | target | -| optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:15:9:15:14 | target | -| optionalSanitizer.js:2:16:2:39 | documen ... .search | optionalSanitizer.js:2:7:2:39 | target | -| optionalSanitizer.js:2:16:2:39 | documen ... .search | optionalSanitizer.js:2:7:2:39 | target | -| optionalSanitizer.js:8:7:8:22 | tainted | optionalSanitizer.js:9:18:9:24 | tainted | -| optionalSanitizer.js:8:7:8:22 | tainted | optionalSanitizer.js:9:18:9:24 | tainted | -| optionalSanitizer.js:8:17:8:22 | target | optionalSanitizer.js:8:7:8:22 | tainted | -| optionalSanitizer.js:15:9:15:14 | target | optionalSanitizer.js:16:18:16:18 | x | -| optionalSanitizer.js:16:18:16:18 | x | optionalSanitizer.js:17:20:17:20 | x | -| optionalSanitizer.js:16:18:16:18 | x | optionalSanitizer.js:17:20:17:20 | x | -| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:31:18:31:23 | target | -| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:38:18:38:23 | target | -| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:45:41:45:46 | target | -| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:45:51:45:56 | target | -| optionalSanitizer.js:26:16:26:39 | documen ... .search | optionalSanitizer.js:26:7:26:39 | target | -| optionalSanitizer.js:26:16:26:39 | documen ... .search | optionalSanitizer.js:26:7:26:39 | target | -| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:32:18:32:25 | tainted2 | -| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:32:18:32:25 | tainted2 | -| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:34:28:34:35 | tainted2 | -| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:36:18:36:25 | tainted2 | -| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:36:18:36:25 | tainted2 | -| optionalSanitizer.js:31:18:31:23 | target | optionalSanitizer.js:31:7:31:23 | tainted2 | -| optionalSanitizer.js:34:5:34:36 | tainted2 | optionalSanitizer.js:36:18:36:25 | tainted2 | -| optionalSanitizer.js:34:5:34:36 | tainted2 | optionalSanitizer.js:36:18:36:25 | tainted2 | -| optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) | optionalSanitizer.js:34:5:34:36 | tainted2 | -| optionalSanitizer.js:34:28:34:35 | tainted2 | optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) | -| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:39:18:39:25 | tainted3 | -| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:39:18:39:25 | tainted3 | -| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:41:28:41:35 | tainted3 | -| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:43:18:43:25 | tainted3 | -| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:43:18:43:25 | tainted3 | -| optionalSanitizer.js:38:18:38:23 | target | optionalSanitizer.js:38:7:38:23 | tainted3 | -| optionalSanitizer.js:41:5:41:36 | tainted3 | optionalSanitizer.js:43:18:43:25 | tainted3 | -| optionalSanitizer.js:41:5:41:36 | tainted3 | optionalSanitizer.js:43:18:43:25 | tainted3 | -| optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) | optionalSanitizer.js:41:5:41:36 | tainted3 | -| optionalSanitizer.js:41:28:41:35 | tainted3 | optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) | -| optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | optionalSanitizer.js:45:18:45:56 | sanitiz ... target | -| optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | optionalSanitizer.js:45:18:45:56 | sanitiz ... target | -| optionalSanitizer.js:45:41:45:46 | target | optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | -| optionalSanitizer.js:45:51:45:56 | target | optionalSanitizer.js:45:18:45:56 | sanitiz ... target | -| optionalSanitizer.js:45:51:45:56 | target | optionalSanitizer.js:45:18:45:56 | sanitiz ... target | -| pages/[id].jsx:5:9:5:14 | { id } | pages/[id].jsx:5:11:5:12 | id | -| pages/[id].jsx:5:9:5:14 | { id } | pages/[id].jsx:5:11:5:12 | id | -| pages/[id].jsx:5:9:5:29 | id | pages/[id].jsx:10:44:10:45 | id | -| pages/[id].jsx:5:9:5:29 | id | pages/[id].jsx:10:44:10:45 | id | -| pages/[id].jsx:5:9:5:29 | id | pages/[id].jsx:10:44:10:45 | id | -| pages/[id].jsx:5:9:5:29 | id | pages/[id].jsx:10:44:10:45 | id | -| pages/[id].jsx:5:11:5:12 | id | pages/[id].jsx:5:9:5:29 | id | -| pages/[id].jsx:5:11:5:12 | id | pages/[id].jsx:5:9:5:29 | id | -| pages/[id].jsx:5:18:5:29 | router.query | pages/[id].jsx:5:9:5:14 | { id } | -| pages/[id].jsx:5:18:5:29 | router.query | pages/[id].jsx:5:9:5:14 | { id } | -| pages/[id].jsx:5:18:5:29 | router.query | pages/[id].jsx:5:9:5:14 | { id } | -| pages/[id].jsx:5:18:5:29 | router.query | pages/[id].jsx:5:9:5:14 | { id } | -| pages/[id].jsx:25:11:25:24 | context.params | pages/[id].jsx:25:11:25:27 | context.params.id | -| pages/[id].jsx:25:11:25:24 | context.params | pages/[id].jsx:25:11:25:27 | context.params.id | -| pages/[id].jsx:25:11:25:24 | context.params | pages/[id].jsx:25:11:25:27 | context.params.id | -| pages/[id].jsx:25:11:25:24 | context.params | pages/[id].jsx:25:11:25:27 | context.params.id | -| pages/[id].jsx:25:11:25:27 | context.params.id | pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | -| pages/[id].jsx:25:11:25:27 | context.params.id | pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | -| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | pages/[id].jsx:13:44:13:52 | params.id | -| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | pages/[id].jsx:13:44:13:52 | params.id | -| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | pages/[id].jsx:13:44:13:52 | params.id | -| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | pages/[id].jsx:13:44:13:52 | params.id | -| pages/[id].jsx:26:10:26:22 | context.query | pages/[id].jsx:26:10:26:30 | context ... .foobar | -| pages/[id].jsx:26:10:26:22 | context.query | pages/[id].jsx:26:10:26:30 | context ... .foobar | -| pages/[id].jsx:26:10:26:22 | context.query | pages/[id].jsx:26:10:26:30 | context ... .foobar | -| pages/[id].jsx:26:10:26:22 | context.query | pages/[id].jsx:26:10:26:30 | context ... .foobar | -| pages/[id].jsx:26:10:26:30 | context ... .foobar | pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | -| pages/[id].jsx:26:10:26:30 | context ... .foobar | pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | -| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | pages/[id].jsx:16:44:16:51 | params.q | -| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | pages/[id].jsx:16:44:16:51 | params.q | -| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | pages/[id].jsx:16:44:16:51 | params.q | -| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | pages/[id].jsx:16:44:16:51 | params.q | -| react-native.js:7:7:7:33 | tainted | react-native.js:8:18:8:24 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:8:18:8:24 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:8:18:8:24 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:8:18:8:24 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:9:27:9:33 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:9:27:9:33 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:9:27:9:33 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:9:27:9:33 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | -| react-use-context.js:10:22:10:32 | window.name | react-use-context.js:10:22:10:32 | window.name | -| react-use-context.js:16:26:16:36 | window.name | react-use-context.js:16:26:16:36 | window.name | -| react-use-router.js:4:9:4:28 | router | react-use-router.js:8:21:8:26 | router | -| react-use-router.js:4:9:4:28 | router | react-use-router.js:11:24:11:29 | router | -| react-use-router.js:4:18:4:28 | useRouter() | react-use-router.js:4:9:4:28 | router | -| react-use-router.js:8:21:8:26 | router | react-use-router.js:8:21:8:32 | router.query | -| react-use-router.js:8:21:8:32 | router.query | react-use-router.js:8:21:8:39 | router.query.foobar | -| react-use-router.js:8:21:8:32 | router.query | react-use-router.js:8:21:8:39 | router.query.foobar | -| react-use-router.js:8:21:8:32 | router.query | react-use-router.js:8:21:8:39 | router.query.foobar | -| react-use-router.js:8:21:8:32 | router.query | react-use-router.js:8:21:8:39 | router.query.foobar | -| react-use-router.js:8:21:8:39 | router.query.foobar | react-use-router.js:4:18:4:28 | useRouter() | -| react-use-router.js:11:24:11:29 | router | react-use-router.js:11:24:11:35 | router.query | -| react-use-router.js:11:24:11:35 | router.query | react-use-router.js:11:24:11:42 | router.query.foobar | -| react-use-router.js:11:24:11:35 | router.query | react-use-router.js:11:24:11:42 | router.query.foobar | -| react-use-router.js:11:24:11:35 | router.query | react-use-router.js:11:24:11:42 | router.query.foobar | -| react-use-router.js:11:24:11:35 | router.query | react-use-router.js:11:24:11:42 | router.query.foobar | -| react-use-router.js:22:15:22:24 | router | react-use-router.js:23:43:23:48 | router | -| react-use-router.js:22:17:22:22 | router | react-use-router.js:22:15:22:24 | router | -| react-use-router.js:23:43:23:48 | router | react-use-router.js:23:43:23:54 | router.query | -| react-use-router.js:23:43:23:54 | router.query | react-use-router.js:23:43:23:61 | router.query.foobar | -| react-use-router.js:23:43:23:54 | router.query | react-use-router.js:23:43:23:61 | router.query.foobar | -| react-use-router.js:23:43:23:54 | router.query | react-use-router.js:23:43:23:61 | router.query.foobar | -| react-use-router.js:23:43:23:54 | router.query | react-use-router.js:23:43:23:61 | router.query.foobar | -| react-use-router.js:23:43:23:61 | router.query.foobar | react-use-router.js:22:17:22:22 | router | -| react-use-router.js:29:9:29:30 | router | react-use-router.js:33:21:33:26 | router | -| react-use-router.js:29:18:29:30 | myUseRouter() | react-use-router.js:29:9:29:30 | router | -| react-use-router.js:33:21:33:26 | router | react-use-router.js:33:21:33:32 | router.query | -| react-use-router.js:33:21:33:32 | router.query | react-use-router.js:33:21:33:39 | router.query.foobar | -| react-use-router.js:33:21:33:32 | router.query | react-use-router.js:33:21:33:39 | router.query.foobar | -| react-use-router.js:33:21:33:32 | router.query | react-use-router.js:33:21:33:39 | router.query.foobar | -| react-use-router.js:33:21:33:32 | router.query | react-use-router.js:33:21:33:39 | router.query.foobar | -| react-use-router.js:33:21:33:39 | router.query.foobar | react-use-router.js:29:18:29:30 | myUseRouter() | -| react-use-state.js:4:9:4:49 | state | react-use-state.js:5:51:5:55 | state | -| react-use-state.js:4:9:4:49 | state | react-use-state.js:5:51:5:55 | state | -| react-use-state.js:4:9:4:49 | state | react-use-state.js:5:51:5:55 | state | -| react-use-state.js:4:9:4:49 | state | react-use-state.js:5:51:5:55 | state | -| react-use-state.js:4:10:4:14 | state | react-use-state.js:4:9:4:49 | state | -| react-use-state.js:4:10:4:14 | state | react-use-state.js:4:9:4:49 | state | -| react-use-state.js:4:38:4:48 | window.name | react-use-state.js:4:10:4:14 | state | -| react-use-state.js:4:38:4:48 | window.name | react-use-state.js:4:10:4:14 | state | -| react-use-state.js:4:38:4:48 | window.name | react-use-state.js:4:10:4:14 | state | -| react-use-state.js:4:38:4:48 | window.name | react-use-state.js:4:10:4:14 | state | -| react-use-state.js:9:9:9:43 | state | react-use-state.js:11:51:11:55 | state | -| react-use-state.js:9:9:9:43 | state | react-use-state.js:11:51:11:55 | state | -| react-use-state.js:9:9:9:43 | state | react-use-state.js:11:51:11:55 | state | -| react-use-state.js:9:9:9:43 | state | react-use-state.js:11:51:11:55 | state | -| react-use-state.js:9:10:9:14 | state | react-use-state.js:9:9:9:43 | state | -| react-use-state.js:9:10:9:14 | state | react-use-state.js:9:9:9:43 | state | -| react-use-state.js:10:14:10:24 | window.name | react-use-state.js:9:10:9:14 | state | -| react-use-state.js:10:14:10:24 | window.name | react-use-state.js:9:10:9:14 | state | -| react-use-state.js:10:14:10:24 | window.name | react-use-state.js:9:10:9:14 | state | -| react-use-state.js:10:14:10:24 | window.name | react-use-state.js:9:10:9:14 | state | -| react-use-state.js:15:9:15:43 | state | react-use-state.js:17:51:17:55 | state | -| react-use-state.js:15:9:15:43 | state | react-use-state.js:17:51:17:55 | state | -| react-use-state.js:15:9:15:43 | state | react-use-state.js:17:51:17:55 | state | -| react-use-state.js:15:9:15:43 | state | react-use-state.js:17:51:17:55 | state | -| react-use-state.js:15:10:15:14 | state | react-use-state.js:15:9:15:43 | state | -| react-use-state.js:15:10:15:14 | state | react-use-state.js:15:9:15:43 | state | -| react-use-state.js:16:20:16:30 | window.name | react-use-state.js:15:10:15:14 | state | -| react-use-state.js:16:20:16:30 | window.name | react-use-state.js:15:10:15:14 | state | -| react-use-state.js:16:20:16:30 | window.name | react-use-state.js:15:10:15:14 | state | -| react-use-state.js:16:20:16:30 | window.name | react-use-state.js:15:10:15:14 | state | -| react-use-state.js:21:10:21:14 | state | react-use-state.js:22:14:22:17 | prev | -| react-use-state.js:21:10:21:14 | state | react-use-state.js:22:14:22:17 | prev | -| react-use-state.js:22:14:22:17 | prev | react-use-state.js:23:35:23:38 | prev | -| react-use-state.js:22:14:22:17 | prev | react-use-state.js:23:35:23:38 | prev | -| react-use-state.js:22:14:22:17 | prev | react-use-state.js:23:35:23:38 | prev | -| react-use-state.js:22:14:22:17 | prev | react-use-state.js:23:35:23:38 | prev | -| react-use-state.js:25:20:25:30 | window.name | react-use-state.js:21:10:21:14 | state | -| react-use-state.js:25:20:25:30 | window.name | react-use-state.js:21:10:21:14 | state | -| react-use-state.js:25:20:25:30 | window.name | react-use-state.js:21:10:21:14 | state | -| react-use-state.js:25:20:25:30 | window.name | react-use-state.js:21:10:21:14 | state | -| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:23:29:23:35 | tainted | -| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:30:29:30:35 | tainted | -| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:33:29:33:35 | tainted | -| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:38:29:38:35 | tainted | -| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:45:29:45:35 | tainted | -| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:48:19:48:25 | tainted | -| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:48:19:48:25 | tainted | -| sanitiser.js:16:17:16:27 | window.name | sanitiser.js:16:7:16:27 | tainted | -| sanitiser.js:16:17:16:27 | window.name | sanitiser.js:16:7:16:27 | tainted | -| sanitiser.js:16:17:16:27 | window.name | sanitiser.js:16:7:16:27 | tainted | -| sanitiser.js:16:17:16:27 | window.name | sanitiser.js:16:7:16:27 | tainted | -| sanitiser.js:23:29:23:35 | tainted | sanitiser.js:23:21:23:44 | '' + ... '' | -| sanitiser.js:23:29:23:35 | tainted | sanitiser.js:23:21:23:44 | '' + ... '' | -| sanitiser.js:30:29:30:35 | tainted | sanitiser.js:30:21:30:44 | '' + ... '' | -| sanitiser.js:30:29:30:35 | tainted | sanitiser.js:30:21:30:44 | '' + ... '' | -| sanitiser.js:33:29:33:35 | tainted | sanitiser.js:33:21:33:44 | '' + ... '' | -| sanitiser.js:33:29:33:35 | tainted | sanitiser.js:33:21:33:44 | '' + ... '' | -| sanitiser.js:38:29:38:35 | tainted | sanitiser.js:38:21:38:44 | '' + ... '' | -| sanitiser.js:38:29:38:35 | tainted | sanitiser.js:38:21:38:44 | '' + ... '' | -| sanitiser.js:45:29:45:35 | tainted | sanitiser.js:45:21:45:44 | '' + ... '' | -| sanitiser.js:45:29:45:35 | tainted | sanitiser.js:45:21:45:44 | '' + ... '' | -| sanitiser.js:48:19:48:25 | tainted | sanitiser.js:48:19:48:46 | tainted ... /g, '') | -| sanitiser.js:48:19:48:25 | tainted | sanitiser.js:48:19:48:46 | tainted ... /g, '') | -| sanitiser.js:48:19:48:25 | tainted | sanitiser.js:48:19:48:46 | tainted ... /g, '') | -| sanitiser.js:48:19:48:25 | tainted | sanitiser.js:48:19:48:46 | tainted ... /g, '') | -| stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') | -| stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') | -| stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') | -| stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') | -| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') | -| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') | -| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') | -| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') | -| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:10:16:10:44 | localSt ... local') | -| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:10:16:10:44 | localSt ... local') | -| stored-xss.js:10:9:10:44 | href | stored-xss.js:12:35:12:38 | href | -| stored-xss.js:10:16:10:44 | localSt ... local') | stored-xss.js:10:9:10:44 | href | -| stored-xss.js:12:35:12:38 | href | stored-xss.js:12:20:12:54 | "" | -| stored-xss.js:12:35:12:38 | href | stored-xss.js:12:20:12:54 | "" | -| stored-xss.js:12:35:12:38 | href | stored-xss.js:12:20:12:54 | "" | -| string-manipulations.js:3:16:3:32 | document.location | string-manipulations.js:3:16:3:32 | document.location | -| string-manipulations.js:4:16:4:37 | documen ... on.href | string-manipulations.js:4:16:4:37 | documen ... on.href | -| string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() | -| string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() | -| string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() | -| string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() | -| string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() | -| string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() | -| string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() | -| string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() | -| string-manipulations.js:7:16:7:37 | documen ... on.href | string-manipulations.js:7:16:7:51 | documen ... rCase() | -| string-manipulations.js:7:16:7:37 | documen ... on.href | string-manipulations.js:7:16:7:51 | documen ... rCase() | -| string-manipulations.js:7:16:7:37 | documen ... on.href | string-manipulations.js:7:16:7:51 | documen ... rCase() | -| string-manipulations.js:7:16:7:37 | documen ... on.href | string-manipulations.js:7:16:7:51 | documen ... rCase() | -| string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() | -| string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() | -| string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() | -| string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() | -| string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) | -| string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) | -| string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) | -| string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) | -| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | -| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | -| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | -| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | -| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:10:25:10:30 | source | -| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:10:25:10:30 | source | -| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:10:25:10:30 | source | -| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:10:25:10:30 | source | -| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:11:25:11:30 | source | -| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:11:25:11:30 | source | -| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:11:25:11:30 | source | -| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:11:25:11:30 | source | -| tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:6:11:6:30 | source | -| tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:6:11:6:30 | source | -| tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:6:11:6:30 | source | -| tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:6:11:6:30 | source | -| tooltip.jsx:22:11:22:30 | source | tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:22:11:22:30 | source | tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:22:11:22:30 | source | tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:22:11:22:30 | source | tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:22:11:22:30 | source | tooltip.jsx:23:38:23:43 | source | -| tooltip.jsx:22:11:22:30 | source | tooltip.jsx:23:38:23:43 | source | -| tooltip.jsx:22:20:22:30 | window.name | tooltip.jsx:22:11:22:30 | source | -| tooltip.jsx:22:20:22:30 | window.name | tooltip.jsx:22:11:22:30 | source | -| tooltip.jsx:22:20:22:30 | window.name | tooltip.jsx:22:11:22:30 | source | -| tooltip.jsx:22:20:22:30 | window.name | tooltip.jsx:22:11:22:30 | source | -| tooltip.jsx:23:38:23:43 | source | tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:23:38:23:43 | source | tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:23:38:23:43 | source | tooltip.jsx:18:51:18:59 | provide() | -| tooltip.jsx:23:38:23:43 | source | tooltip.jsx:18:51:18:59 | provide() | -| translate.js:6:7:6:39 | target | translate.js:7:42:7:47 | target | -| translate.js:6:16:6:39 | documen ... .search | translate.js:6:7:6:39 | target | -| translate.js:6:16:6:39 | documen ... .search | translate.js:6:7:6:39 | target | -| translate.js:7:7:7:61 | searchParams | translate.js:9:27:9:38 | searchParams | -| translate.js:7:22:7:61 | new URL ... ing(1)) | translate.js:7:7:7:61 | searchParams | -| translate.js:7:42:7:47 | target | translate.js:7:42:7:60 | target.substring(1) | -| translate.js:7:42:7:47 | target | translate.js:7:42:7:60 | target.substring(1) | -| translate.js:7:42:7:47 | target | translate.js:7:42:7:60 | target.substring(1) | -| translate.js:7:42:7:60 | target.substring(1) | translate.js:7:22:7:61 | new URL ... ing(1)) | -| translate.js:7:42:7:60 | target.substring(1) | translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:7:42:7:60 | target.substring(1) | translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:7:42:7:60 | target.substring(1) | translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:7:42:7:60 | target.substring(1) | translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:7:42:7:60 | target.substring(1) | translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:7:42:7:60 | target.substring(1) | translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:9:27:9:38 | searchParams | translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:9:27:9:38 | searchParams | translate.js:9:27:9:50 | searchP ... 'term') | -| translate.js:9:27:9:38 | searchParams | translate.js:9:27:9:50 | searchP ... 'term') | -| trusted-types-lib.js:1:28:1:28 | x | trusted-types-lib.js:2:12:2:12 | x | -| trusted-types-lib.js:1:28:1:28 | x | trusted-types-lib.js:2:12:2:12 | x | -| trusted-types-lib.js:1:28:1:28 | x | trusted-types-lib.js:2:12:2:12 | x | -| trusted-types-lib.js:1:28:1:28 | x | trusted-types-lib.js:2:12:2:12 | x | -| trusted-types.js:3:62:3:62 | x | trusted-types.js:3:67:3:67 | x | -| trusted-types.js:3:62:3:62 | x | trusted-types.js:3:67:3:67 | x | -| trusted-types.js:3:62:3:62 | x | trusted-types.js:3:67:3:67 | x | -| trusted-types.js:3:62:3:62 | x | trusted-types.js:3:67:3:67 | x | -| trusted-types.js:4:20:4:30 | window.name | trusted-types.js:3:62:3:62 | x | -| trusted-types.js:4:20:4:30 | window.name | trusted-types.js:3:62:3:62 | x | -| trusted-types.js:4:20:4:30 | window.name | trusted-types.js:3:62:3:62 | x | -| trusted-types.js:4:20:4:30 | window.name | trusted-types.js:3:62:3:62 | x | -| trusted-types.js:13:20:13:30 | window.name | trusted-types-lib.js:1:28:1:28 | x | -| trusted-types.js:13:20:13:30 | window.name | trusted-types-lib.js:1:28:1:28 | x | -| trusted-types.js:13:20:13:30 | window.name | trusted-types-lib.js:1:28:1:28 | x | -| trusted-types.js:13:20:13:30 | window.name | trusted-types-lib.js:1:28:1:28 | x | -| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:4:25:4:28 | data | -| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:5:26:5:29 | data | -| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:7:32:7:35 | data | -| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:9:37:9:40 | data | -| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:10:38:10:41 | data | -| tst3.js:2:23:2:74 | decodeU ... str(1)) | tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | -| tst3.js:2:42:2:63 | window. ... .search | tst3.js:2:42:2:73 | window. ... bstr(1) | -| tst3.js:2:42:2:63 | window. ... .search | tst3.js:2:42:2:73 | window. ... bstr(1) | -| tst3.js:2:42:2:73 | window. ... bstr(1) | tst3.js:2:23:2:74 | decodeU ... str(1)) | -| tst3.js:4:25:4:28 | data | tst3.js:4:25:4:32 | data.src | -| tst3.js:4:25:4:28 | data | tst3.js:4:25:4:32 | data.src | -| tst3.js:5:26:5:29 | data | tst3.js:5:26:5:31 | data.p | -| tst3.js:5:26:5:29 | data | tst3.js:5:26:5:31 | data.p | -| tst3.js:7:32:7:35 | data | tst3.js:7:32:7:37 | data.p | -| tst3.js:7:32:7:35 | data | tst3.js:7:32:7:37 | data.p | -| tst3.js:9:37:9:40 | data | tst3.js:9:37:9:42 | data.p | -| tst3.js:9:37:9:40 | data | tst3.js:9:37:9:42 | data.p | -| tst3.js:10:38:10:41 | data | tst3.js:10:38:10:43 | data.p | -| tst3.js:10:38:10:41 | data | tst3.js:10:38:10:43 | data.p | -| tst.js:2:7:2:39 | target | tst.js:5:18:5:23 | target | -| tst.js:2:7:2:39 | target | tst.js:5:18:5:23 | target | -| tst.js:2:7:2:39 | target | tst.js:12:28:12:33 | target | -| tst.js:2:7:2:39 | target | tst.js:20:42:20:47 | target | -| tst.js:2:16:2:39 | documen ... .search | tst.js:2:7:2:39 | target | -| tst.js:2:16:2:39 | documen ... .search | tst.js:2:7:2:39 | target | -| tst.js:8:37:8:58 | documen ... on.href | tst.js:8:37:8:114 | documen ... t=")+8) | -| tst.js:8:37:8:58 | documen ... on.href | tst.js:8:37:8:114 | documen ... t=")+8) | -| tst.js:8:37:8:58 | documen ... on.href | tst.js:8:37:8:114 | documen ... t=")+8) | -| tst.js:8:37:8:58 | documen ... on.href | tst.js:8:37:8:114 | documen ... t=")+8) | -| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | -| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | -| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | -| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | -| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | -| tst.js:12:28:12:33 | target | tst.js:12:5:12:42 | '
' | -| tst.js:12:28:12:33 | target | tst.js:12:5:12:42 | '
' | -| tst.js:17:7:17:56 | params | tst.js:18:18:18:23 | params | -| tst.js:17:16:17:56 | (new UR ... hParams | tst.js:17:7:17:56 | params | -| tst.js:17:25:17:41 | document.location | tst.js:17:16:17:56 | (new UR ... hParams | -| tst.js:17:25:17:41 | document.location | tst.js:17:16:17:56 | (new UR ... hParams | -| tst.js:17:25:17:41 | document.location | tst.js:18:18:18:35 | params.get('name') | -| tst.js:17:25:17:41 | document.location | tst.js:18:18:18:35 | params.get('name') | -| tst.js:17:25:17:41 | document.location | tst.js:18:18:18:35 | params.get('name') | -| tst.js:17:25:17:41 | document.location | tst.js:18:18:18:35 | params.get('name') | -| tst.js:18:18:18:23 | params | tst.js:18:18:18:35 | params.get('name') | -| tst.js:18:18:18:23 | params | tst.js:18:18:18:35 | params.get('name') | -| tst.js:18:18:18:23 | params | tst.js:18:18:18:35 | params.get('name') | -| tst.js:20:7:20:61 | searchParams | tst.js:21:18:21:29 | searchParams | -| tst.js:20:22:20:61 | new URL ... ing(1)) | tst.js:20:7:20:61 | searchParams | -| tst.js:20:42:20:47 | target | tst.js:20:42:20:60 | target.substring(1) | -| tst.js:20:42:20:47 | target | tst.js:20:42:20:60 | target.substring(1) | -| tst.js:20:42:20:47 | target | tst.js:20:42:20:60 | target.substring(1) | -| tst.js:20:42:20:60 | target.substring(1) | tst.js:20:22:20:61 | new URL ... ing(1)) | -| tst.js:20:42:20:60 | target.substring(1) | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:20:42:20:60 | target.substring(1) | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:20:42:20:60 | target.substring(1) | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:20:42:20:60 | target.substring(1) | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:20:42:20:60 | target.substring(1) | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:20:42:20:60 | target.substring(1) | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:21:18:21:29 | searchParams | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:21:18:21:29 | searchParams | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:21:18:21:29 | searchParams | tst.js:21:18:21:41 | searchP ... 'name') | -| tst.js:24:14:24:19 | target | tst.js:26:18:26:23 | target | -| tst.js:24:14:24:19 | target | tst.js:26:18:26:23 | target | -| tst.js:28:5:28:28 | documen ... .search | tst.js:24:14:24:19 | target | -| tst.js:28:5:28:28 | documen ... .search | tst.js:24:14:24:19 | target | -| tst.js:31:10:31:33 | documen ... .search | tst.js:34:16:34:20 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:34:16:34:20 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:34:16:34:20 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:34:16:34:20 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:58:26:58:30 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:58:26:58:30 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:68:16:68:20 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:68:16:68:20 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:68:16:68:20 | bar() | -| tst.js:31:10:31:33 | documen ... .search | tst.js:68:16:68:20 | bar() | -| tst.js:40:20:40:43 | documen ... .search | tst.js:40:16:40:44 | baz(doc ... search) | -| tst.js:40:20:40:43 | documen ... .search | tst.js:40:16:40:44 | baz(doc ... search) | -| tst.js:40:20:40:43 | documen ... .search | tst.js:40:16:40:44 | baz(doc ... search) | -| tst.js:40:20:40:43 | documen ... .search | tst.js:40:16:40:44 | baz(doc ... search) | -| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | -| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | -| tst.js:58:26:58:30 | bar() | tst.js:58:21:58:31 | chop(bar()) | -| tst.js:58:26:58:30 | bar() | tst.js:58:21:58:31 | chop(bar()) | -| tst.js:60:34:60:34 | s | tst.js:62:18:62:18 | s | -| tst.js:60:34:60:34 | s | tst.js:62:18:62:18 | s | -| tst.js:64:25:64:48 | documen ... .search | tst.js:60:34:60:34 | s | -| tst.js:64:25:64:48 | documen ... .search | tst.js:60:34:60:34 | s | -| tst.js:65:25:65:48 | documen ... .search | tst.js:60:34:60:34 | s | -| tst.js:65:25:65:48 | documen ... .search | tst.js:60:34:60:34 | s | -| tst.js:70:1:70:27 | [,docum ... search] | tst.js:70:46:70:46 | x | -| tst.js:70:3:70:26 | documen ... .search | tst.js:70:1:70:27 | [,docum ... search] | -| tst.js:70:3:70:26 | documen ... .search | tst.js:70:1:70:27 | [,docum ... search] | -| tst.js:70:3:70:26 | documen ... .search | tst.js:70:46:70:46 | x | -| tst.js:70:3:70:26 | documen ... .search | tst.js:70:46:70:46 | x | -| tst.js:70:46:70:46 | x | tst.js:73:20:73:20 | x | -| tst.js:70:46:70:46 | x | tst.js:73:20:73:20 | x | -| tst.js:77:49:77:72 | documen ... .search | tst.js:77:49:77:72 | documen ... .search | -| tst.js:81:26:81:49 | documen ... .search | tst.js:81:26:81:49 | documen ... .search | -| tst.js:82:25:82:48 | documen ... .search | tst.js:82:25:82:48 | documen ... .search | -| tst.js:84:33:84:56 | documen ... .search | tst.js:84:33:84:56 | documen ... .search | -| tst.js:85:32:85:55 | documen ... .search | tst.js:85:32:85:55 | documen ... .search | -| tst.js:90:39:90:62 | documen ... .search | tst.js:90:39:90:62 | documen ... .search | -| tst.js:96:30:96:53 | documen ... .search | tst.js:96:30:96:53 | documen ... .search | -| tst.js:102:25:102:48 | documen ... .search | tst.js:102:25:102:48 | documen ... .search | -| tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v | -| tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v | -| tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v | -| tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v | -| tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v | -| tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v | -| tst.js:107:7:107:44 | v | tst.js:136:18:136:18 | v | -| tst.js:107:7:107:44 | v | tst.js:136:18:136:18 | v | -| tst.js:107:7:107:44 | v | tst.js:136:18:136:18 | v | -| tst.js:107:7:107:44 | v | tst.js:136:18:136:18 | v | -| tst.js:107:7:107:44 | v | tst.js:136:18:136:18 | v | -| tst.js:107:7:107:44 | v | tst.js:136:18:136:18 | v | -| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | -| tst.js:107:11:107:44 | documen ... bstr(1) | tst.js:107:7:107:44 | v | -| tst.js:107:11:107:44 | documen ... bstr(1) | tst.js:107:7:107:44 | v | -| tst.js:107:11:107:44 | documen ... bstr(1) | tst.js:107:7:107:44 | v | -| tst.js:148:29:148:50 | window. ... .search | tst.js:151:29:151:29 | v | -| tst.js:148:29:148:50 | window. ... .search | tst.js:151:29:151:29 | v | -| tst.js:151:29:151:29 | v | tst.js:151:49:151:49 | v | -| tst.js:151:29:151:29 | v | tst.js:151:49:151:49 | v | -| tst.js:158:40:158:61 | window. ... .search | tst.js:155:29:155:46 | xssSourceService() | -| tst.js:158:40:158:61 | window. ... .search | tst.js:155:29:155:46 | xssSourceService() | -| tst.js:158:40:158:61 | window. ... .search | tst.js:155:29:155:46 | xssSourceService() | -| tst.js:158:40:158:61 | window. ... .search | tst.js:155:29:155:46 | xssSourceService() | -| tst.js:177:9:177:41 | target | tst.js:180:28:180:33 | target | -| tst.js:177:9:177:41 | target | tst.js:180:28:180:33 | target | -| tst.js:177:18:177:41 | documen ... .search | tst.js:177:9:177:41 | target | -| tst.js:177:18:177:41 | documen ... .search | tst.js:177:9:177:41 | target | -| tst.js:184:9:184:42 | tainted | tst.js:186:31:186:37 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:186:31:186:37 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:188:42:188:48 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:188:42:188:48 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:189:33:189:39 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:189:33:189:39 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:191:54:191:60 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:191:54:191:60 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:192:45:192:51 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:192:45:192:51 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:193:49:193:55 | tainted | -| tst.js:184:9:184:42 | tainted | tst.js:193:49:193:55 | tainted | -| tst.js:184:19:184:42 | documen ... .search | tst.js:184:9:184:42 | tainted | -| tst.js:184:19:184:42 | documen ... .search | tst.js:184:9:184:42 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:199:67:199:73 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:199:67:199:73 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:200:67:200:73 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:200:67:200:73 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:204:35:204:41 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:206:46:206:52 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:207:38:207:44 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:208:35:208:41 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:236:35:236:41 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:238:20:238:26 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:240:23:240:29 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:241:23:241:29 | tainted | -| tst.js:197:9:197:42 | tainted | tst.js:255:23:255:29 | tainted | -| tst.js:197:19:197:42 | documen ... .search | tst.js:197:9:197:42 | tainted | -| tst.js:197:19:197:42 | documen ... .search | tst.js:197:9:197:42 | tainted | -| tst.js:204:35:204:41 | tainted | tst.js:212:28:212:46 | this.state.tainted1 | -| tst.js:204:35:204:41 | tainted | tst.js:212:28:212:46 | this.state.tainted1 | -| tst.js:206:46:206:52 | tainted | tst.js:213:28:213:46 | this.state.tainted2 | -| tst.js:206:46:206:52 | tainted | tst.js:213:28:213:46 | this.state.tainted2 | -| tst.js:207:38:207:44 | tainted | tst.js:214:28:214:46 | this.state.tainted3 | -| tst.js:207:38:207:44 | tainted | tst.js:214:28:214:46 | this.state.tainted3 | -| tst.js:208:35:208:41 | tainted | tst.js:218:32:218:49 | prevState.tainted4 | -| tst.js:208:35:208:41 | tainted | tst.js:218:32:218:49 | prevState.tainted4 | -| tst.js:236:35:236:41 | tainted | tst.js:225:28:225:46 | this.props.tainted1 | -| tst.js:236:35:236:41 | tainted | tst.js:225:28:225:46 | this.props.tainted1 | -| tst.js:238:20:238:26 | tainted | tst.js:226:28:226:46 | this.props.tainted2 | -| tst.js:238:20:238:26 | tainted | tst.js:226:28:226:46 | this.props.tainted2 | -| tst.js:240:23:240:29 | tainted | tst.js:227:28:227:46 | this.props.tainted3 | -| tst.js:240:23:240:29 | tainted | tst.js:227:28:227:46 | this.props.tainted3 | -| tst.js:241:23:241:29 | tainted | tst.js:231:32:231:49 | prevProps.tainted4 | -| tst.js:241:23:241:29 | tainted | tst.js:231:32:231:49 | prevProps.tainted4 | -| tst.js:247:39:247:55 | props.propTainted | tst.js:251:60:251:82 | this.st ... Tainted | -| tst.js:247:39:247:55 | props.propTainted | tst.js:251:60:251:82 | this.st ... Tainted | -| tst.js:255:23:255:29 | tainted | tst.js:247:39:247:55 | props.propTainted | -| tst.js:259:7:259:17 | window.name | tst.js:259:7:259:17 | window.name | -| tst.js:260:7:260:10 | name | tst.js:260:7:260:10 | name | -| tst.js:264:11:264:21 | window.name | tst.js:264:11:264:21 | window.name | -| tst.js:280:22:280:29 | location | tst.js:280:22:280:29 | location | -| tst.js:285:9:285:29 | tainted | tst.js:288:59:288:65 | tainted | -| tst.js:285:9:285:29 | tainted | tst.js:288:59:288:65 | tainted | -| tst.js:285:9:285:29 | tainted | tst.js:288:59:288:65 | tainted | -| tst.js:285:9:285:29 | tainted | tst.js:288:59:288:65 | tainted | -| tst.js:285:19:285:29 | window.name | tst.js:285:9:285:29 | tainted | -| tst.js:285:19:285:29 | window.name | tst.js:285:9:285:29 | tainted | -| tst.js:285:19:285:29 | window.name | tst.js:285:9:285:29 | tainted | -| tst.js:285:19:285:29 | window.name | tst.js:285:9:285:29 | tainted | -| tst.js:301:9:301:16 | location | tst.js:302:10:302:10 | e | -| tst.js:301:9:301:16 | location | tst.js:302:10:302:10 | e | -| tst.js:302:10:302:10 | e | tst.js:303:20:303:20 | e | -| tst.js:302:10:302:10 | e | tst.js:303:20:303:20 | e | -| tst.js:308:10:308:17 | location | tst.js:310:10:310:10 | e | -| tst.js:308:10:308:17 | location | tst.js:310:10:310:10 | e | -| tst.js:310:10:310:10 | e | tst.js:311:20:311:20 | e | -| tst.js:310:10:310:10 | e | tst.js:311:20:311:20 | e | -| tst.js:316:35:316:42 | location | tst.js:316:35:316:42 | location | -| tst.js:327:18:327:34 | document.location | tst.js:331:16:331:43 | getTain ... hParams | -| tst.js:327:18:327:34 | document.location | tst.js:331:16:331:43 | getTain ... hParams | -| tst.js:327:18:327:34 | document.location | tst.js:332:18:332:35 | params.get('name') | -| tst.js:327:18:327:34 | document.location | tst.js:332:18:332:35 | params.get('name') | -| tst.js:327:18:327:34 | document.location | tst.js:332:18:332:35 | params.get('name') | -| tst.js:327:18:327:34 | document.location | tst.js:332:18:332:35 | params.get('name') | -| tst.js:331:7:331:43 | params | tst.js:332:18:332:23 | params | -| tst.js:331:16:331:43 | getTain ... hParams | tst.js:331:7:331:43 | params | -| tst.js:332:18:332:23 | params | tst.js:332:18:332:35 | params.get('name') | -| tst.js:332:18:332:23 | params | tst.js:332:18:332:35 | params.get('name') | -| tst.js:332:18:332:23 | params | tst.js:332:18:332:35 | params.get('name') | -| tst.js:341:20:341:36 | document.location | tst.js:343:5:343:17 | getUrl().hash | -| tst.js:341:20:341:36 | document.location | tst.js:343:5:343:17 | getUrl().hash | -| tst.js:343:5:343:17 | getUrl().hash | tst.js:343:5:343:30 | getUrl( ... ring(1) | -| tst.js:343:5:343:17 | getUrl().hash | tst.js:343:5:343:30 | getUrl( ... ring(1) | -| tst.js:343:5:343:17 | getUrl().hash | tst.js:343:5:343:30 | getUrl( ... ring(1) | -| tst.js:348:7:348:39 | target | tst.js:349:12:349:17 | target | -| tst.js:348:7:348:39 | target | tst.js:349:12:349:17 | target | -| tst.js:348:16:348:39 | documen ... .search | tst.js:348:7:348:39 | target | -| tst.js:348:16:348:39 | documen ... .search | tst.js:348:7:348:39 | target | -| tst.js:355:10:355:42 | target | tst.js:356:16:356:21 | target | -| tst.js:355:10:355:42 | target | tst.js:356:16:356:21 | target | -| tst.js:355:10:355:42 | target | tst.js:360:21:360:26 | target | -| tst.js:355:10:355:42 | target | tst.js:360:21:360:26 | target | -| tst.js:355:10:355:42 | target | tst.js:363:18:363:23 | target | -| tst.js:355:10:355:42 | target | tst.js:363:18:363:23 | target | -| tst.js:355:19:355:42 | documen ... .search | tst.js:355:10:355:42 | target | -| tst.js:355:19:355:42 | documen ... .search | tst.js:355:10:355:42 | target | -| tst.js:371:7:371:39 | target | tst.js:374:18:374:23 | target | -| tst.js:371:7:371:39 | target | tst.js:374:18:374:23 | target | -| tst.js:371:16:371:39 | documen ... .search | tst.js:371:7:371:39 | target | -| tst.js:371:16:371:39 | documen ... .search | tst.js:371:7:371:39 | target | -| tst.js:381:7:381:39 | target | tst.js:384:18:384:23 | target | -| tst.js:381:7:381:39 | target | tst.js:384:18:384:23 | target | -| tst.js:381:7:381:39 | target | tst.js:386:18:386:23 | target | -| tst.js:381:7:381:39 | target | tst.js:397:18:397:23 | target | -| tst.js:381:7:381:39 | target | tst.js:406:18:406:23 | target | -| tst.js:381:7:381:39 | target | tst.js:408:19:408:24 | target | -| tst.js:381:16:381:39 | documen ... .search | tst.js:381:7:381:39 | target | -| tst.js:381:16:381:39 | documen ... .search | tst.js:381:7:381:39 | target | -| tst.js:386:18:386:23 | target | tst.js:386:18:386:29 | target.taint | -| tst.js:386:18:386:23 | target | tst.js:386:18:386:29 | target.taint | -| tst.js:391:19:391:42 | documen ... .search | tst.js:392:18:392:30 | target.taint3 | -| tst.js:391:19:391:42 | documen ... .search | tst.js:392:18:392:30 | target.taint3 | -| tst.js:391:19:391:42 | documen ... .search | tst.js:392:18:392:30 | target.taint3 | -| tst.js:391:19:391:42 | documen ... .search | tst.js:392:18:392:30 | target.taint3 | -| tst.js:397:18:397:23 | target | tst.js:397:18:397:30 | target.taint5 | -| tst.js:397:18:397:23 | target | tst.js:397:18:397:30 | target.taint5 | -| tst.js:406:18:406:23 | target | tst.js:406:18:406:30 | target.taint7 | -| tst.js:406:18:406:23 | target | tst.js:406:18:406:30 | target.taint7 | -| tst.js:408:19:408:24 | target | tst.js:408:19:408:31 | target.taint8 | -| tst.js:408:19:408:31 | target.taint8 | tst.js:408:19:408:31 | target.taint8 | -| tst.js:408:19:408:31 | target.taint8 | tst.js:409:18:409:30 | target.taint8 | -| tst.js:408:19:408:31 | target.taint8 | tst.js:409:18:409:30 | target.taint8 | -| tst.js:416:7:416:46 | payload | tst.js:417:18:417:24 | payload | -| tst.js:416:7:416:46 | payload | tst.js:417:18:417:24 | payload | -| tst.js:416:7:416:46 | payload | tst.js:417:18:417:24 | payload | -| tst.js:416:7:416:46 | payload | tst.js:417:18:417:24 | payload | -| tst.js:416:7:416:46 | payload | tst.js:417:18:417:24 | payload | -| tst.js:416:7:416:46 | payload | tst.js:417:18:417:24 | payload | -| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | -| tst.js:416:17:416:46 | window. ... bstr(1) | tst.js:416:7:416:46 | payload | -| tst.js:416:17:416:46 | window. ... bstr(1) | tst.js:416:7:416:46 | payload | -| tst.js:416:17:416:46 | window. ... bstr(1) | tst.js:416:7:416:46 | payload | -| tst.js:419:7:419:55 | match | tst.js:421:20:421:24 | match | -| tst.js:419:15:419:34 | window.location.hash | tst.js:419:15:419:55 | window. ... (\\w+)/) | -| tst.js:419:15:419:34 | window.location.hash | tst.js:419:15:419:55 | window. ... (\\w+)/) | -| tst.js:419:15:419:55 | window. ... (\\w+)/) | tst.js:419:7:419:55 | match | -| tst.js:421:20:421:24 | match | tst.js:421:20:421:27 | match[1] | -| tst.js:421:20:421:24 | match | tst.js:421:20:421:27 | match[1] | -| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | -| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | -| tst.js:428:7:428:39 | target | tst.js:430:18:430:23 | target | -| tst.js:428:16:428:39 | documen ... .search | tst.js:428:7:428:39 | target | -| tst.js:428:16:428:39 | documen ... .search | tst.js:428:7:428:39 | target | -| tst.js:430:18:430:23 | target | tst.js:430:18:430:89 | target. ... data>') | -| tst.js:430:18:430:23 | target | tst.js:430:18:430:89 | target. ... data>') | -| tst.js:436:6:436:38 | source | tst.js:440:28:440:33 | source | -| tst.js:436:6:436:38 | source | tst.js:440:28:440:33 | source | -| tst.js:436:6:436:38 | source | tst.js:441:33:441:38 | source | -| tst.js:436:6:436:38 | source | tst.js:441:33:441:38 | source | -| tst.js:436:6:436:38 | source | tst.js:442:34:442:39 | source | -| tst.js:436:6:436:38 | source | tst.js:442:34:442:39 | source | -| tst.js:436:6:436:38 | source | tst.js:443:41:443:46 | source | -| tst.js:436:6:436:38 | source | tst.js:443:41:443:46 | source | -| tst.js:436:6:436:38 | source | tst.js:444:44:444:49 | source | -| tst.js:436:6:436:38 | source | tst.js:444:44:444:49 | source | -| tst.js:436:6:436:38 | source | tst.js:445:32:445:37 | source | -| tst.js:436:6:436:38 | source | tst.js:445:32:445:37 | source | -| tst.js:436:15:436:38 | documen ... .search | tst.js:436:6:436:38 | source | -| tst.js:436:15:436:38 | documen ... .search | tst.js:436:6:436:38 | source | -| tst.js:453:7:453:39 | source | tst.js:455:18:455:23 | source | -| tst.js:453:7:453:39 | source | tst.js:455:18:455:23 | source | -| tst.js:453:7:453:39 | source | tst.js:456:36:456:41 | source | -| tst.js:453:16:453:39 | documen ... .search | tst.js:453:7:453:39 | source | -| tst.js:453:16:453:39 | documen ... .search | tst.js:453:7:453:39 | source | -| tst.js:456:36:456:41 | source | tst.js:456:18:456:42 | ansiToH ... source) | -| tst.js:456:36:456:41 | source | tst.js:456:18:456:42 | ansiToH ... source) | -| tst.js:460:6:460:38 | source | tst.js:463:21:463:26 | source | -| tst.js:460:6:460:38 | source | tst.js:463:21:463:26 | source | -| tst.js:460:6:460:38 | source | tst.js:465:19:465:24 | source | -| tst.js:460:6:460:38 | source | tst.js:465:19:465:24 | source | -| tst.js:460:6:460:38 | source | tst.js:467:20:467:25 | source | -| tst.js:460:6:460:38 | source | tst.js:467:20:467:25 | source | -| tst.js:460:15:460:38 | documen ... .search | tst.js:460:6:460:38 | source | -| tst.js:460:15:460:38 | documen ... .search | tst.js:460:6:460:38 | source | -| tst.js:471:7:471:46 | url | tst.js:473:19:473:21 | url | -| tst.js:471:7:471:46 | url | tst.js:473:19:473:21 | url | -| tst.js:471:7:471:46 | url | tst.js:474:26:474:28 | url | -| tst.js:471:7:471:46 | url | tst.js:474:26:474:28 | url | -| tst.js:471:7:471:46 | url | tst.js:475:25:475:27 | url | -| tst.js:471:7:471:46 | url | tst.js:475:25:475:27 | url | -| tst.js:471:7:471:46 | url | tst.js:476:20:476:22 | url | -| tst.js:471:7:471:46 | url | tst.js:476:20:476:22 | url | -| tst.js:471:7:471:46 | url | tst.js:486:22:486:24 | url | -| tst.js:471:7:471:46 | url | tst.js:486:22:486:24 | url | -| tst.js:471:13:471:36 | documen ... .search | tst.js:471:13:471:46 | documen ... bstr(1) | -| tst.js:471:13:471:36 | documen ... .search | tst.js:471:13:471:46 | documen ... bstr(1) | -| tst.js:471:13:471:46 | documen ... bstr(1) | tst.js:471:7:471:46 | url | -| tst.js:491:23:491:35 | location.hash | tst.js:491:23:491:45 | locatio ... bstr(1) | -| tst.js:491:23:491:35 | location.hash | tst.js:491:23:491:45 | locatio ... bstr(1) | -| tst.js:491:23:491:35 | location.hash | tst.js:491:23:491:45 | locatio ... bstr(1) | -| tst.js:491:23:491:35 | location.hash | tst.js:491:23:491:45 | locatio ... bstr(1) | -| tst.js:494:18:494:30 | location.hash | tst.js:494:18:494:40 | locatio ... bstr(1) | -| tst.js:494:18:494:30 | location.hash | tst.js:494:18:494:40 | locatio ... bstr(1) | -| tst.js:494:18:494:30 | location.hash | tst.js:494:18:494:40 | locatio ... bstr(1) | -| tst.js:494:18:494:30 | location.hash | tst.js:494:18:494:40 | locatio ... bstr(1) | -| tst.js:501:43:501:62 | window.location.hash | tst.js:501:33:501:63 | decodeU ... n.hash) | -| tst.js:501:43:501:62 | window.location.hash | tst.js:501:33:501:63 | decodeU ... n.hash) | -| tst.js:501:43:501:62 | window.location.hash | tst.js:501:33:501:63 | decodeU ... n.hash) | -| tst.js:501:43:501:62 | window.location.hash | tst.js:501:33:501:63 | decodeU ... n.hash) | -| typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc | -| typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc | -| typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc | -| typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc | -| typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc | -| typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc | -| typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc | -| typeahead.js:20:13:20:45 | target | typeahead.js:21:12:21:17 | target | -| typeahead.js:20:22:20:45 | documen ... .search | typeahead.js:20:13:20:45 | target | -| typeahead.js:20:22:20:45 | documen ... .search | typeahead.js:20:13:20:45 | target | -| typeahead.js:21:12:21:17 | target | typeahead.js:24:30:24:32 | val | -| typeahead.js:24:30:24:32 | val | typeahead.js:25:18:25:20 | val | -| typeahead.js:24:30:24:32 | val | typeahead.js:25:18:25:20 | val | -| v-html.vue:6:42:6:58 | document.location | v-html.vue:2:8:2:23 | v-html=tainted | -| v-html.vue:6:42:6:58 | document.location | v-html.vue:2:8:2:23 | v-html=tainted | -| v-html.vue:6:42:6:58 | document.location | v-html.vue:2:8:2:23 | v-html=tainted | -| v-html.vue:6:42:6:58 | document.location | v-html.vue:2:8:2:23 | v-html=tainted | -| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:4:14:4:20 | tainted | -| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:5:12:5:18 | tainted | -| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:6:19:6:25 | tainted | -| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:7:14:7:20 | tainted | -| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:9:19:9:25 | tainted | -| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:10:16:10:22 | tainted | -| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:11:24:11:30 | tainted | -| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:12:19:12:25 | tainted | -| various-concat-obfuscations.js:2:16:2:39 | documen ... .search | various-concat-obfuscations.js:2:6:2:39 | tainted | -| various-concat-obfuscations.js:2:16:2:39 | documen ... .search | various-concat-obfuscations.js:2:6:2:39 | tainted | -| various-concat-obfuscations.js:4:14:4:20 | tainted | various-concat-obfuscations.js:4:4:4:31 | "
" ...
" | -| various-concat-obfuscations.js:4:14:4:20 | tainted | various-concat-obfuscations.js:4:4:4:31 | "
" ...
" | -| various-concat-obfuscations.js:5:12:5:18 | tainted | various-concat-obfuscations.js:5:4:5:26 | `
$ ...
` | -| various-concat-obfuscations.js:5:12:5:18 | tainted | various-concat-obfuscations.js:5:4:5:26 | `
$ ...
` | -| various-concat-obfuscations.js:6:4:6:26 | "
" ... ainted) | various-concat-obfuscations.js:6:4:6:43 | "
" ... /div>") | -| various-concat-obfuscations.js:6:4:6:26 | "
" ... ainted) | various-concat-obfuscations.js:6:4:6:43 | "
" ... /div>") | -| various-concat-obfuscations.js:6:19:6:25 | tainted | various-concat-obfuscations.js:6:4:6:26 | "
" ... ainted) | -| various-concat-obfuscations.js:7:4:7:31 | ["
... /div>"] | various-concat-obfuscations.js:7:4:7:38 | ["
... .join() | -| various-concat-obfuscations.js:7:4:7:31 | ["
... /div>"] | various-concat-obfuscations.js:7:4:7:38 | ["
... .join() | -| various-concat-obfuscations.js:7:14:7:20 | tainted | various-concat-obfuscations.js:7:4:7:31 | ["
... /div>"] | -| various-concat-obfuscations.js:9:19:9:25 | tainted | various-concat-obfuscations.js:9:4:9:34 | "
" | -| various-concat-obfuscations.js:9:19:9:25 | tainted | various-concat-obfuscations.js:9:4:9:34 | "
" | -| various-concat-obfuscations.js:10:16:10:22 | tainted | various-concat-obfuscations.js:10:4:10:27 | `
` | -| various-concat-obfuscations.js:10:16:10:22 | tainted | various-concat-obfuscations.js:10:4:10:27 | `
` | -| various-concat-obfuscations.js:11:4:11:31 | "
") | -| various-concat-obfuscations.js:11:4:11:31 | "
") | -| various-concat-obfuscations.js:11:24:11:30 | tainted | various-concat-obfuscations.js:11:4:11:31 | "
"] | various-concat-obfuscations.js:12:4:12:41 | ["
"] | various-concat-obfuscations.js:12:4:12:41 | ["
"] | -| various-concat-obfuscations.js:20:17:20:40 | documen ... .search | various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | -| various-concat-obfuscations.js:20:17:20:40 | documen ... .search | various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | -| various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | -| various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | -| various-concat-obfuscations.js:21:17:21:40 | documen ... .search | various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | -| various-concat-obfuscations.js:21:17:21:40 | documen ... .search | various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | -| various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | -| various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | -| winjs.js:2:7:2:53 | tainted | winjs.js:3:43:3:49 | tainted | -| winjs.js:2:7:2:53 | tainted | winjs.js:3:43:3:49 | tainted | -| winjs.js:2:7:2:53 | tainted | winjs.js:3:43:3:49 | tainted | -| winjs.js:2:7:2:53 | tainted | winjs.js:3:43:3:49 | tainted | -| winjs.js:2:7:2:53 | tainted | winjs.js:3:43:3:49 | tainted | -| winjs.js:2:7:2:53 | tainted | winjs.js:3:43:3:49 | tainted | -| winjs.js:2:7:2:53 | tainted | winjs.js:4:43:4:49 | tainted | -| winjs.js:2:7:2:53 | tainted | winjs.js:4:43:4:49 | tainted | -| winjs.js:2:7:2:53 | tainted | winjs.js:4:43:4:49 | tainted | -| winjs.js:2:7:2:53 | tainted | winjs.js:4:43:4:49 | tainted | -| winjs.js:2:7:2:53 | tainted | winjs.js:4:43:4:49 | tainted | -| winjs.js:2:7:2:53 | tainted | winjs.js:4:43:4:49 | tainted | -| winjs.js:2:17:2:40 | documen ... .search | winjs.js:2:17:2:53 | documen ... ring(1) | -| winjs.js:2:17:2:40 | documen ... .search | winjs.js:2:17:2:53 | documen ... ring(1) | -| winjs.js:2:17:2:40 | documen ... .search | winjs.js:2:17:2:53 | documen ... ring(1) | -| winjs.js:2:17:2:40 | documen ... .search | winjs.js:2:17:2:53 | documen ... ring(1) | -| winjs.js:2:17:2:40 | documen ... .search | winjs.js:2:17:2:53 | documen ... ring(1) | -| winjs.js:2:17:2:40 | documen ... .search | winjs.js:2:17:2:53 | documen ... ring(1) | -| winjs.js:2:17:2:53 | documen ... ring(1) | winjs.js:2:7:2:53 | tainted | -| winjs.js:2:17:2:53 | documen ... ring(1) | winjs.js:2:7:2:53 | tainted | -| winjs.js:2:17:2:53 | documen ... ring(1) | winjs.js:2:7:2:53 | tainted | -| xmlRequest.js:8:13:8:47 | json | xmlRequest.js:9:28:9:31 | json | -| xmlRequest.js:8:13:8:47 | json | xmlRequest.js:9:28:9:31 | json | -| xmlRequest.js:8:20:8:47 | JSON.pa ... seText) | xmlRequest.js:8:13:8:47 | json | -| xmlRequest.js:8:20:8:47 | JSON.pa ... seText) | xmlRequest.js:8:13:8:47 | json | -| xmlRequest.js:8:31:8:46 | xhr.responseText | xmlRequest.js:8:20:8:47 | JSON.pa ... seText) | -| xmlRequest.js:8:31:8:46 | xhr.responseText | xmlRequest.js:8:20:8:47 | JSON.pa ... seText) | -| xmlRequest.js:8:31:8:46 | xhr.responseText | xmlRequest.js:8:20:8:47 | JSON.pa ... seText) | -| xmlRequest.js:8:31:8:46 | xhr.responseText | xmlRequest.js:8:20:8:47 | JSON.pa ... seText) | -| xmlRequest.js:9:28:9:31 | json | xmlRequest.js:9:28:9:39 | json.message | -| xmlRequest.js:9:28:9:31 | json | xmlRequest.js:9:28:9:39 | json.message | -| xmlRequest.js:9:28:9:31 | json | xmlRequest.js:9:28:9:39 | json.message | -| xmlRequest.js:9:28:9:31 | json | xmlRequest.js:9:28:9:39 | json.message | -| xmlRequest.js:20:11:20:48 | resp | xmlRequest.js:21:29:21:32 | resp | -| xmlRequest.js:20:11:20:48 | resp | xmlRequest.js:21:29:21:32 | resp | -| xmlRequest.js:20:18:20:48 | await g ... rl }}") | xmlRequest.js:20:11:20:48 | resp | -| xmlRequest.js:20:18:20:48 | await g ... rl }}") | xmlRequest.js:20:11:20:48 | resp | -| xmlRequest.js:20:24:20:48 | got.get ... rl }}") | xmlRequest.js:20:18:20:48 | await g ... rl }}") | -| xmlRequest.js:20:24:20:48 | got.get ... rl }}") | xmlRequest.js:20:18:20:48 | await g ... rl }}") | -| xmlRequest.js:20:24:20:48 | got.get ... rl }}") | xmlRequest.js:20:18:20:48 | await g ... rl }}") | -| xmlRequest.js:20:24:20:48 | got.get ... rl }}") | xmlRequest.js:20:18:20:48 | await g ... rl }}") | -| xmlRequest.js:21:11:21:38 | json | xmlRequest.js:22:24:22:27 | json | -| xmlRequest.js:21:11:21:38 | json | xmlRequest.js:22:24:22:27 | json | -| xmlRequest.js:21:18:21:38 | JSON.pa ... p.body) | xmlRequest.js:21:11:21:38 | json | -| xmlRequest.js:21:18:21:38 | JSON.pa ... p.body) | xmlRequest.js:21:11:21:38 | json | -| xmlRequest.js:21:29:21:32 | resp | xmlRequest.js:21:29:21:37 | resp.body | -| xmlRequest.js:21:29:21:32 | resp | xmlRequest.js:21:29:21:37 | resp.body | -| xmlRequest.js:21:29:21:37 | resp.body | xmlRequest.js:21:18:21:38 | JSON.pa ... p.body) | -| xmlRequest.js:21:29:21:37 | resp.body | xmlRequest.js:21:18:21:38 | JSON.pa ... p.body) | -| xmlRequest.js:22:24:22:27 | json | xmlRequest.js:22:24:22:35 | json.message | -| xmlRequest.js:22:24:22:27 | json | xmlRequest.js:22:24:22:35 | json.message | -| xmlRequest.js:22:24:22:27 | json | xmlRequest.js:22:24:22:35 | json.message | -| xmlRequest.js:22:24:22:27 | json | xmlRequest.js:22:24:22:35 | json.message | +| addEventListener.js:1:43:1:47 | event | addEventListener.js:2:20:2:24 | event | provenance | | +| addEventListener.js:2:20:2:24 | event | addEventListener.js:2:20:2:29 | event.data | provenance | | +| addEventListener.js:5:43:5:48 | data | addEventListener.js:6:20:6:23 | data | provenance | | +| addEventListener.js:5:43:5:48 | {data} | addEventListener.js:5:44:5:47 | data | provenance | | +| addEventListener.js:5:44:5:47 | data | addEventListener.js:5:43:5:48 | data | provenance | | +| addEventListener.js:10:21:10:25 | event | addEventListener.js:12:24:12:28 | event | provenance | | +| addEventListener.js:12:24:12:28 | event | addEventListener.js:12:24:12:33 | event.data | provenance | | +| angular2-client.ts:24:44:24:69 | this.ro ... .params | angular2-client.ts:24:44:24:73 | this.ro ... ams.foo | provenance | | +| angular2-client.ts:25:44:25:74 | this.ro ... yParams | angular2-client.ts:25:44:25:78 | this.ro ... ams.foo | provenance | | +| angular2-client.ts:34:44:34:80 | this.ro ... ameters | angular2-client.ts:34:44:34:82 | this.ro ... eters.x | provenance | | +| angular2-client.ts:36:44:36:89 | this.ro ... .params | angular2-client.ts:36:44:36:91 | this.ro ... arams.x | provenance | | +| classnames.js:7:47:7:69 | classNa ... w.name) | classnames.js:7:31:7:84 | `` | provenance | | +| classnames.js:7:58:7:68 | window.name | classnames.js:7:47:7:69 | classNa ... w.name) | provenance | | +| classnames.js:8:47:8:70 | classNa ... w.name) | classnames.js:8:31:8:85 | `` | provenance | | +| classnames.js:8:59:8:69 | window.name | classnames.js:8:47:8:70 | classNa ... w.name) | provenance | | +| classnames.js:9:47:9:70 | classNa ... w.name) | classnames.js:9:31:9:85 | `` | provenance | | +| classnames.js:9:59:9:69 | window.name | classnames.js:9:47:9:70 | classNa ... w.name) | provenance | | +| classnames.js:10:45:10:55 | window.name | classnames.js:11:47:11:64 | unsafeStyle('foo') | provenance | | +| classnames.js:11:47:11:64 | unsafeStyle('foo') | classnames.js:11:31:11:79 | `` | provenance | | +| classnames.js:13:47:13:68 | safeSty ... w.name) | classnames.js:13:31:13:83 | `` | provenance | | +| classnames.js:13:57:13:67 | window.name | classnames.js:13:47:13:68 | safeSty ... w.name) | provenance | | +| classnames.js:15:47:15:63 | clsx(window.name) | classnames.js:15:31:15:78 | `` | provenance | | +| classnames.js:15:52:15:62 | window.name | classnames.js:15:47:15:63 | clsx(window.name) | provenance | | +| classnames.js:17:48:17:64 | clsx(window.name) | classnames.js:17:32:17:79 | `` | provenance | | +| classnames.js:17:53:17:63 | window.name | classnames.js:17:48:17:64 | clsx(window.name) | provenance | | +| clipboard.ts:8:11:8:51 | html | clipboard.ts:15:25:15:28 | html | provenance | | +| clipboard.ts:8:18:8:51 | clipboa ... /html') | clipboard.ts:8:11:8:51 | html | provenance | | +| clipboard.ts:43:15:43:55 | html | clipboard.ts:50:29:50:32 | html | provenance | | +| clipboard.ts:43:22:43:55 | clipboa ... /html') | clipboard.ts:43:15:43:55 | html | provenance | | +| clipboard.ts:71:13:71:62 | droppedHtml | clipboard.ts:73:29:73:39 | droppedHtml | provenance | | +| clipboard.ts:71:27:71:62 | e.clipb ... /html') | clipboard.ts:71:13:71:62 | droppedHtml | provenance | | +| clipboard.ts:98:15:98:54 | html | clipboard.ts:99:23:99:26 | html | provenance | | +| clipboard.ts:98:22:98:54 | dataTra ... /html') | clipboard.ts:98:15:98:54 | html | provenance | | +| d3.js:4:12:4:22 | window.name | d3.js:11:15:11:24 | getTaint() | provenance | | +| d3.js:4:12:4:22 | window.name | d3.js:12:20:12:29 | getTaint() | provenance | | +| d3.js:4:12:4:22 | window.name | d3.js:14:20:14:29 | getTaint() | provenance | | +| d3.js:4:12:4:22 | window.name | d3.js:21:15:21:24 | getTaint() | provenance | | +| dates.js:9:9:9:69 | taint | dates.js:11:63:11:67 | taint | provenance | | +| dates.js:9:9:9:69 | taint | dates.js:12:66:12:70 | taint | provenance | | +| dates.js:9:9:9:69 | taint | dates.js:13:59:13:63 | taint | provenance | | +| dates.js:9:9:9:69 | taint | dates.js:16:62:16:66 | taint | provenance | | +| dates.js:9:9:9:69 | taint | dates.js:18:59:18:63 | taint | provenance | | +| dates.js:9:9:9:69 | taint | dates.js:21:61:21:65 | taint | provenance | | +| dates.js:9:17:9:69 | decodeU ... ing(1)) | dates.js:9:9:9:69 | taint | provenance | | +| dates.js:9:36:9:55 | window.location.hash | dates.js:9:36:9:68 | window. ... ring(1) | provenance | | +| dates.js:9:36:9:55 | window.location.hash | dates.js:9:36:9:68 | window. ... ring(1) | provenance | Config | +| dates.js:9:36:9:68 | window. ... ring(1) | dates.js:9:17:9:69 | decodeU ... ing(1)) | provenance | | +| dates.js:9:36:9:68 | window. ... ring(1) | dates.js:9:17:9:69 | decodeU ... ing(1)) | provenance | Config | +| dates.js:11:42:11:68 | dateFns ... taint) | dates.js:11:31:11:70 | `Time i ... aint)}` | provenance | | +| dates.js:11:42:11:68 | dateFns ... taint) | dates.js:11:31:11:70 | `Time i ... aint)}` | provenance | Config | +| dates.js:11:63:11:67 | taint | dates.js:11:42:11:68 | dateFns ... taint) | provenance | | +| dates.js:11:63:11:67 | taint | dates.js:11:42:11:68 | dateFns ... taint) | provenance | Config | +| dates.js:12:42:12:71 | dateFns ... taint) | dates.js:12:31:12:73 | `Time i ... aint)}` | provenance | | +| dates.js:12:42:12:71 | dateFns ... taint) | dates.js:12:31:12:73 | `Time i ... aint)}` | provenance | Config | +| dates.js:12:66:12:70 | taint | dates.js:12:42:12:71 | dateFns ... taint) | provenance | | +| dates.js:12:66:12:70 | taint | dates.js:12:42:12:71 | dateFns ... taint) | provenance | Config | +| dates.js:13:42:13:70 | dateFns ... )(time) | dates.js:13:31:13:72 | `Time i ... time)}` | provenance | | +| dates.js:13:42:13:70 | dateFns ... )(time) | dates.js:13:31:13:72 | `Time i ... time)}` | provenance | Config | +| dates.js:13:59:13:63 | taint | dates.js:13:42:13:70 | dateFns ... )(time) | provenance | | +| dates.js:13:59:13:63 | taint | dates.js:13:42:13:70 | dateFns ... )(time) | provenance | Config | +| dates.js:16:42:16:67 | moment( ... (taint) | dates.js:16:31:16:69 | `Time i ... aint)}` | provenance | | +| dates.js:16:42:16:67 | moment( ... (taint) | dates.js:16:31:16:69 | `Time i ... aint)}` | provenance | Config | +| dates.js:16:62:16:66 | taint | dates.js:16:42:16:67 | moment( ... (taint) | provenance | | +| dates.js:16:62:16:66 | taint | dates.js:16:42:16:67 | moment( ... (taint) | provenance | Config | +| dates.js:18:42:18:64 | datefor ... taint) | dates.js:18:31:18:66 | `Time i ... aint)}` | provenance | | +| dates.js:18:42:18:64 | datefor ... taint) | dates.js:18:31:18:66 | `Time i ... aint)}` | provenance | Config | +| dates.js:18:59:18:63 | taint | dates.js:18:42:18:64 | datefor ... taint) | provenance | | +| dates.js:18:59:18:63 | taint | dates.js:18:42:18:64 | datefor ... taint) | provenance | Config | +| dates.js:21:42:21:66 | dayjs(t ... (taint) | dates.js:21:31:21:68 | `Time i ... aint)}` | provenance | | +| dates.js:21:42:21:66 | dayjs(t ... (taint) | dates.js:21:31:21:68 | `Time i ... aint)}` | provenance | Config | +| dates.js:21:61:21:65 | taint | dates.js:21:42:21:66 | dayjs(t ... (taint) | provenance | | +| dates.js:21:61:21:65 | taint | dates.js:21:42:21:66 | dayjs(t ... (taint) | provenance | Config | +| dates.js:30:9:30:69 | taint | dates.js:37:77:37:81 | taint | provenance | | +| dates.js:30:9:30:69 | taint | dates.js:38:77:38:81 | taint | provenance | | +| dates.js:30:9:30:69 | taint | dates.js:39:79:39:83 | taint | provenance | | +| dates.js:30:9:30:69 | taint | dates.js:40:77:40:81 | taint | provenance | | +| dates.js:30:17:30:69 | decodeU ... ing(1)) | dates.js:30:9:30:69 | taint | provenance | | +| dates.js:30:36:30:55 | window.location.hash | dates.js:30:36:30:68 | window. ... ring(1) | provenance | | +| dates.js:30:36:30:55 | window.location.hash | dates.js:30:36:30:68 | window. ... ring(1) | provenance | Config | +| dates.js:30:36:30:68 | window. ... ring(1) | dates.js:30:17:30:69 | decodeU ... ing(1)) | provenance | | +| dates.js:30:36:30:68 | window. ... ring(1) | dates.js:30:17:30:69 | decodeU ... ing(1)) | provenance | Config | +| dates.js:37:42:37:82 | dateFns ... taint) | dates.js:37:31:37:84 | `Time i ... aint)}` | provenance | | +| dates.js:37:42:37:82 | dateFns ... taint) | dates.js:37:31:37:84 | `Time i ... aint)}` | provenance | Config | +| dates.js:37:77:37:81 | taint | dates.js:37:42:37:82 | dateFns ... taint) | provenance | | +| dates.js:37:77:37:81 | taint | dates.js:37:42:37:82 | dateFns ... taint) | provenance | Config | +| dates.js:38:42:38:82 | luxon.f ... taint) | dates.js:38:31:38:84 | `Time i ... aint)}` | provenance | | +| dates.js:38:42:38:82 | luxon.f ... taint) | dates.js:38:31:38:84 | `Time i ... aint)}` | provenance | Config | +| dates.js:38:77:38:81 | taint | dates.js:38:42:38:82 | luxon.f ... taint) | provenance | | +| dates.js:38:77:38:81 | taint | dates.js:38:42:38:82 | luxon.f ... taint) | provenance | Config | +| dates.js:39:42:39:84 | moment. ... taint) | dates.js:39:31:39:86 | `Time i ... aint)}` | provenance | | +| dates.js:39:42:39:84 | moment. ... taint) | dates.js:39:31:39:86 | `Time i ... aint)}` | provenance | Config | +| dates.js:39:79:39:83 | taint | dates.js:39:42:39:84 | moment. ... taint) | provenance | | +| dates.js:39:79:39:83 | taint | dates.js:39:42:39:84 | moment. ... taint) | provenance | Config | +| dates.js:40:42:40:82 | dayjs.f ... taint) | dates.js:40:31:40:84 | `Time i ... aint)}` | provenance | | +| dates.js:40:42:40:82 | dayjs.f ... taint) | dates.js:40:31:40:84 | `Time i ... aint)}` | provenance | Config | +| dates.js:40:77:40:81 | taint | dates.js:40:42:40:82 | dayjs.f ... taint) | provenance | | +| dates.js:40:77:40:81 | taint | dates.js:40:42:40:82 | dayjs.f ... taint) | provenance | Config | +| dates.js:46:9:46:69 | taint | dates.js:48:83:48:87 | taint | provenance | | +| dates.js:46:9:46:69 | taint | dates.js:49:82:49:86 | taint | provenance | | +| dates.js:46:9:46:69 | taint | dates.js:50:97:50:101 | taint | provenance | | +| dates.js:46:17:46:69 | decodeU ... ing(1)) | dates.js:46:9:46:69 | taint | provenance | | +| dates.js:46:36:46:55 | window.location.hash | dates.js:46:36:46:68 | window. ... ring(1) | provenance | | +| dates.js:46:36:46:55 | window.location.hash | dates.js:46:36:46:68 | window. ... ring(1) | provenance | Config | +| dates.js:46:36:46:68 | window. ... ring(1) | dates.js:46:17:46:69 | decodeU ... ing(1)) | provenance | | +| dates.js:46:36:46:68 | window. ... ring(1) | dates.js:46:17:46:69 | decodeU ... ing(1)) | provenance | Config | +| dates.js:48:42:48:88 | DateTim ... (taint) | dates.js:48:31:48:90 | `Time i ... aint)}` | provenance | | +| dates.js:48:42:48:88 | DateTim ... (taint) | dates.js:48:31:48:90 | `Time i ... aint)}` | provenance | Config | +| dates.js:48:83:48:87 | taint | dates.js:48:42:48:88 | DateTim ... (taint) | provenance | | +| dates.js:48:83:48:87 | taint | dates.js:48:42:48:88 | DateTim ... (taint) | provenance | Config | +| dates.js:49:42:49:87 | new Dat ... (taint) | dates.js:49:31:49:89 | `Time i ... aint)}` | provenance | | +| dates.js:49:42:49:87 | new Dat ... (taint) | dates.js:49:31:49:89 | `Time i ... aint)}` | provenance | Config | +| dates.js:49:82:49:86 | taint | dates.js:49:42:49:87 | new Dat ... (taint) | provenance | | +| dates.js:49:82:49:86 | taint | dates.js:49:42:49:87 | new Dat ... (taint) | provenance | Config | +| dates.js:50:42:50:102 | DateTim ... (taint) | dates.js:50:31:50:104 | `Time i ... aint)}` | provenance | | +| dates.js:50:42:50:102 | DateTim ... (taint) | dates.js:50:31:50:104 | `Time i ... aint)}` | provenance | Config | +| dates.js:50:97:50:101 | taint | dates.js:50:42:50:102 | DateTim ... (taint) | provenance | | +| dates.js:50:97:50:101 | taint | dates.js:50:42:50:102 | DateTim ... (taint) | provenance | Config | +| dates.js:54:9:54:69 | taint | dates.js:57:94:57:98 | taint | provenance | | +| dates.js:54:9:54:69 | taint | dates.js:59:80:59:84 | taint | provenance | | +| dates.js:54:9:54:69 | taint | dates.js:61:81:61:85 | taint | provenance | | +| dates.js:54:17:54:69 | decodeU ... ing(1)) | dates.js:54:9:54:69 | taint | provenance | | +| dates.js:54:36:54:55 | window.location.hash | dates.js:54:36:54:68 | window. ... ring(1) | provenance | | +| dates.js:54:36:54:55 | window.location.hash | dates.js:54:36:54:68 | window. ... ring(1) | provenance | Config | +| dates.js:54:36:54:68 | window. ... ring(1) | dates.js:54:17:54:69 | decodeU ... ing(1)) | provenance | | +| dates.js:54:36:54:68 | window. ... ring(1) | dates.js:54:17:54:69 | decodeU ... ing(1)) | provenance | Config | +| dates.js:57:42:57:99 | moment. ... (taint) | dates.js:57:31:57:101 | `Time i ... aint)}` | provenance | | +| dates.js:57:42:57:99 | moment. ... (taint) | dates.js:57:31:57:101 | `Time i ... aint)}` | provenance | Config | +| dates.js:57:94:57:98 | taint | dates.js:57:42:57:99 | moment. ... (taint) | provenance | | +| dates.js:57:94:57:98 | taint | dates.js:57:42:57:99 | moment. ... (taint) | provenance | Config | +| dates.js:59:42:59:85 | luxon.e ... (taint) | dates.js:59:31:59:87 | `Time i ... aint)}` | provenance | | +| dates.js:59:42:59:85 | luxon.e ... (taint) | dates.js:59:31:59:87 | `Time i ... aint)}` | provenance | Config | +| dates.js:59:80:59:84 | taint | dates.js:59:42:59:85 | luxon.e ... (taint) | provenance | | +| dates.js:59:80:59:84 | taint | dates.js:59:42:59:85 | luxon.e ... (taint) | provenance | Config | +| dates.js:61:42:61:86 | dayjs.s ... (taint) | dates.js:61:31:61:88 | `Time i ... aint)}` | provenance | | +| dates.js:61:42:61:86 | dayjs.s ... (taint) | dates.js:61:31:61:88 | `Time i ... aint)}` | provenance | Config | +| dates.js:61:81:61:85 | taint | dates.js:61:42:61:86 | dayjs.s ... (taint) | provenance | | +| dates.js:61:81:61:85 | taint | dates.js:61:42:61:86 | dayjs.s ... (taint) | provenance | Config | +| dragAndDrop.ts:8:11:8:50 | html | dragAndDrop.ts:15:25:15:28 | html | provenance | | +| dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | dragAndDrop.ts:8:11:8:50 | html | provenance | | +| dragAndDrop.ts:43:15:43:54 | html | dragAndDrop.ts:50:29:50:32 | html | provenance | | +| dragAndDrop.ts:43:22:43:54 | dataTra ... /html') | dragAndDrop.ts:43:15:43:54 | html | provenance | | +| dragAndDrop.ts:71:13:71:61 | droppedHtml | dragAndDrop.ts:73:29:73:39 | droppedHtml | provenance | | +| dragAndDrop.ts:71:27:71:61 | e.dataT ... /html') | dragAndDrop.ts:71:13:71:61 | droppedHtml | provenance | | +| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

' | provenance | | +| event-handler-receiver.js:2:49:2:61 | location.href | event-handler-receiver.js:2:31:2:83 | '

' | provenance | Config | +| jquery.js:2:7:2:40 | tainted | jquery.js:7:20:7:26 | tainted | provenance | | +| jquery.js:2:7:2:40 | tainted | jquery.js:8:28:8:34 | tainted | provenance | | +| jquery.js:2:7:2:40 | tainted | jquery.js:36:25:36:31 | tainted | provenance | | +| jquery.js:2:7:2:40 | tainted | jquery.js:37:31:37:37 | tainted | provenance | | +| jquery.js:2:17:2:40 | documen ... .search | jquery.js:2:7:2:40 | tainted | provenance | | +| jquery.js:7:20:7:26 | tainted | jquery.js:7:5:7:34 | "
" | provenance | Config | +| jquery.js:8:28:8:34 | tainted | jquery.js:8:18:8:34 | "XSS: " + tainted | provenance | | +| jquery.js:8:28:8:34 | tainted | jquery.js:8:18:8:34 | "XSS: " + tainted | provenance | Config | +| jquery.js:10:13:10:20 | location | jquery.js:10:13:10:31 | location.toString() | provenance | | +| jquery.js:10:13:10:20 | location | jquery.js:10:13:10:31 | location.toString() | provenance | Config | +| jquery.js:10:13:10:31 | location.toString() | jquery.js:10:5:10:40 | "" + ... "" | provenance | Config | +| jquery.js:14:38:14:57 | window.location.hash | jquery.js:14:19:14:58 | decodeU ... n.hash) | provenance | | +| jquery.js:14:38:14:57 | window.location.hash | jquery.js:14:19:14:58 | decodeU ... n.hash) | provenance | Config | +| jquery.js:15:38:15:59 | window. ... .search | jquery.js:15:19:15:60 | decodeU ... search) | provenance | | +| jquery.js:15:38:15:59 | window. ... .search | jquery.js:15:19:15:60 | decodeU ... search) | provenance | Config | +| jquery.js:16:38:16:52 | window.location | jquery.js:16:38:16:63 | window. ... tring() | provenance | | +| jquery.js:16:38:16:52 | window.location | jquery.js:16:38:16:63 | window. ... tring() | provenance | Config | +| jquery.js:16:38:16:63 | window. ... tring() | jquery.js:16:19:16:64 | decodeU ... ring()) | provenance | | +| jquery.js:16:38:16:63 | window. ... tring() | jquery.js:16:19:16:64 | decodeU ... ring()) | provenance | Config | +| jquery.js:18:7:18:33 | hash | jquery.js:21:5:21:8 | hash | provenance | | +| jquery.js:18:7:18:33 | hash | jquery.js:22:5:22:8 | hash | provenance | | +| jquery.js:18:7:18:33 | hash | jquery.js:23:5:23:8 | hash | provenance | | +| jquery.js:18:7:18:33 | hash | jquery.js:24:5:24:8 | hash | provenance | | +| jquery.js:18:7:18:33 | hash | jquery.js:27:5:27:8 | hash | provenance | | +| jquery.js:18:7:18:33 | hash | jquery.js:34:13:34:16 | hash | provenance | | +| jquery.js:18:14:18:33 | window.location.hash | jquery.js:18:7:18:33 | hash | provenance | | +| jquery.js:21:5:21:8 | hash | jquery.js:21:5:21:21 | hash.substring(1) | provenance | Config | +| jquery.js:22:5:22:8 | hash | jquery.js:22:5:22:25 | hash.su ... (1, 10) | provenance | Config | +| jquery.js:23:5:23:8 | hash | jquery.js:23:5:23:18 | hash.substr(1) | provenance | Config | +| jquery.js:24:5:24:8 | hash | jquery.js:24:5:24:17 | hash.slice(1) | provenance | Config | +| jquery.js:27:5:27:8 | hash | jquery.js:27:5:27:25 | hash.re ... #', '') | provenance | Config | +| jquery.js:28:5:28:26 | window. ... .search | jquery.js:28:5:28:43 | window. ... ?', '') | provenance | Config | +| jquery.js:34:13:34:16 | hash | jquery.js:34:5:34:25 | '' + ... '' | provenance | Config | +| jquery.js:37:31:37:37 | tainted | jquery.js:37:25:37:37 | () => tainted | provenance | Config | +| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:11:51:11:56 | locale | provenance | | +| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:19:56:19:61 | locale | provenance | | +| json-stringify.jsx:5:9:5:36 | locale | json-stringify.jsx:31:55:31:60 | locale | provenance | | +| json-stringify.jsx:5:18:5:36 | req.param("locale") | json-stringify.jsx:5:9:5:36 | locale | provenance | | +| json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | provenance | | +| json-stringify.jsx:11:51:11:56 | locale | json-stringify.jsx:11:16:11:58 | `https: ... ocale}` | provenance | | +| json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | json-stringify.jsx:35:40:35:61 | JSON.st ... jsonLD) | provenance | | +| json-stringify.jsx:19:56:19:61 | locale | json-stringify.jsx:19:16:19:63 | `https: ... ocale}` | provenance | | +| json-stringify.jsx:31:55:31:60 | locale | json-stringify.jsx:31:40:31:61 | JSON.st ... locale) | provenance | | +| jwt-server.js:7:9:7:35 | taint | jwt-server.js:9:16:9:20 | taint | provenance | | +| jwt-server.js:7:17:7:35 | req.param("wobble") | jwt-server.js:7:9:7:35 | taint | provenance | | +| jwt-server.js:9:16:9:20 | taint | jwt-server.js:9:55:9:61 | decoded | provenance | | +| jwt-server.js:9:55:9:61 | decoded | jwt-server.js:11:19:11:25 | decoded | provenance | | +| jwt-server.js:11:19:11:25 | decoded | jwt-server.js:11:19:11:29 | decoded.foo | provenance | | +| jwt.js:4:36:4:39 | data | jwt.js:5:30:5:33 | data | provenance | | +| jwt.js:5:9:5:34 | decoded | jwt.js:6:14:6:20 | decoded | provenance | | +| jwt.js:5:19:5:34 | jwt_decode(data) | jwt.js:5:9:5:34 | decoded | provenance | | +| jwt.js:5:30:5:33 | data | jwt.js:5:19:5:34 | jwt_decode(data) | provenance | | +| nodemailer.js:13:50:13:66 | req.query.message | nodemailer.js:13:11:13:69 | `Hi, yo ... sage}.` | provenance | | +| optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:6:18:6:23 | target | provenance | | +| optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:8:17:8:22 | target | provenance | | +| optionalSanitizer.js:2:7:2:39 | target | optionalSanitizer.js:15:9:15:14 | target | provenance | | +| optionalSanitizer.js:2:16:2:39 | documen ... .search | optionalSanitizer.js:2:7:2:39 | target | provenance | | +| optionalSanitizer.js:8:7:8:22 | tainted | optionalSanitizer.js:9:18:9:24 | tainted | provenance | | +| optionalSanitizer.js:8:17:8:22 | target | optionalSanitizer.js:8:7:8:22 | tainted | provenance | | +| optionalSanitizer.js:15:9:15:14 | target | optionalSanitizer.js:16:18:16:18 | x | provenance | | +| optionalSanitizer.js:16:18:16:18 | x | optionalSanitizer.js:17:20:17:20 | x | provenance | | +| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:31:18:31:23 | target | provenance | | +| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:38:18:38:23 | target | provenance | | +| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:45:41:45:46 | target | provenance | | +| optionalSanitizer.js:26:7:26:39 | target | optionalSanitizer.js:45:51:45:56 | target | provenance | | +| optionalSanitizer.js:26:16:26:39 | documen ... .search | optionalSanitizer.js:26:7:26:39 | target | provenance | | +| optionalSanitizer.js:28:24:28:24 | x | optionalSanitizer.js:29:12:29:12 | x | provenance | | +| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:32:18:32:25 | tainted2 | provenance | | +| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:34:28:34:35 | tainted2 | provenance | | +| optionalSanitizer.js:31:7:31:23 | tainted2 | optionalSanitizer.js:36:18:36:25 | tainted2 | provenance | | +| optionalSanitizer.js:31:18:31:23 | target | optionalSanitizer.js:31:7:31:23 | tainted2 | provenance | | +| optionalSanitizer.js:34:5:34:36 | tainted2 | optionalSanitizer.js:36:18:36:25 | tainted2 | provenance | | +| optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) | optionalSanitizer.js:34:5:34:36 | tainted2 | provenance | | +| optionalSanitizer.js:34:28:34:35 | tainted2 | optionalSanitizer.js:28:24:28:24 | x | provenance | | +| optionalSanitizer.js:34:28:34:35 | tainted2 | optionalSanitizer.js:34:16:34:36 | sanitiz ... inted2) | provenance | | +| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:39:18:39:25 | tainted3 | provenance | | +| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:41:28:41:35 | tainted3 | provenance | | +| optionalSanitizer.js:38:7:38:23 | tainted3 | optionalSanitizer.js:43:18:43:25 | tainted3 | provenance | | +| optionalSanitizer.js:38:18:38:23 | target | optionalSanitizer.js:38:7:38:23 | tainted3 | provenance | | +| optionalSanitizer.js:41:5:41:36 | tainted3 | optionalSanitizer.js:43:18:43:25 | tainted3 | provenance | | +| optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) | optionalSanitizer.js:41:5:41:36 | tainted3 | provenance | | +| optionalSanitizer.js:41:28:41:35 | tainted3 | optionalSanitizer.js:28:24:28:24 | x | provenance | | +| optionalSanitizer.js:41:28:41:35 | tainted3 | optionalSanitizer.js:41:16:41:36 | sanitiz ... inted3) | provenance | | +| optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | optionalSanitizer.js:45:18:45:56 | sanitiz ... target | provenance | | +| optionalSanitizer.js:45:41:45:46 | target | optionalSanitizer.js:28:24:28:24 | x | provenance | | +| optionalSanitizer.js:45:41:45:46 | target | optionalSanitizer.js:45:29:45:47 | sanitizeBad(target) | provenance | | +| optionalSanitizer.js:45:51:45:56 | target | optionalSanitizer.js:45:18:45:56 | sanitiz ... target | provenance | | +| pages/[id].jsx:3:30:3:35 | params [id] | pages/[id].jsx:13:44:13:49 | params [id] | provenance | | +| pages/[id].jsx:3:30:3:35 | params [q] | pages/[id].jsx:16:44:16:49 | params [q] | provenance | | +| pages/[id].jsx:5:9:5:14 | { id } | pages/[id].jsx:5:11:5:12 | id | provenance | | +| pages/[id].jsx:5:9:5:29 | id | pages/[id].jsx:10:44:10:45 | id | provenance | | +| pages/[id].jsx:5:11:5:12 | id | pages/[id].jsx:5:9:5:29 | id | provenance | | +| pages/[id].jsx:5:18:5:29 | router.query | pages/[id].jsx:5:9:5:14 | { id } | provenance | | +| pages/[id].jsx:13:44:13:49 | params [id] | pages/[id].jsx:13:44:13:52 | params.id | provenance | | +| pages/[id].jsx:16:44:16:49 | params [q] | pages/[id].jsx:16:44:16:51 | params.q | provenance | | +| pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [id] | pages/[id].jsx:3:30:3:35 | params [id] | provenance | | +| pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [q] | pages/[id].jsx:3:30:3:35 | params [q] | provenance | | +| pages/[id].jsx:25:11:25:24 | context.params | pages/[id].jsx:25:11:25:27 | context.params.id | provenance | | +| pages/[id].jsx:25:11:25:27 | context.params.id | pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | provenance | | +| pages/[id].jsx:25:11:25:33 | context ... d \|\| "" | pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [id] | provenance | | +| pages/[id].jsx:26:10:26:22 | context.query | pages/[id].jsx:26:10:26:30 | context ... .foobar | provenance | | +| pages/[id].jsx:26:10:26:30 | context ... .foobar | pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | provenance | | +| pages/[id].jsx:26:10:26:36 | context ... r \|\| "" | pages/[id].jsx:24:12:27:5 | {\\n ... ,\\n } [q] | provenance | | +| react-native.js:7:7:7:33 | tainted | react-native.js:8:18:8:24 | tainted | provenance | | +| react-native.js:7:7:7:33 | tainted | react-native.js:9:27:9:33 | tainted | provenance | | +| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | provenance | | +| react-use-router.js:8:21:8:32 | router.query | react-use-router.js:8:21:8:39 | router.query.foobar | provenance | | +| react-use-router.js:11:24:11:35 | router.query | react-use-router.js:11:24:11:42 | router.query.foobar | provenance | | +| react-use-router.js:23:31:23:36 | [post update] router | react-use-router.js:23:43:23:48 | router | provenance | | +| react-use-router.js:23:43:23:48 | router | react-use-router.js:23:43:23:54 | router.query | provenance | | +| react-use-router.js:23:43:23:54 | router.query | react-use-router.js:23:43:23:61 | router.query.foobar | provenance | | +| react-use-router.js:23:43:23:61 | router.query.foobar | react-use-router.js:23:31:23:36 | [post update] router | provenance | | +| react-use-router.js:33:21:33:32 | router.query | react-use-router.js:33:21:33:39 | router.query.foobar | provenance | | +| react-use-state.js:4:9:4:49 | state | react-use-state.js:5:51:5:55 | state | provenance | | +| react-use-state.js:4:10:4:14 | state | react-use-state.js:4:9:4:49 | state | provenance | | +| react-use-state.js:4:38:4:48 | window.name | react-use-state.js:4:10:4:14 | state | provenance | | +| react-use-state.js:9:9:9:43 | state | react-use-state.js:11:51:11:55 | state | provenance | | +| react-use-state.js:9:10:9:14 | state | react-use-state.js:9:9:9:43 | state | provenance | | +| react-use-state.js:10:14:10:24 | window.name | react-use-state.js:9:10:9:14 | state | provenance | | +| react-use-state.js:15:9:15:43 | state | react-use-state.js:17:51:17:55 | state | provenance | | +| react-use-state.js:15:10:15:14 | state | react-use-state.js:15:9:15:43 | state | provenance | | +| react-use-state.js:16:20:16:30 | window.name | react-use-state.js:15:10:15:14 | state | provenance | | +| react-use-state.js:21:10:21:14 | state | react-use-state.js:22:14:22:17 | prev | provenance | | +| react-use-state.js:22:14:22:17 | prev | react-use-state.js:23:35:23:38 | prev | provenance | | +| react-use-state.js:25:20:25:30 | window.name | react-use-state.js:21:10:21:14 | state | provenance | | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:23:29:23:35 | tainted | provenance | | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:25:29:25:35 | tainted | provenance | | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:28:29:28:35 | tainted | provenance | | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:30:29:30:35 | tainted | provenance | | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:33:29:33:35 | tainted | provenance | | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:35:29:35:35 | tainted | provenance | | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:38:29:38:35 | tainted | provenance | | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:45:29:45:35 | tainted | provenance | | +| sanitiser.js:16:7:16:27 | tainted | sanitiser.js:48:19:48:25 | tainted | provenance | | +| sanitiser.js:16:17:16:27 | window.name | sanitiser.js:16:7:16:27 | tainted | provenance | | +| sanitiser.js:23:29:23:35 | tainted | sanitiser.js:23:21:23:44 | '' + ... '' | provenance | | +| sanitiser.js:25:29:25:35 | tainted | sanitiser.js:25:21:25:44 | '' + ... '' | provenance | | +| sanitiser.js:28:29:28:35 | tainted | sanitiser.js:28:21:28:44 | '' + ... '' | provenance | | +| sanitiser.js:30:29:30:35 | tainted | sanitiser.js:30:21:30:44 | '' + ... '' | provenance | | +| sanitiser.js:33:29:33:35 | tainted | sanitiser.js:33:21:33:44 | '' + ... '' | provenance | | +| sanitiser.js:35:29:35:35 | tainted | sanitiser.js:35:21:35:44 | '' + ... '' | provenance | | +| sanitiser.js:38:29:38:35 | tainted | sanitiser.js:38:21:38:44 | '' + ... '' | provenance | | +| sanitiser.js:45:29:45:35 | tainted | sanitiser.js:45:21:45:44 | '' + ... '' | provenance | | +| sanitiser.js:48:19:48:25 | tainted | sanitiser.js:48:19:48:46 | tainted ... /g, '') | provenance | | +| stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') | provenance | | +| stored-xss.js:2:39:2:62 | documen ... .search | stored-xss.js:5:20:5:52 | session ... ssion') | provenance | Config | +| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') | provenance | | +| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:8:20:8:48 | localSt ... local') | provenance | Config | +| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:10:16:10:44 | localSt ... local') | provenance | | +| stored-xss.js:3:35:3:58 | documen ... .search | stored-xss.js:10:16:10:44 | localSt ... local') | provenance | Config | +| stored-xss.js:10:9:10:44 | href | stored-xss.js:12:35:12:38 | href | provenance | | +| stored-xss.js:10:16:10:44 | localSt ... local') | stored-xss.js:10:9:10:44 | href | provenance | | +| stored-xss.js:12:35:12:38 | href | stored-xss.js:12:20:12:54 | "" | provenance | | +| stored-xss.js:12:35:12:38 | href | stored-xss.js:12:20:12:54 | "" | provenance | Config | +| string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() | provenance | | +| string-manipulations.js:5:16:5:37 | documen ... on.href | string-manipulations.js:5:16:5:47 | documen ... lueOf() | provenance | Config | +| string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() | provenance | | +| string-manipulations.js:6:16:6:37 | documen ... on.href | string-manipulations.js:6:16:6:43 | documen ... f.sup() | provenance | Config | +| string-manipulations.js:7:16:7:37 | documen ... on.href | string-manipulations.js:7:16:7:51 | documen ... rCase() | provenance | | +| string-manipulations.js:7:16:7:37 | documen ... on.href | string-manipulations.js:7:16:7:51 | documen ... rCase() | provenance | Config | +| string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() | provenance | | +| string-manipulations.js:8:16:8:37 | documen ... on.href | string-manipulations.js:8:16:8:48 | documen ... mLeft() | provenance | Config | +| string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) | provenance | | +| string-manipulations.js:9:36:9:57 | documen ... on.href | string-manipulations.js:9:16:9:58 | String. ... n.href) | provenance | Config | +| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | provenance | | +| string-manipulations.js:10:23:10:44 | documen ... on.href | string-manipulations.js:10:16:10:45 | String( ... n.href) | provenance | Config | +| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:10:25:10:30 | source | provenance | | +| tooltip.jsx:6:11:6:30 | source | tooltip.jsx:11:25:11:30 | source | provenance | | +| tooltip.jsx:6:20:6:30 | window.name | tooltip.jsx:6:11:6:30 | source | provenance | | +| tooltip.jsx:22:11:22:30 | source | tooltip.jsx:23:38:23:43 | source | provenance | | +| tooltip.jsx:22:20:22:30 | window.name | tooltip.jsx:22:11:22:30 | source | provenance | | +| tooltip.jsx:23:38:23:43 | source | tooltip.jsx:18:51:18:59 | provide() | provenance | | +| translate.js:6:7:6:39 | target | translate.js:7:42:7:47 | target | provenance | | +| translate.js:6:16:6:39 | documen ... .search | translate.js:6:7:6:39 | target | provenance | | +| translate.js:7:7:7:61 | searchParams | translate.js:9:27:9:38 | searchParams | provenance | | +| translate.js:7:22:7:61 | new URL ... ing(1)) | translate.js:7:7:7:61 | searchParams | provenance | | +| translate.js:7:42:7:47 | target | translate.js:7:42:7:60 | target.substring(1) | provenance | | +| translate.js:7:42:7:47 | target | translate.js:7:42:7:60 | target.substring(1) | provenance | Config | +| translate.js:7:42:7:60 | target.substring(1) | translate.js:7:22:7:61 | new URL ... ing(1)) | provenance | | +| translate.js:9:27:9:38 | searchParams | translate.js:9:27:9:50 | searchP ... 'term') | provenance | Config | +| trusted-types-lib.js:1:28:1:28 | x | trusted-types-lib.js:2:12:2:12 | x | provenance | | +| trusted-types.js:3:62:3:62 | x | trusted-types.js:3:67:3:67 | x | provenance | | +| trusted-types.js:4:20:4:30 | window.name | trusted-types.js:3:62:3:62 | x | provenance | | +| trusted-types.js:13:20:13:30 | window.name | trusted-types-lib.js:1:28:1:28 | x | provenance | | +| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:4:25:4:28 | data | provenance | | +| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:5:26:5:29 | data | provenance | | +| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:7:32:7:35 | data | provenance | | +| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:9:37:9:40 | data | provenance | | +| tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | tst3.js:10:38:10:41 | data | provenance | | +| tst3.js:2:23:2:74 | decodeU ... str(1)) | tst3.js:2:12:2:75 | JSON.pa ... tr(1))) | provenance | | +| tst3.js:2:42:2:63 | window. ... .search | tst3.js:2:42:2:73 | window. ... bstr(1) | provenance | Config | +| tst3.js:2:42:2:73 | window. ... bstr(1) | tst3.js:2:23:2:74 | decodeU ... str(1)) | provenance | | +| tst3.js:4:25:4:28 | data | tst3.js:4:25:4:32 | data.src | provenance | | +| tst3.js:5:26:5:29 | data | tst3.js:5:26:5:31 | data.p | provenance | | +| tst3.js:7:32:7:35 | data | tst3.js:7:32:7:37 | data.p | provenance | | +| tst3.js:9:37:9:40 | data | tst3.js:9:37:9:42 | data.p | provenance | | +| tst3.js:10:38:10:41 | data | tst3.js:10:38:10:43 | data.p | provenance | | +| tst.js:2:7:2:39 | target | tst.js:5:18:5:23 | target | provenance | | +| tst.js:2:7:2:39 | target | tst.js:12:28:12:33 | target | provenance | | +| tst.js:2:7:2:39 | target | tst.js:20:42:20:47 | target | provenance | | +| tst.js:2:16:2:39 | documen ... .search | tst.js:2:7:2:39 | target | provenance | | +| tst.js:8:37:8:58 | documen ... on.href | tst.js:8:37:8:114 | documen ... t=")+8) | provenance | | +| tst.js:8:37:8:58 | documen ... on.href | tst.js:8:37:8:114 | documen ... t=")+8) | provenance | Config | +| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | provenance | | +| tst.js:8:37:8:114 | documen ... t=")+8) | tst.js:8:18:8:126 | "" | provenance | Config | +| tst.js:12:28:12:33 | target | tst.js:12:5:12:42 | '
' | provenance | Config | +| tst.js:17:7:17:56 | params | tst.js:18:18:18:23 | params | provenance | | +| tst.js:17:16:17:43 | (new UR ... ation)) [searchParams] | tst.js:17:16:17:56 | (new UR ... hParams | provenance | | +| tst.js:17:16:17:56 | (new UR ... hParams | tst.js:17:7:17:56 | params | provenance | | +| tst.js:17:17:17:42 | new URL ... cation) [searchParams] | tst.js:17:16:17:43 | (new UR ... ation)) [searchParams] | provenance | | +| tst.js:17:25:17:41 | document.location | tst.js:17:17:17:42 | new URL ... cation) [searchParams] | provenance | | +| tst.js:18:18:18:23 | params | tst.js:18:18:18:35 | params.get('name') | provenance | Config | +| tst.js:20:7:20:61 | searchParams | tst.js:21:18:21:29 | searchParams | provenance | | +| tst.js:20:22:20:61 | new URL ... ing(1)) | tst.js:20:7:20:61 | searchParams | provenance | | +| tst.js:20:42:20:47 | target | tst.js:20:42:20:60 | target.substring(1) | provenance | | +| tst.js:20:42:20:47 | target | tst.js:20:42:20:60 | target.substring(1) | provenance | Config | +| tst.js:20:42:20:60 | target.substring(1) | tst.js:20:22:20:61 | new URL ... ing(1)) | provenance | | +| tst.js:21:18:21:29 | searchParams | tst.js:21:18:21:41 | searchP ... 'name') | provenance | Config | +| tst.js:24:14:24:19 | target | tst.js:26:18:26:23 | target | provenance | | +| tst.js:28:5:28:28 | documen ... .search | tst.js:24:14:24:19 | target | provenance | | +| tst.js:31:10:31:33 | documen ... .search | tst.js:34:16:34:20 | bar() | provenance | | +| tst.js:31:10:31:33 | documen ... .search | tst.js:58:26:58:30 | bar() | provenance | | +| tst.js:31:10:31:33 | documen ... .search | tst.js:68:16:68:20 | bar() | provenance | | +| tst.js:36:14:36:14 | x | tst.js:37:10:37:10 | x | provenance | | +| tst.js:40:20:40:43 | documen ... .search | tst.js:36:14:36:14 | x | provenance | | +| tst.js:40:20:40:43 | documen ... .search | tst.js:40:16:40:44 | baz(doc ... search) | provenance | | +| tst.js:42:15:42:15 | s | tst.js:43:20:43:20 | s | provenance | | +| tst.js:43:20:43:20 | s | tst.js:43:10:43:31 | "
" ...
" | provenance | | +| tst.js:43:20:43:20 | s | tst.js:43:10:43:31 | "
" ...
" | provenance | Config | +| tst.js:46:21:46:44 | documen ... .search | tst.js:42:15:42:15 | s | provenance | | +| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | provenance | | +| tst.js:46:21:46:44 | documen ... .search | tst.js:46:16:46:45 | wrap(do ... search) | provenance | Config | +| tst.js:48:15:48:15 | s | tst.js:50:12:50:12 | s | provenance | | +| tst.js:50:12:50:12 | s | tst.js:50:12:50:22 | s.substr(1) | provenance | | +| tst.js:50:12:50:12 | s | tst.js:50:12:50:22 | s.substr(1) | provenance | Config | +| tst.js:54:21:54:44 | documen ... .search | tst.js:48:15:48:15 | s | provenance | | +| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | provenance | | +| tst.js:54:21:54:44 | documen ... .search | tst.js:54:16:54:45 | chop(do ... search) | provenance | Config | +| tst.js:56:21:56:44 | documen ... .search | tst.js:48:15:48:15 | s | provenance | | +| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | provenance | | +| tst.js:56:21:56:44 | documen ... .search | tst.js:56:16:56:45 | chop(do ... search) | provenance | Config | +| tst.js:58:21:58:31 | chop(bar()) | tst.js:42:15:42:15 | s | provenance | | +| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | provenance | | +| tst.js:58:21:58:31 | chop(bar()) | tst.js:58:16:58:32 | wrap(chop(bar())) | provenance | Config | +| tst.js:58:26:58:30 | bar() | tst.js:48:15:48:15 | s | provenance | | +| tst.js:58:26:58:30 | bar() | tst.js:58:21:58:31 | chop(bar()) | provenance | | +| tst.js:58:26:58:30 | bar() | tst.js:58:21:58:31 | chop(bar()) | provenance | Config | +| tst.js:60:34:60:34 | s | tst.js:62:18:62:18 | s | provenance | | +| tst.js:64:25:64:48 | documen ... .search | tst.js:60:34:60:34 | s | provenance | | +| tst.js:65:25:65:48 | documen ... .search | tst.js:60:34:60:34 | s | provenance | | +| tst.js:70:1:70:27 | [,docum ... search] | tst.js:70:46:70:46 | x | provenance | | +| tst.js:70:1:70:27 | [,docum ... search] | tst.js:70:46:70:46 | x | provenance | Config | +| tst.js:70:1:70:27 | [,docum ... search] [1] | tst.js:70:46:70:46 | x | provenance | | +| tst.js:70:3:70:26 | documen ... .search | tst.js:70:1:70:27 | [,docum ... search] | provenance | | +| tst.js:70:3:70:26 | documen ... .search | tst.js:70:1:70:27 | [,docum ... search] | provenance | Config | +| tst.js:70:3:70:26 | documen ... .search | tst.js:70:1:70:27 | [,docum ... search] [1] | provenance | | +| tst.js:70:46:70:46 | x | tst.js:73:20:73:20 | x | provenance | | +| tst.js:107:7:107:44 | v | tst.js:110:18:110:18 | v | provenance | | +| tst.js:107:7:107:44 | v | tst.js:136:18:136:18 | v | provenance | | +| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | provenance | | +| tst.js:107:11:107:34 | documen ... .search | tst.js:107:11:107:44 | documen ... bstr(1) | provenance | Config | +| tst.js:107:11:107:44 | documen ... bstr(1) | tst.js:107:7:107:44 | v | provenance | | +| tst.js:148:29:148:50 | window. ... .search | tst.js:151:29:151:29 | v | provenance | | +| tst.js:151:29:151:29 | v | tst.js:151:49:151:49 | v | provenance | | +| tst.js:158:40:158:61 | window. ... .search | tst.js:155:29:155:46 | xssSourceService() | provenance | | +| tst.js:177:9:177:41 | target | tst.js:180:28:180:33 | target | provenance | | +| tst.js:177:18:177:41 | documen ... .search | tst.js:177:9:177:41 | target | provenance | | +| tst.js:184:9:184:42 | tainted | tst.js:186:31:186:37 | tainted | provenance | | +| tst.js:184:9:184:42 | tainted | tst.js:188:42:188:48 | tainted | provenance | | +| tst.js:184:9:184:42 | tainted | tst.js:189:33:189:39 | tainted | provenance | | +| tst.js:184:9:184:42 | tainted | tst.js:191:54:191:60 | tainted | provenance | | +| tst.js:184:9:184:42 | tainted | tst.js:192:45:192:51 | tainted | provenance | | +| tst.js:184:9:184:42 | tainted | tst.js:193:49:193:55 | tainted | provenance | | +| tst.js:184:19:184:42 | documen ... .search | tst.js:184:9:184:42 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:199:67:199:73 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:200:67:200:73 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:204:35:204:41 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:206:46:206:52 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:207:38:207:44 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:208:35:208:41 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:236:35:236:41 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:238:20:238:26 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:240:23:240:29 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:241:23:241:29 | tainted | provenance | | +| tst.js:197:9:197:42 | tainted | tst.js:255:23:255:29 | tainted | provenance | | +| tst.js:197:19:197:42 | documen ... .search | tst.js:197:9:197:42 | tainted | provenance | | +| tst.js:204:35:204:41 | tainted | tst.js:212:28:212:46 | this.state.tainted1 | provenance | | +| tst.js:204:35:204:41 | tainted | tst.js:212:28:212:46 | this.state.tainted1 | provenance | Config | +| tst.js:206:46:206:52 | tainted | tst.js:213:28:213:46 | this.state.tainted2 | provenance | | +| tst.js:206:46:206:52 | tainted | tst.js:213:28:213:46 | this.state.tainted2 | provenance | Config | +| tst.js:207:38:207:44 | tainted | tst.js:214:28:214:46 | this.state.tainted3 | provenance | | +| tst.js:207:38:207:44 | tainted | tst.js:214:28:214:46 | this.state.tainted3 | provenance | Config | +| tst.js:208:35:208:41 | tainted | tst.js:218:32:218:49 | prevState.tainted4 | provenance | | +| tst.js:208:35:208:41 | tainted | tst.js:218:32:218:49 | prevState.tainted4 | provenance | Config | +| tst.js:236:35:236:41 | tainted | tst.js:225:28:225:46 | this.props.tainted1 | provenance | | +| tst.js:238:20:238:26 | tainted | tst.js:226:28:226:46 | this.props.tainted2 | provenance | | +| tst.js:240:23:240:29 | tainted | tst.js:227:28:227:46 | this.props.tainted3 | provenance | | +| tst.js:241:23:241:29 | tainted | tst.js:231:32:231:49 | prevProps.tainted4 | provenance | | +| tst.js:247:39:247:55 | props.propTainted | tst.js:251:60:251:82 | this.st ... Tainted | provenance | | +| tst.js:247:39:247:55 | props.propTainted | tst.js:251:60:251:82 | this.st ... Tainted | provenance | Config | +| tst.js:255:23:255:29 | tainted | tst.js:247:39:247:55 | props.propTainted | provenance | | +| tst.js:285:9:285:29 | tainted | tst.js:288:59:288:65 | tainted | provenance | | +| tst.js:285:19:285:29 | window.name | tst.js:285:9:285:29 | tainted | provenance | | +| tst.js:301:9:301:16 | location | tst.js:302:10:302:10 | e | provenance | | +| tst.js:302:10:302:10 | e | tst.js:303:20:303:20 | e | provenance | | +| tst.js:308:10:308:17 | location | tst.js:310:10:310:10 | e | provenance | | +| tst.js:310:10:310:10 | e | tst.js:311:20:311:20 | e | provenance | | +| tst.js:327:10:327:35 | new URL ... cation) [searchParams] | tst.js:331:16:331:30 | getTaintedUrl() [searchParams] | provenance | | +| tst.js:327:18:327:34 | document.location | tst.js:327:10:327:35 | new URL ... cation) [searchParams] | provenance | | +| tst.js:331:7:331:43 | params | tst.js:332:18:332:23 | params | provenance | | +| tst.js:331:16:331:30 | getTaintedUrl() [searchParams] | tst.js:331:16:331:43 | getTain ... hParams | provenance | | +| tst.js:331:16:331:43 | getTain ... hParams | tst.js:331:7:331:43 | params | provenance | | +| tst.js:332:18:332:23 | params | tst.js:332:18:332:35 | params.get('name') | provenance | Config | +| tst.js:341:12:341:37 | new URL ... cation) [hash] | tst.js:343:5:343:12 | getUrl() [hash] | provenance | | +| tst.js:341:20:341:36 | document.location | tst.js:341:12:341:37 | new URL ... cation) [hash] | provenance | | +| tst.js:343:5:343:12 | getUrl() [hash] | tst.js:343:5:343:17 | getUrl().hash | provenance | | +| tst.js:343:5:343:17 | getUrl().hash | tst.js:343:5:343:30 | getUrl( ... ring(1) | provenance | Config | +| tst.js:348:7:348:39 | target | tst.js:349:12:349:17 | target | provenance | | +| tst.js:348:16:348:39 | documen ... .search | tst.js:348:7:348:39 | target | provenance | | +| tst.js:355:10:355:42 | target | tst.js:356:16:356:21 | target | provenance | | +| tst.js:355:10:355:42 | target | tst.js:360:21:360:26 | target | provenance | | +| tst.js:355:10:355:42 | target | tst.js:363:18:363:23 | target | provenance | | +| tst.js:355:19:355:42 | documen ... .search | tst.js:355:10:355:42 | target | provenance | | +| tst.js:371:7:371:39 | target | tst.js:374:18:374:23 | target | provenance | | +| tst.js:371:16:371:39 | documen ... .search | tst.js:371:7:371:39 | target | provenance | | +| tst.js:381:7:381:39 | target | tst.js:384:18:384:23 | target | provenance | | +| tst.js:381:7:381:39 | target | tst.js:386:18:386:23 | target | provenance | | +| tst.js:381:7:381:39 | target | tst.js:397:18:397:23 | target | provenance | | +| tst.js:381:7:381:39 | target | tst.js:406:18:406:23 | target | provenance | | +| tst.js:381:7:381:39 | target | tst.js:408:19:408:24 | target | provenance | | +| tst.js:381:7:381:39 | target [taint3] | tst.js:392:18:392:23 | target [taint3] | provenance | | +| tst.js:381:7:381:39 | target [taint8] | tst.js:408:19:408:24 | target [taint8] | provenance | | +| tst.js:381:7:381:39 | target [taint8] | tst.js:409:18:409:23 | target [taint8] | provenance | | +| tst.js:381:16:381:39 | documen ... .search | tst.js:381:7:381:39 | target | provenance | | +| tst.js:386:18:386:23 | target | tst.js:386:18:386:29 | target.taint | provenance | | +| tst.js:386:18:386:23 | target | tst.js:386:18:386:29 | target.taint | provenance | Config | +| tst.js:391:3:391:8 | [post update] target [taint3] | tst.js:381:7:381:39 | target [taint3] | provenance | | +| tst.js:391:19:391:42 | documen ... .search | tst.js:391:3:391:8 | [post update] target [taint3] | provenance | | +| tst.js:392:18:392:23 | target [taint3] | tst.js:392:18:392:30 | target.taint3 | provenance | | +| tst.js:397:18:397:23 | target | tst.js:397:18:397:30 | target.taint5 | provenance | | +| tst.js:397:18:397:23 | target | tst.js:397:18:397:30 | target.taint5 | provenance | Config | +| tst.js:406:18:406:23 | target | tst.js:406:18:406:30 | target.taint7 | provenance | | +| tst.js:406:18:406:23 | target | tst.js:406:18:406:30 | target.taint7 | provenance | Config | +| tst.js:408:3:408:8 | [post update] target [taint8] | tst.js:381:7:381:39 | target [taint8] | provenance | | +| tst.js:408:19:408:24 | target | tst.js:408:19:408:31 | target.taint8 | provenance | | +| tst.js:408:19:408:24 | target | tst.js:408:19:408:31 | target.taint8 | provenance | Config | +| tst.js:408:19:408:24 | target [taint8] | tst.js:408:19:408:31 | target.taint8 | provenance | | +| tst.js:408:19:408:31 | target.taint8 | tst.js:408:3:408:8 | [post update] target [taint8] | provenance | | +| tst.js:409:18:409:23 | target [taint8] | tst.js:409:18:409:30 | target.taint8 | provenance | | +| tst.js:416:7:416:46 | payload | tst.js:417:18:417:24 | payload | provenance | | +| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | provenance | | +| tst.js:416:17:416:36 | window.location.hash | tst.js:416:17:416:46 | window. ... bstr(1) | provenance | Config | +| tst.js:416:17:416:46 | window. ... bstr(1) | tst.js:416:7:416:46 | payload | provenance | | +| tst.js:419:7:419:55 | match | tst.js:421:20:421:24 | match | provenance | | +| tst.js:419:15:419:34 | window.location.hash | tst.js:419:15:419:55 | window. ... (\\w+)/) | provenance | | +| tst.js:419:15:419:34 | window.location.hash | tst.js:419:15:419:55 | window. ... (\\w+)/) | provenance | Config | +| tst.js:419:15:419:55 | window. ... (\\w+)/) | tst.js:419:7:419:55 | match | provenance | | +| tst.js:421:20:421:24 | match | tst.js:421:20:421:27 | match[1] | provenance | | +| tst.js:421:20:421:24 | match | tst.js:421:20:421:27 | match[1] | provenance | Config | +| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | provenance | | +| tst.js:424:18:424:37 | window.location.hash | tst.js:424:18:424:48 | window. ... it('#') | provenance | Config | +| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | provenance | | +| tst.js:424:18:424:48 | window. ... it('#') | tst.js:424:18:424:51 | window. ... '#')[1] | provenance | Config | +| tst.js:428:7:428:39 | target | tst.js:430:18:430:23 | target | provenance | | +| tst.js:428:16:428:39 | documen ... .search | tst.js:428:7:428:39 | target | provenance | | +| tst.js:430:18:430:23 | target | tst.js:430:18:430:89 | target. ... data>') | provenance | | +| tst.js:430:18:430:23 | target | tst.js:430:18:430:89 | target. ... data>') | provenance | Config | +| tst.js:436:6:436:38 | source | tst.js:440:28:440:33 | source | provenance | | +| tst.js:436:6:436:38 | source | tst.js:441:33:441:38 | source | provenance | | +| tst.js:436:6:436:38 | source | tst.js:442:34:442:39 | source | provenance | | +| tst.js:436:6:436:38 | source | tst.js:443:41:443:46 | source | provenance | | +| tst.js:436:6:436:38 | source | tst.js:444:44:444:49 | source | provenance | | +| tst.js:436:6:436:38 | source | tst.js:445:32:445:37 | source | provenance | | +| tst.js:436:15:436:38 | documen ... .search | tst.js:436:6:436:38 | source | provenance | | +| tst.js:453:7:453:39 | source | tst.js:455:18:455:23 | source | provenance | | +| tst.js:453:7:453:39 | source | tst.js:456:36:456:41 | source | provenance | | +| tst.js:453:16:453:39 | documen ... .search | tst.js:453:7:453:39 | source | provenance | | +| tst.js:456:36:456:41 | source | tst.js:456:18:456:42 | ansiToH ... source) | provenance | | +| tst.js:456:36:456:41 | source | tst.js:456:18:456:42 | ansiToH ... source) | provenance | Config | +| tst.js:460:6:460:38 | source | tst.js:463:21:463:26 | source | provenance | | +| tst.js:460:6:460:38 | source | tst.js:465:19:465:24 | source | provenance | | +| tst.js:460:6:460:38 | source | tst.js:467:20:467:25 | source | provenance | | +| tst.js:460:15:460:38 | documen ... .search | tst.js:460:6:460:38 | source | provenance | | +| tst.js:471:7:471:46 | url | tst.js:473:19:473:21 | url | provenance | | +| tst.js:471:7:471:46 | url | tst.js:474:26:474:28 | url | provenance | | +| tst.js:471:7:471:46 | url | tst.js:475:25:475:27 | url | provenance | | +| tst.js:471:7:471:46 | url | tst.js:476:20:476:22 | url | provenance | | +| tst.js:471:7:471:46 | url | tst.js:486:22:486:24 | url | provenance | | +| tst.js:471:13:471:36 | documen ... .search | tst.js:471:13:471:46 | documen ... bstr(1) | provenance | Config | +| tst.js:471:13:471:46 | documen ... bstr(1) | tst.js:471:7:471:46 | url | provenance | | +| tst.js:491:23:491:35 | location.hash | tst.js:491:23:491:45 | locatio ... bstr(1) | provenance | Config | +| tst.js:494:18:494:30 | location.hash | tst.js:494:18:494:40 | locatio ... bstr(1) | provenance | Config | +| tst.js:501:43:501:62 | window.location.hash | tst.js:501:33:501:63 | decodeU ... n.hash) | provenance | | +| tst.js:501:43:501:62 | window.location.hash | tst.js:501:33:501:63 | decodeU ... n.hash) | provenance | Config | +| typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc | provenance | | +| typeahead.js:20:13:20:45 | target | typeahead.js:21:12:21:17 | target | provenance | | +| typeahead.js:20:22:20:45 | documen ... .search | typeahead.js:20:13:20:45 | target | provenance | | +| typeahead.js:21:12:21:17 | target | typeahead.js:24:30:24:32 | val | provenance | | +| typeahead.js:21:12:21:17 | target | typeahead.js:24:30:24:32 | val | provenance | Config | +| typeahead.js:24:30:24:32 | val | typeahead.js:25:18:25:20 | val | provenance | | +| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:4:14:4:20 | tainted | provenance | | +| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:5:12:5:18 | tainted | provenance | | +| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:6:19:6:25 | tainted | provenance | | +| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:7:14:7:20 | tainted | provenance | | +| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:9:19:9:25 | tainted | provenance | | +| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:10:16:10:22 | tainted | provenance | | +| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:11:24:11:30 | tainted | provenance | | +| various-concat-obfuscations.js:2:6:2:39 | tainted | various-concat-obfuscations.js:12:19:12:25 | tainted | provenance | | +| various-concat-obfuscations.js:2:16:2:39 | documen ... .search | various-concat-obfuscations.js:2:6:2:39 | tainted | provenance | | +| various-concat-obfuscations.js:4:14:4:20 | tainted | various-concat-obfuscations.js:4:4:4:31 | "
" ...
" | provenance | Config | +| various-concat-obfuscations.js:5:12:5:18 | tainted | various-concat-obfuscations.js:5:4:5:26 | `
$ ...
` | provenance | Config | +| various-concat-obfuscations.js:6:4:6:26 | "
" ... ainted) | various-concat-obfuscations.js:6:4:6:43 | "
" ... /div>") | provenance | | +| various-concat-obfuscations.js:6:19:6:25 | tainted | various-concat-obfuscations.js:6:4:6:26 | "
" ... ainted) | provenance | Config | +| various-concat-obfuscations.js:7:4:7:31 | ["
... /div>"] | various-concat-obfuscations.js:7:4:7:38 | ["
... .join() | provenance | | +| various-concat-obfuscations.js:7:14:7:20 | tainted | various-concat-obfuscations.js:7:4:7:31 | ["
... /div>"] | provenance | Config | +| various-concat-obfuscations.js:9:19:9:25 | tainted | various-concat-obfuscations.js:9:4:9:34 | "
" | provenance | Config | +| various-concat-obfuscations.js:10:16:10:22 | tainted | various-concat-obfuscations.js:10:4:10:27 | `
` | provenance | Config | +| various-concat-obfuscations.js:11:4:11:31 | "
") | provenance | | +| various-concat-obfuscations.js:11:24:11:30 | tainted | various-concat-obfuscations.js:11:4:11:31 | "
"] | various-concat-obfuscations.js:12:4:12:41 | ["
"] | provenance | Config | +| various-concat-obfuscations.js:14:24:14:28 | attrs | various-concat-obfuscations.js:15:28:15:32 | attrs | provenance | | +| various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | various-concat-obfuscations.js:15:10:15:83 | '
' | provenance | Config | +| various-concat-obfuscations.js:15:28:15:32 | attrs | various-concat-obfuscations.js:15:28:15:44 | attrs.defaultattr | provenance | | +| various-concat-obfuscations.js:15:28:15:32 | attrs | various-concat-obfuscations.js:15:28:15:44 | attrs.defaultattr | provenance | Config | +| various-concat-obfuscations.js:15:28:15:44 | attrs.defaultattr | various-concat-obfuscations.js:15:27:15:55 | (attrs. ... 'left') | provenance | | +| various-concat-obfuscations.js:17:24:17:28 | attrs | various-concat-obfuscations.js:18:32:18:36 | attrs | provenance | | +| various-concat-obfuscations.js:18:10:18:59 | '
') | provenance | | +| various-concat-obfuscations.js:18:10:18:88 | '
') | provenance | | +| various-concat-obfuscations.js:18:32:18:36 | attrs | various-concat-obfuscations.js:18:32:18:48 | attrs.defaultattr | provenance | | +| various-concat-obfuscations.js:18:32:18:36 | attrs | various-concat-obfuscations.js:18:32:18:48 | attrs.defaultattr | provenance | Config | +| various-concat-obfuscations.js:18:32:18:48 | attrs.defaultattr | various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | provenance | | +| various-concat-obfuscations.js:18:32:18:58 | attrs.d ... 'left' | various-concat-obfuscations.js:18:10:18:59 | '
" ...
" | tst.js:46:16:46:45 | wrap(do ... search) | +| tst.js:54:21:54:44 | documen ... .search | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:54:16:54:45 | chop(do ... search) | +| tst.js:56:21:56:44 | documen ... .search | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:56:16:56:45 | chop(do ... search) | +| tst.js:58:21:58:31 | chop(bar()) | tst.js:42:15:42:15 | s | tst.js:43:10:43:31 | "
" ...
" | tst.js:58:16:58:32 | wrap(chop(bar())) | +| tst.js:58:26:58:30 | bar() | tst.js:48:15:48:15 | s | tst.js:50:12:50:22 | s.substr(1) | tst.js:58:21:58:31 | chop(bar()) | +| various-concat-obfuscations.js:20:17:20:46 | documen ... h.attrs | various-concat-obfuscations.js:14:24:14:28 | attrs | various-concat-obfuscations.js:15:10:15:83 | '
' | various-concat-obfuscations.js:20:4:20:47 | indirec ... .attrs) | +| various-concat-obfuscations.js:21:17:21:46 | documen ... h.attrs | various-concat-obfuscations.js:17:24:17:28 | attrs | various-concat-obfuscations.js:18:10:18:105 | '
') | various-concat-obfuscations.js:21:4:21:47 | indirec ... .attrs) | #select | jwt.js:6:14:6:20 | decoded | jwt.js:4:36:4:39 | data | jwt.js:6:14:6:20 | decoded | Cross-site scripting vulnerability due to $@. | jwt.js:4:36:4:39 | data | user-provided value | | typeahead.js:10:16:10:18 | loc | typeahead.js:9:28:9:30 | loc | typeahead.js:10:16:10:18 | loc | Cross-site scripting vulnerability due to $@. | typeahead.js:9:28:9:30 | loc | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.ql b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.ql index 9a27e9db4d41..a2e4dad22fe5 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.ql +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.ql @@ -13,11 +13,13 @@ import javascript import semmle.javascript.security.dataflow.DomBasedXssQuery -import DataFlow::PathGraph +import DataFlow::DeduplicatePathGraph import semmle.javascript.heuristics.AdditionalSources -from DataFlow::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource +from PathNode source, PathNode sink +where + DomBasedXssFlow::flowPath(source.getAnOriginalPathNode(), sink.getAnOriginalPathNode()) and + source.getNode() instanceof HeuristicSource select sink.getNode(), source, sink, sink.getNode().(Sink).getVulnerabilityKind() + " vulnerability due to $@.", source.getNode(), "user-provided value" diff --git a/javascript/ql/test/query-tests/Security/CWE-079/ExceptionXss/ExceptionXss.expected b/javascript/ql/test/query-tests/Security/CWE-079/ExceptionXss/ExceptionXss.expected index 0ff9bcb932ab..67c34650206d 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/ExceptionXss/ExceptionXss.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/ExceptionXss/ExceptionXss.expected @@ -1,177 +1,167 @@ nodes -| ajv.js:11:18:11:33 | ajv.errorsText() | -| ajv.js:11:18:11:33 | ajv.errorsText() | -| ajv.js:11:18:11:33 | ajv.errorsText() | -| ajv.js:24:18:24:26 | val.error | -| ajv.js:24:18:24:26 | val.error | -| ajv.js:24:18:24:26 | val.error | -| exception-xss.js:2:6:2:28 | foo | -| exception-xss.js:2:12:2:28 | document.location | -| exception-xss.js:2:12:2:28 | document.location | -| exception-xss.js:9:11:9:13 | foo | -| exception-xss.js:10:11:10:11 | e | -| exception-xss.js:11:18:11:18 | e | -| exception-xss.js:11:18:11:18 | e | -| exception-xss.js:15:3:15:12 | exceptional return of inner(foo) | -| exception-xss.js:15:9:15:11 | foo | -| exception-xss.js:16:11:16:11 | e | -| exception-xss.js:17:18:17:18 | e | -| exception-xss.js:17:18:17:18 | e | -| exception-xss.js:21:11:21:13 | foo | -| exception-xss.js:21:11:21:21 | foo + "bar" | -| exception-xss.js:22:11:22:11 | e | -| exception-xss.js:23:18:23:18 | e | -| exception-xss.js:23:18:23:18 | e | -| exception-xss.js:33:11:33:22 | ["bar", foo] | -| exception-xss.js:33:19:33:21 | foo | -| exception-xss.js:34:11:34:11 | e | -| exception-xss.js:35:18:35:18 | e | -| exception-xss.js:35:18:35:18 | e | -| exception-xss.js:46:3:46:19 | exceptional return of deep("bar" + foo) | -| exception-xss.js:46:8:46:18 | "bar" + foo | -| exception-xss.js:46:16:46:18 | foo | -| exception-xss.js:47:11:47:11 | e | -| exception-xss.js:48:18:48:18 | e | -| exception-xss.js:48:18:48:18 | e | -| exception-xss.js:81:3:81:19 | exceptional return of myWeirdInner(foo) | -| exception-xss.js:81:16:81:18 | foo | -| exception-xss.js:82:11:82:11 | e | -| exception-xss.js:83:18:83:18 | e | -| exception-xss.js:83:18:83:18 | e | -| exception-xss.js:89:11:89:13 | foo | -| exception-xss.js:89:11:89:26 | foo.match(/foo/) | -| exception-xss.js:90:11:90:11 | e | -| exception-xss.js:91:18:91:18 | e | -| exception-xss.js:91:18:91:18 | e | -| exception-xss.js:95:11:95:22 | [foo, "bar"] | -| exception-xss.js:95:12:95:14 | foo | -| exception-xss.js:96:11:96:11 | e | -| exception-xss.js:97:18:97:18 | e | -| exception-xss.js:97:18:97:18 | e | -| exception-xss.js:102:12:102:14 | foo | -| exception-xss.js:106:11:106:11 | e | -| exception-xss.js:107:18:107:18 | e | -| exception-xss.js:107:18:107:18 | e | -| exception-xss.js:117:11:117:23 | req.params.id | -| exception-xss.js:117:11:117:23 | req.params.id | -| exception-xss.js:118:11:118:11 | e | -| exception-xss.js:119:12:119:28 | "Exception: " + e | -| exception-xss.js:119:12:119:28 | "Exception: " + e | -| exception-xss.js:119:28:119:28 | e | -| exception-xss.js:125:45:125:68 | documen ... .search | -| exception-xss.js:125:45:125:68 | documen ... .search | -| exception-xss.js:128:11:128:52 | session ... ssion') | -| exception-xss.js:129:11:129:11 | e | -| exception-xss.js:130:18:130:18 | e | -| exception-xss.js:130:18:130:18 | e | -| exception-xss.js:136:10:136:22 | req.params.id | -| exception-xss.js:136:10:136:22 | req.params.id | -| exception-xss.js:136:26:136:30 | error | -| exception-xss.js:138:19:138:23 | error | -| exception-xss.js:138:19:138:23 | error | -| exception-xss.js:146:6:146:35 | foo | -| exception-xss.js:146:12:146:35 | documen ... .search | -| exception-xss.js:146:12:146:35 | documen ... .search | -| exception-xss.js:148:33:148:35 | foo | -| exception-xss.js:148:55:148:55 | e | -| exception-xss.js:149:18:149:18 | e | -| exception-xss.js:149:18:149:18 | e | -| exception-xss.js:153:8:153:10 | foo | -| exception-xss.js:154:11:154:11 | e | -| exception-xss.js:155:18:155:18 | e | -| exception-xss.js:155:18:155:18 | e | -| exception-xss.js:174:25:174:43 | exceptional return of inner(foo, resolve) | -| exception-xss.js:174:31:174:33 | foo | -| exception-xss.js:174:53:174:53 | e | -| exception-xss.js:175:18:175:18 | e | -| exception-xss.js:175:18:175:18 | e | -| exception-xss.js:180:10:180:22 | req.params.id | -| exception-xss.js:180:10:180:22 | req.params.id | -| exception-xss.js:180:26:180:30 | error | -| exception-xss.js:182:19:182:23 | error | -| exception-xss.js:182:19:182:23 | error | +| ajv.js:11:18:11:33 | ajv.errorsText() | semmle.label | ajv.errorsText() | +| ajv.js:24:18:24:26 | val.error | semmle.label | val.error | +| exception-xss.js:2:6:2:28 | foo | semmle.label | foo | +| exception-xss.js:2:12:2:28 | document.location | semmle.label | document.location | +| exception-xss.js:4:17:4:17 | x | semmle.label | x | +| exception-xss.js:5:11:5:11 | x | semmle.label | x | +| exception-xss.js:9:11:9:13 | foo | semmle.label | foo | +| exception-xss.js:10:11:10:11 | e | semmle.label | e | +| exception-xss.js:11:18:11:18 | e | semmle.label | e | +| exception-xss.js:15:3:15:12 | exceptional return of inner(foo) | semmle.label | exceptional return of inner(foo) | +| exception-xss.js:15:9:15:11 | foo | semmle.label | foo | +| exception-xss.js:16:11:16:11 | e | semmle.label | e | +| exception-xss.js:17:18:17:18 | e | semmle.label | e | +| exception-xss.js:21:11:21:13 | foo | semmle.label | foo | +| exception-xss.js:21:11:21:21 | foo + "bar" | semmle.label | foo + "bar" | +| exception-xss.js:22:11:22:11 | e | semmle.label | e | +| exception-xss.js:23:18:23:18 | e | semmle.label | e | +| exception-xss.js:33:11:33:22 | ["bar", foo] | semmle.label | ["bar", foo] | +| exception-xss.js:33:19:33:21 | foo | semmle.label | foo | +| exception-xss.js:34:11:34:11 | e | semmle.label | e | +| exception-xss.js:35:18:35:18 | e | semmle.label | e | +| exception-xss.js:38:16:38:16 | x | semmle.label | x | +| exception-xss.js:39:3:39:10 | exceptional return of deep2(x) | semmle.label | exceptional return of deep2(x) | +| exception-xss.js:39:9:39:9 | x | semmle.label | x | +| exception-xss.js:41:17:41:17 | x | semmle.label | x | +| exception-xss.js:42:3:42:10 | exceptional return of inner(x) | semmle.label | exceptional return of inner(x) | +| exception-xss.js:42:9:42:9 | x | semmle.label | x | +| exception-xss.js:46:3:46:19 | exceptional return of deep("bar" + foo) | semmle.label | exceptional return of deep("bar" + foo) | +| exception-xss.js:46:8:46:18 | "bar" + foo | semmle.label | "bar" + foo | +| exception-xss.js:46:16:46:18 | foo | semmle.label | foo | +| exception-xss.js:47:11:47:11 | e | semmle.label | e | +| exception-xss.js:48:18:48:18 | e | semmle.label | e | +| exception-xss.js:74:28:74:28 | x | semmle.label | x | +| exception-xss.js:75:4:75:11 | exceptional return of inner(x) | semmle.label | exceptional return of inner(x) | +| exception-xss.js:75:10:75:10 | x | semmle.label | x | +| exception-xss.js:81:3:81:19 | exceptional return of myWeirdInner(foo) | semmle.label | exceptional return of myWeirdInner(foo) | +| exception-xss.js:81:16:81:18 | foo | semmle.label | foo | +| exception-xss.js:82:11:82:11 | e | semmle.label | e | +| exception-xss.js:83:18:83:18 | e | semmle.label | e | +| exception-xss.js:89:11:89:13 | foo | semmle.label | foo | +| exception-xss.js:89:11:89:26 | foo.match(/foo/) | semmle.label | foo.match(/foo/) | +| exception-xss.js:90:11:90:11 | e | semmle.label | e | +| exception-xss.js:91:18:91:18 | e | semmle.label | e | +| exception-xss.js:95:11:95:22 | [foo, "bar"] | semmle.label | [foo, "bar"] | +| exception-xss.js:95:12:95:14 | foo | semmle.label | foo | +| exception-xss.js:96:11:96:11 | e | semmle.label | e | +| exception-xss.js:97:18:97:18 | e | semmle.label | e | +| exception-xss.js:102:12:102:14 | foo | semmle.label | foo | +| exception-xss.js:106:11:106:11 | e | semmle.label | e | +| exception-xss.js:107:18:107:18 | e | semmle.label | e | +| exception-xss.js:117:11:117:23 | req.params.id | semmle.label | req.params.id | +| exception-xss.js:118:11:118:11 | e | semmle.label | e | +| exception-xss.js:119:12:119:28 | "Exception: " + e | semmle.label | "Exception: " + e | +| exception-xss.js:119:28:119:28 | e | semmle.label | e | +| exception-xss.js:125:45:125:68 | documen ... .search | semmle.label | documen ... .search | +| exception-xss.js:128:11:128:52 | session ... ssion') | semmle.label | session ... ssion') | +| exception-xss.js:129:11:129:11 | e | semmle.label | e | +| exception-xss.js:130:18:130:18 | e | semmle.label | e | +| exception-xss.js:136:10:136:22 | req.params.id | semmle.label | req.params.id | +| exception-xss.js:136:26:136:30 | error | semmle.label | error | +| exception-xss.js:138:19:138:23 | error | semmle.label | error | +| exception-xss.js:146:6:146:35 | foo | semmle.label | foo | +| exception-xss.js:146:12:146:35 | documen ... .search | semmle.label | documen ... .search | +| exception-xss.js:148:2:148:46 | new Pro ... solve)) [PromiseError] | semmle.label | new Pro ... solve)) [PromiseError] | +| exception-xss.js:148:33:148:35 | foo | semmle.label | foo | +| exception-xss.js:148:55:148:55 | e | semmle.label | e | +| exception-xss.js:149:18:149:18 | e | semmle.label | e | +| exception-xss.js:153:8:153:10 | foo | semmle.label | foo | +| exception-xss.js:154:11:154:11 | e | semmle.label | e | +| exception-xss.js:155:18:155:18 | e | semmle.label | e | +| exception-xss.js:170:17:170:23 | tainted | semmle.label | tainted | +| exception-xss.js:171:11:171:17 | tainted | semmle.label | tainted | +| exception-xss.js:174:2:174:44 | new Pro ... solve)) [PromiseError] | semmle.label | new Pro ... solve)) [PromiseError] | +| exception-xss.js:174:25:174:43 | exceptional return of inner(foo, resolve) | semmle.label | exceptional return of inner(foo, resolve) | +| exception-xss.js:174:31:174:33 | foo | semmle.label | foo | +| exception-xss.js:174:53:174:53 | e | semmle.label | e | +| exception-xss.js:175:18:175:18 | e | semmle.label | e | +| exception-xss.js:180:10:180:22 | req.params.id | semmle.label | req.params.id | +| exception-xss.js:180:26:180:30 | error | semmle.label | error | +| exception-xss.js:182:19:182:23 | error | semmle.label | error | edges -| ajv.js:11:18:11:33 | ajv.errorsText() | ajv.js:11:18:11:33 | ajv.errorsText() | -| ajv.js:24:18:24:26 | val.error | ajv.js:24:18:24:26 | val.error | -| exception-xss.js:2:6:2:28 | foo | exception-xss.js:9:11:9:13 | foo | -| exception-xss.js:2:6:2:28 | foo | exception-xss.js:15:9:15:11 | foo | -| exception-xss.js:2:6:2:28 | foo | exception-xss.js:21:11:21:13 | foo | -| exception-xss.js:2:6:2:28 | foo | exception-xss.js:33:19:33:21 | foo | -| exception-xss.js:2:6:2:28 | foo | exception-xss.js:46:16:46:18 | foo | -| exception-xss.js:2:6:2:28 | foo | exception-xss.js:81:16:81:18 | foo | -| exception-xss.js:2:6:2:28 | foo | exception-xss.js:89:11:89:13 | foo | -| exception-xss.js:2:6:2:28 | foo | exception-xss.js:95:12:95:14 | foo | -| exception-xss.js:2:6:2:28 | foo | exception-xss.js:102:12:102:14 | foo | -| exception-xss.js:2:12:2:28 | document.location | exception-xss.js:2:6:2:28 | foo | -| exception-xss.js:2:12:2:28 | document.location | exception-xss.js:2:6:2:28 | foo | -| exception-xss.js:9:11:9:13 | foo | exception-xss.js:10:11:10:11 | e | -| exception-xss.js:10:11:10:11 | e | exception-xss.js:11:18:11:18 | e | -| exception-xss.js:10:11:10:11 | e | exception-xss.js:11:18:11:18 | e | -| exception-xss.js:15:3:15:12 | exceptional return of inner(foo) | exception-xss.js:16:11:16:11 | e | -| exception-xss.js:15:9:15:11 | foo | exception-xss.js:15:3:15:12 | exceptional return of inner(foo) | -| exception-xss.js:16:11:16:11 | e | exception-xss.js:17:18:17:18 | e | -| exception-xss.js:16:11:16:11 | e | exception-xss.js:17:18:17:18 | e | -| exception-xss.js:21:11:21:13 | foo | exception-xss.js:21:11:21:21 | foo + "bar" | -| exception-xss.js:21:11:21:21 | foo + "bar" | exception-xss.js:22:11:22:11 | e | -| exception-xss.js:22:11:22:11 | e | exception-xss.js:23:18:23:18 | e | -| exception-xss.js:22:11:22:11 | e | exception-xss.js:23:18:23:18 | e | -| exception-xss.js:33:11:33:22 | ["bar", foo] | exception-xss.js:34:11:34:11 | e | -| exception-xss.js:33:19:33:21 | foo | exception-xss.js:33:11:33:22 | ["bar", foo] | -| exception-xss.js:34:11:34:11 | e | exception-xss.js:35:18:35:18 | e | -| exception-xss.js:34:11:34:11 | e | exception-xss.js:35:18:35:18 | e | -| exception-xss.js:46:3:46:19 | exceptional return of deep("bar" + foo) | exception-xss.js:47:11:47:11 | e | -| exception-xss.js:46:8:46:18 | "bar" + foo | exception-xss.js:46:3:46:19 | exceptional return of deep("bar" + foo) | -| exception-xss.js:46:16:46:18 | foo | exception-xss.js:46:8:46:18 | "bar" + foo | -| exception-xss.js:47:11:47:11 | e | exception-xss.js:48:18:48:18 | e | -| exception-xss.js:47:11:47:11 | e | exception-xss.js:48:18:48:18 | e | -| exception-xss.js:81:3:81:19 | exceptional return of myWeirdInner(foo) | exception-xss.js:82:11:82:11 | e | -| exception-xss.js:81:16:81:18 | foo | exception-xss.js:81:3:81:19 | exceptional return of myWeirdInner(foo) | -| exception-xss.js:82:11:82:11 | e | exception-xss.js:83:18:83:18 | e | -| exception-xss.js:82:11:82:11 | e | exception-xss.js:83:18:83:18 | e | -| exception-xss.js:89:11:89:13 | foo | exception-xss.js:89:11:89:26 | foo.match(/foo/) | -| exception-xss.js:89:11:89:26 | foo.match(/foo/) | exception-xss.js:90:11:90:11 | e | -| exception-xss.js:90:11:90:11 | e | exception-xss.js:91:18:91:18 | e | -| exception-xss.js:90:11:90:11 | e | exception-xss.js:91:18:91:18 | e | -| exception-xss.js:95:11:95:22 | [foo, "bar"] | exception-xss.js:96:11:96:11 | e | -| exception-xss.js:95:12:95:14 | foo | exception-xss.js:95:11:95:22 | [foo, "bar"] | -| exception-xss.js:96:11:96:11 | e | exception-xss.js:97:18:97:18 | e | -| exception-xss.js:96:11:96:11 | e | exception-xss.js:97:18:97:18 | e | -| exception-xss.js:102:12:102:14 | foo | exception-xss.js:106:11:106:11 | e | -| exception-xss.js:106:11:106:11 | e | exception-xss.js:107:18:107:18 | e | -| exception-xss.js:106:11:106:11 | e | exception-xss.js:107:18:107:18 | e | -| exception-xss.js:117:11:117:23 | req.params.id | exception-xss.js:118:11:118:11 | e | -| exception-xss.js:117:11:117:23 | req.params.id | exception-xss.js:118:11:118:11 | e | -| exception-xss.js:118:11:118:11 | e | exception-xss.js:119:28:119:28 | e | -| exception-xss.js:119:28:119:28 | e | exception-xss.js:119:12:119:28 | "Exception: " + e | -| exception-xss.js:119:28:119:28 | e | exception-xss.js:119:12:119:28 | "Exception: " + e | -| exception-xss.js:125:45:125:68 | documen ... .search | exception-xss.js:128:11:128:52 | session ... ssion') | -| exception-xss.js:125:45:125:68 | documen ... .search | exception-xss.js:128:11:128:52 | session ... ssion') | -| exception-xss.js:128:11:128:52 | session ... ssion') | exception-xss.js:129:11:129:11 | e | -| exception-xss.js:129:11:129:11 | e | exception-xss.js:130:18:130:18 | e | -| exception-xss.js:129:11:129:11 | e | exception-xss.js:130:18:130:18 | e | -| exception-xss.js:136:10:136:22 | req.params.id | exception-xss.js:136:26:136:30 | error | -| exception-xss.js:136:10:136:22 | req.params.id | exception-xss.js:136:26:136:30 | error | -| exception-xss.js:136:26:136:30 | error | exception-xss.js:138:19:138:23 | error | -| exception-xss.js:136:26:136:30 | error | exception-xss.js:138:19:138:23 | error | -| exception-xss.js:146:6:146:35 | foo | exception-xss.js:148:33:148:35 | foo | -| exception-xss.js:146:6:146:35 | foo | exception-xss.js:153:8:153:10 | foo | -| exception-xss.js:146:6:146:35 | foo | exception-xss.js:174:31:174:33 | foo | -| exception-xss.js:146:12:146:35 | documen ... .search | exception-xss.js:146:6:146:35 | foo | -| exception-xss.js:146:12:146:35 | documen ... .search | exception-xss.js:146:6:146:35 | foo | -| exception-xss.js:148:33:148:35 | foo | exception-xss.js:148:55:148:55 | e | -| exception-xss.js:148:55:148:55 | e | exception-xss.js:149:18:149:18 | e | -| exception-xss.js:148:55:148:55 | e | exception-xss.js:149:18:149:18 | e | -| exception-xss.js:153:8:153:10 | foo | exception-xss.js:154:11:154:11 | e | -| exception-xss.js:154:11:154:11 | e | exception-xss.js:155:18:155:18 | e | -| exception-xss.js:154:11:154:11 | e | exception-xss.js:155:18:155:18 | e | -| exception-xss.js:174:25:174:43 | exceptional return of inner(foo, resolve) | exception-xss.js:174:53:174:53 | e | -| exception-xss.js:174:31:174:33 | foo | exception-xss.js:174:25:174:43 | exceptional return of inner(foo, resolve) | -| exception-xss.js:174:53:174:53 | e | exception-xss.js:175:18:175:18 | e | -| exception-xss.js:174:53:174:53 | e | exception-xss.js:175:18:175:18 | e | -| exception-xss.js:180:10:180:22 | req.params.id | exception-xss.js:180:26:180:30 | error | -| exception-xss.js:180:10:180:22 | req.params.id | exception-xss.js:180:26:180:30 | error | -| exception-xss.js:180:26:180:30 | error | exception-xss.js:182:19:182:23 | error | -| exception-xss.js:180:26:180:30 | error | exception-xss.js:182:19:182:23 | error | +| exception-xss.js:2:6:2:28 | foo | exception-xss.js:9:11:9:13 | foo | provenance | | +| exception-xss.js:2:6:2:28 | foo | exception-xss.js:15:9:15:11 | foo | provenance | | +| exception-xss.js:2:6:2:28 | foo | exception-xss.js:21:11:21:13 | foo | provenance | | +| exception-xss.js:2:6:2:28 | foo | exception-xss.js:33:19:33:21 | foo | provenance | | +| exception-xss.js:2:6:2:28 | foo | exception-xss.js:46:16:46:18 | foo | provenance | | +| exception-xss.js:2:6:2:28 | foo | exception-xss.js:81:16:81:18 | foo | provenance | | +| exception-xss.js:2:6:2:28 | foo | exception-xss.js:89:11:89:13 | foo | provenance | | +| exception-xss.js:2:6:2:28 | foo | exception-xss.js:95:12:95:14 | foo | provenance | | +| exception-xss.js:2:6:2:28 | foo | exception-xss.js:102:12:102:14 | foo | provenance | | +| exception-xss.js:2:12:2:28 | document.location | exception-xss.js:2:6:2:28 | foo | provenance | | +| exception-xss.js:4:17:4:17 | x | exception-xss.js:5:11:5:11 | x | provenance | | +| exception-xss.js:9:11:9:13 | foo | exception-xss.js:10:11:10:11 | e | provenance | Config | +| exception-xss.js:10:11:10:11 | e | exception-xss.js:11:18:11:18 | e | provenance | | +| exception-xss.js:15:3:15:12 | exceptional return of inner(foo) | exception-xss.js:16:11:16:11 | e | provenance | | +| exception-xss.js:15:9:15:11 | foo | exception-xss.js:4:17:4:17 | x | provenance | | +| exception-xss.js:15:9:15:11 | foo | exception-xss.js:15:3:15:12 | exceptional return of inner(foo) | provenance | Config | +| exception-xss.js:16:11:16:11 | e | exception-xss.js:17:18:17:18 | e | provenance | | +| exception-xss.js:21:11:21:13 | foo | exception-xss.js:21:11:21:21 | foo + "bar" | provenance | | +| exception-xss.js:21:11:21:21 | foo + "bar" | exception-xss.js:22:11:22:11 | e | provenance | Config | +| exception-xss.js:22:11:22:11 | e | exception-xss.js:23:18:23:18 | e | provenance | | +| exception-xss.js:33:11:33:22 | ["bar", foo] | exception-xss.js:34:11:34:11 | e | provenance | Config | +| exception-xss.js:33:19:33:21 | foo | exception-xss.js:33:11:33:22 | ["bar", foo] | provenance | | +| exception-xss.js:34:11:34:11 | e | exception-xss.js:35:18:35:18 | e | provenance | | +| exception-xss.js:38:16:38:16 | x | exception-xss.js:39:9:39:9 | x | provenance | | +| exception-xss.js:39:9:39:9 | x | exception-xss.js:39:3:39:10 | exceptional return of deep2(x) | provenance | | +| exception-xss.js:39:9:39:9 | x | exception-xss.js:41:17:41:17 | x | provenance | | +| exception-xss.js:41:17:41:17 | x | exception-xss.js:42:9:42:9 | x | provenance | | +| exception-xss.js:42:9:42:9 | x | exception-xss.js:4:17:4:17 | x | provenance | | +| exception-xss.js:42:9:42:9 | x | exception-xss.js:42:3:42:10 | exceptional return of inner(x) | provenance | Config | +| exception-xss.js:46:3:46:19 | exceptional return of deep("bar" + foo) | exception-xss.js:47:11:47:11 | e | provenance | | +| exception-xss.js:46:8:46:18 | "bar" + foo | exception-xss.js:38:16:38:16 | x | provenance | | +| exception-xss.js:46:8:46:18 | "bar" + foo | exception-xss.js:46:3:46:19 | exceptional return of deep("bar" + foo) | provenance | | +| exception-xss.js:46:16:46:18 | foo | exception-xss.js:46:8:46:18 | "bar" + foo | provenance | | +| exception-xss.js:47:11:47:11 | e | exception-xss.js:48:18:48:18 | e | provenance | | +| exception-xss.js:74:28:74:28 | x | exception-xss.js:75:10:75:10 | x | provenance | | +| exception-xss.js:75:10:75:10 | x | exception-xss.js:4:17:4:17 | x | provenance | | +| exception-xss.js:75:10:75:10 | x | exception-xss.js:75:4:75:11 | exceptional return of inner(x) | provenance | Config | +| exception-xss.js:81:3:81:19 | exceptional return of myWeirdInner(foo) | exception-xss.js:82:11:82:11 | e | provenance | | +| exception-xss.js:81:16:81:18 | foo | exception-xss.js:74:28:74:28 | x | provenance | | +| exception-xss.js:81:16:81:18 | foo | exception-xss.js:81:3:81:19 | exceptional return of myWeirdInner(foo) | provenance | | +| exception-xss.js:82:11:82:11 | e | exception-xss.js:83:18:83:18 | e | provenance | | +| exception-xss.js:89:11:89:13 | foo | exception-xss.js:89:11:89:26 | foo.match(/foo/) | provenance | | +| exception-xss.js:89:11:89:26 | foo.match(/foo/) | exception-xss.js:90:11:90:11 | e | provenance | Config | +| exception-xss.js:90:11:90:11 | e | exception-xss.js:91:18:91:18 | e | provenance | | +| exception-xss.js:95:11:95:22 | [foo, "bar"] | exception-xss.js:96:11:96:11 | e | provenance | Config | +| exception-xss.js:95:12:95:14 | foo | exception-xss.js:95:11:95:22 | [foo, "bar"] | provenance | | +| exception-xss.js:96:11:96:11 | e | exception-xss.js:97:18:97:18 | e | provenance | | +| exception-xss.js:102:12:102:14 | foo | exception-xss.js:106:11:106:11 | e | provenance | Config | +| exception-xss.js:106:11:106:11 | e | exception-xss.js:107:18:107:18 | e | provenance | | +| exception-xss.js:117:11:117:23 | req.params.id | exception-xss.js:118:11:118:11 | e | provenance | Config | +| exception-xss.js:118:11:118:11 | e | exception-xss.js:119:28:119:28 | e | provenance | | +| exception-xss.js:119:28:119:28 | e | exception-xss.js:119:12:119:28 | "Exception: " + e | provenance | | +| exception-xss.js:125:45:125:68 | documen ... .search | exception-xss.js:128:11:128:52 | session ... ssion') | provenance | | +| exception-xss.js:128:11:128:52 | session ... ssion') | exception-xss.js:129:11:129:11 | e | provenance | Config | +| exception-xss.js:129:11:129:11 | e | exception-xss.js:130:18:130:18 | e | provenance | | +| exception-xss.js:136:10:136:22 | req.params.id | exception-xss.js:136:26:136:30 | error | provenance | Config | +| exception-xss.js:136:26:136:30 | error | exception-xss.js:138:19:138:23 | error | provenance | | +| exception-xss.js:146:6:146:35 | foo | exception-xss.js:148:33:148:35 | foo | provenance | | +| exception-xss.js:146:6:146:35 | foo | exception-xss.js:153:8:153:10 | foo | provenance | | +| exception-xss.js:146:6:146:35 | foo | exception-xss.js:174:31:174:33 | foo | provenance | | +| exception-xss.js:146:12:146:35 | documen ... .search | exception-xss.js:146:6:146:35 | foo | provenance | | +| exception-xss.js:148:2:148:46 | new Pro ... solve)) [PromiseError] | exception-xss.js:148:55:148:55 | e | provenance | | +| exception-xss.js:148:33:148:35 | foo | exception-xss.js:148:2:148:46 | new Pro ... solve)) [PromiseError] | provenance | Config | +| exception-xss.js:148:55:148:55 | e | exception-xss.js:149:18:149:18 | e | provenance | | +| exception-xss.js:153:8:153:10 | foo | exception-xss.js:154:11:154:11 | e | provenance | Config | +| exception-xss.js:154:11:154:11 | e | exception-xss.js:155:18:155:18 | e | provenance | | +| exception-xss.js:170:17:170:23 | tainted | exception-xss.js:171:11:171:17 | tainted | provenance | | +| exception-xss.js:174:2:174:44 | new Pro ... solve)) [PromiseError] | exception-xss.js:174:53:174:53 | e | provenance | | +| exception-xss.js:174:25:174:43 | exceptional return of inner(foo, resolve) | exception-xss.js:174:2:174:44 | new Pro ... solve)) [PromiseError] | provenance | | +| exception-xss.js:174:31:174:33 | foo | exception-xss.js:170:17:170:23 | tainted | provenance | | +| exception-xss.js:174:31:174:33 | foo | exception-xss.js:174:25:174:43 | exceptional return of inner(foo, resolve) | provenance | Config | +| exception-xss.js:174:53:174:53 | e | exception-xss.js:175:18:175:18 | e | provenance | | +| exception-xss.js:180:10:180:22 | req.params.id | exception-xss.js:180:26:180:30 | error | provenance | Config | +| exception-xss.js:180:26:180:30 | error | exception-xss.js:182:19:182:23 | error | provenance | | +subpaths +| exception-xss.js:15:9:15:11 | foo | exception-xss.js:4:17:4:17 | x | exception-xss.js:5:11:5:11 | x | exception-xss.js:15:3:15:12 | exceptional return of inner(foo) | +| exception-xss.js:39:9:39:9 | x | exception-xss.js:41:17:41:17 | x | exception-xss.js:42:3:42:10 | exceptional return of inner(x) | exception-xss.js:39:3:39:10 | exceptional return of deep2(x) | +| exception-xss.js:42:9:42:9 | x | exception-xss.js:4:17:4:17 | x | exception-xss.js:5:11:5:11 | x | exception-xss.js:42:3:42:10 | exceptional return of inner(x) | +| exception-xss.js:46:8:46:18 | "bar" + foo | exception-xss.js:38:16:38:16 | x | exception-xss.js:39:3:39:10 | exceptional return of deep2(x) | exception-xss.js:46:3:46:19 | exceptional return of deep("bar" + foo) | +| exception-xss.js:75:10:75:10 | x | exception-xss.js:4:17:4:17 | x | exception-xss.js:5:11:5:11 | x | exception-xss.js:75:4:75:11 | exceptional return of inner(x) | +| exception-xss.js:81:16:81:18 | foo | exception-xss.js:74:28:74:28 | x | exception-xss.js:75:4:75:11 | exceptional return of inner(x) | exception-xss.js:81:3:81:19 | exceptional return of myWeirdInner(foo) | +| exception-xss.js:174:31:174:33 | foo | exception-xss.js:170:17:170:23 | tainted | exception-xss.js:171:11:171:17 | tainted | exception-xss.js:174:25:174:43 | exceptional return of inner(foo, resolve) | #select | ajv.js:11:18:11:33 | ajv.errorsText() | ajv.js:11:18:11:33 | ajv.errorsText() | ajv.js:11:18:11:33 | ajv.errorsText() | $@ is reinterpreted as HTML without escaping meta-characters. | ajv.js:11:18:11:33 | ajv.errorsText() | JSON schema validation error | | ajv.js:24:18:24:26 | val.error | ajv.js:24:18:24:26 | val.error | ajv.js:24:18:24:26 | val.error | $@ is reinterpreted as HTML without escaping meta-characters. | ajv.js:24:18:24:26 | val.error | JSON schema validation error | diff --git a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected index ddee07dbadc5..c8e90d807375 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected @@ -1,484 +1,334 @@ -nodes -| ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | -| ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | -| ReflectedXss.js:8:33:8:45 | req.params.id | -| ReflectedXss.js:8:33:8:45 | req.params.id | -| ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | -| ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | -| ReflectedXss.js:17:31:17:39 | params.id | -| ReflectedXss.js:17:31:17:39 | params.id | -| ReflectedXss.js:22:12:22:19 | req.body | -| ReflectedXss.js:22:12:22:19 | req.body | -| ReflectedXss.js:22:12:22:19 | req.body | -| ReflectedXss.js:23:12:23:27 | marked(req.body) | -| ReflectedXss.js:23:12:23:27 | marked(req.body) | -| ReflectedXss.js:23:19:23:26 | req.body | -| ReflectedXss.js:23:19:23:26 | req.body | -| ReflectedXss.js:29:12:29:19 | req.body | -| ReflectedXss.js:29:12:29:19 | req.body | -| ReflectedXss.js:29:12:29:19 | req.body | -| ReflectedXss.js:30:7:33:4 | mytable | -| ReflectedXss.js:30:17:33:4 | table([ ... y]\\n ]) | -| ReflectedXss.js:30:23:33:3 | [\\n [ ... dy]\\n ] | -| ReflectedXss.js:32:5:32:22 | ['body', req.body] | -| ReflectedXss.js:32:14:32:21 | req.body | -| ReflectedXss.js:32:14:32:21 | req.body | -| ReflectedXss.js:34:12:34:18 | mytable | -| ReflectedXss.js:34:12:34:18 | mytable | -| ReflectedXss.js:41:12:41:19 | req.body | -| ReflectedXss.js:41:12:41:19 | req.body | -| ReflectedXss.js:41:12:41:19 | req.body | -| ReflectedXss.js:42:12:42:39 | convert ... q.body) | -| ReflectedXss.js:42:12:42:39 | convert ... q.body) | -| ReflectedXss.js:42:31:42:38 | req.body | -| ReflectedXss.js:42:31:42:38 | req.body | -| ReflectedXss.js:56:12:56:19 | req.body | -| ReflectedXss.js:56:12:56:19 | req.body | -| ReflectedXss.js:56:12:56:19 | req.body | -| ReflectedXss.js:64:14:64:21 | req.body | -| ReflectedXss.js:64:14:64:21 | req.body | -| ReflectedXss.js:64:39:64:42 | file | -| ReflectedXss.js:65:16:65:19 | file | -| ReflectedXss.js:65:16:65:19 | file | -| ReflectedXss.js:68:12:68:41 | remark( ... q.body) | -| ReflectedXss.js:68:12:68:52 | remark( ... tring() | -| ReflectedXss.js:68:12:68:52 | remark( ... tring() | -| ReflectedXss.js:68:33:68:40 | req.body | -| ReflectedXss.js:68:33:68:40 | req.body | -| ReflectedXss.js:72:12:72:56 | unified ... q.body) | -| ReflectedXss.js:72:12:72:65 | unified ... oString | -| ReflectedXss.js:72:12:72:65 | unified ... oString | -| ReflectedXss.js:72:48:72:55 | req.body | -| ReflectedXss.js:72:48:72:55 | req.body | -| ReflectedXss.js:74:20:74:27 | req.body | -| ReflectedXss.js:74:20:74:27 | req.body | -| ReflectedXss.js:74:34:74:34 | f | -| ReflectedXss.js:75:14:75:14 | f | -| ReflectedXss.js:75:14:75:14 | f | -| ReflectedXss.js:83:12:83:19 | req.body | -| ReflectedXss.js:83:12:83:19 | req.body | -| ReflectedXss.js:83:12:83:19 | req.body | -| ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | -| ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | -| ReflectedXss.js:84:22:84:29 | req.body | -| ReflectedXss.js:84:22:84:29 | req.body | -| ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | -| ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | -| ReflectedXss.js:85:23:85:30 | req.body | -| ReflectedXss.js:85:23:85:30 | req.body | -| ReflectedXss.js:97:12:97:19 | req.body | -| ReflectedXss.js:97:12:97:19 | req.body | -| ReflectedXss.js:97:12:97:19 | req.body | -| ReflectedXss.js:98:12:98:38 | markdow ... q.body) | -| ReflectedXss.js:98:12:98:38 | markdow ... q.body) | -| ReflectedXss.js:98:30:98:37 | req.body | -| ReflectedXss.js:98:30:98:37 | req.body | -| ReflectedXss.js:100:12:100:39 | markdow ... q.body) | -| ReflectedXss.js:100:12:100:39 | markdow ... q.body) | -| ReflectedXss.js:100:31:100:38 | req.body | -| ReflectedXss.js:100:31:100:38 | req.body | -| ReflectedXss.js:103:12:103:84 | markdow ... q.body) | -| ReflectedXss.js:103:12:103:84 | markdow ... q.body) | -| ReflectedXss.js:103:76:103:83 | req.body | -| ReflectedXss.js:103:76:103:83 | req.body | -| ReflectedXss.js:110:16:110:30 | request.query.p | -| ReflectedXss.js:110:16:110:30 | request.query.p | -| ReflectedXss.js:110:16:110:30 | request.query.p | -| ReflectedXss.js:114:11:114:41 | queryKeys | -| ReflectedXss.js:114:13:114:27 | keys: queryKeys | -| ReflectedXss.js:114:13:114:27 | keys: queryKeys | -| ReflectedXss.js:116:11:116:45 | keys | -| ReflectedXss.js:116:18:116:26 | queryKeys | -| ReflectedXss.js:116:18:116:45 | queryKe ... s?.keys | -| ReflectedXss.js:116:31:116:45 | paramKeys?.keys | -| ReflectedXss.js:116:31:116:45 | paramKeys?.keys | -| ReflectedXss.js:118:11:118:61 | keyArray | -| ReflectedXss.js:118:22:118:61 | typeof ... : keys | -| ReflectedXss.js:118:49:118:54 | [keys] | -| ReflectedXss.js:118:50:118:53 | keys | -| ReflectedXss.js:118:58:118:61 | keys | -| ReflectedXss.js:119:11:119:72 | invalidKeys | -| ReflectedXss.js:119:25:119:32 | keyArray | -| ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) | -| ReflectedXss.js:122:30:122:73 | `${inva ... telist` | -| ReflectedXss.js:122:30:122:73 | `${inva ... telist` | -| ReflectedXss.js:122:33:122:43 | invalidKeys | -| ReflectedXss.js:122:33:122:54 | invalid ... n(', ') | -| ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | -| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | -| ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | -| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | -| ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | -| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | -| ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | -| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | -| ReflectedXssGood3.js:135:9:135:27 | url | -| ReflectedXssGood3.js:135:15:135:27 | req.params.id | -| ReflectedXssGood3.js:135:15:135:27 | req.params.id | -| ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) | -| ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) | -| ReflectedXssGood3.js:139:24:139:26 | url | -| etherpad.js:9:5:9:53 | response | -| etherpad.js:9:16:9:30 | req.query.jsonp | -| etherpad.js:9:16:9:30 | req.query.jsonp | -| etherpad.js:9:16:9:53 | req.que ... e + ")" | -| etherpad.js:11:12:11:19 | response | -| etherpad.js:11:12:11:19 | response | -| formatting.js:4:9:4:29 | evil | -| formatting.js:4:16:4:29 | req.query.evil | -| formatting.js:4:16:4:29 | req.query.evil | -| formatting.js:6:14:6:47 | util.fo ... , evil) | -| formatting.js:6:14:6:47 | util.fo ... , evil) | -| formatting.js:6:43:6:46 | evil | -| formatting.js:7:14:7:53 | require ... , evil) | -| formatting.js:7:14:7:53 | require ... , evil) | -| formatting.js:7:49:7:52 | evil | -| live-server.js:4:11:4:27 | tainted | -| live-server.js:4:21:4:27 | req.url | -| live-server.js:4:21:4:27 | req.url | -| live-server.js:6:13:6:50 | ` ... /html>` | -| live-server.js:6:13:6:50 | ` ... /html>` | -| live-server.js:6:28:6:34 | tainted | -| live-server.js:10:11:10:27 | tainted | -| live-server.js:10:21:10:27 | req.url | -| live-server.js:10:21:10:27 | req.url | -| live-server.js:12:13:12:50 | ` ... /html>` | -| live-server.js:12:13:12:50 | ` ... /html>` | -| live-server.js:12:28:12:34 | tainted | -| pages/Next.jsx:8:13:8:19 | req.url | -| pages/Next.jsx:8:13:8:19 | req.url | -| pages/Next.jsx:8:13:8:19 | req.url | -| pages/Next.jsx:15:13:15:19 | req.url | -| pages/Next.jsx:15:13:15:19 | req.url | -| pages/Next.jsx:15:13:15:19 | req.url | -| pages/api/myapi.js:2:14:2:20 | req.url | -| pages/api/myapi.js:2:14:2:20 | req.url | -| pages/api/myapi.js:2:14:2:20 | req.url | -| partial.js:9:25:9:25 | x | -| partial.js:10:14:10:14 | x | -| partial.js:10:14:10:18 | x + y | -| partial.js:10:14:10:18 | x + y | -| partial.js:13:42:13:48 | req.url | -| partial.js:13:42:13:48 | req.url | -| partial.js:18:25:18:25 | x | -| partial.js:19:14:19:14 | x | -| partial.js:19:14:19:18 | x + y | -| partial.js:19:14:19:18 | x + y | -| partial.js:22:51:22:57 | req.url | -| partial.js:22:51:22:57 | req.url | -| partial.js:27:25:27:25 | x | -| partial.js:28:14:28:14 | x | -| partial.js:28:14:28:18 | x + y | -| partial.js:28:14:28:18 | x + y | -| partial.js:31:47:31:53 | req.url | -| partial.js:31:47:31:53 | req.url | -| partial.js:36:25:36:25 | x | -| partial.js:37:14:37:14 | x | -| partial.js:37:14:37:18 | x + y | -| partial.js:37:14:37:18 | x + y | -| partial.js:40:43:40:49 | req.url | -| partial.js:40:43:40:49 | req.url | -| promises.js:5:3:5:59 | new Pro ... .data)) | -| promises.js:5:44:5:57 | req.query.data | -| promises.js:5:44:5:57 | req.query.data | -| promises.js:6:11:6:11 | x | -| promises.js:6:25:6:25 | x | -| promises.js:6:25:6:25 | x | -| tst2.js:6:7:6:30 | p | -| tst2.js:6:7:6:30 | r | -| tst2.js:6:9:6:9 | p | -| tst2.js:6:9:6:9 | p | -| tst2.js:6:12:6:15 | q: r | -| tst2.js:6:12:6:15 | q: r | -| tst2.js:7:12:7:12 | p | -| tst2.js:7:12:7:12 | p | -| tst2.js:8:12:8:12 | r | -| tst2.js:8:12:8:12 | r | -| tst2.js:14:7:14:24 | p | -| tst2.js:14:9:14:9 | p | -| tst2.js:14:9:14:9 | p | -| tst2.js:18:12:18:12 | p | -| tst2.js:18:12:18:12 | p | -| tst2.js:21:14:21:14 | p | -| tst2.js:21:14:21:14 | p | -| tst2.js:30:7:30:24 | p | -| tst2.js:30:9:30:9 | p | -| tst2.js:30:9:30:9 | p | -| tst2.js:33:11:33:11 | p | -| tst2.js:36:12:36:12 | p | -| tst2.js:36:12:36:12 | p | -| tst2.js:37:12:37:18 | other.p | -| tst2.js:37:12:37:18 | other.p | -| tst2.js:43:7:43:24 | p | -| tst2.js:43:9:43:9 | p | -| tst2.js:43:9:43:9 | p | -| tst2.js:49:7:49:53 | unsafe | -| tst2.js:49:16:49:53 | seriali ... true}) | -| tst2.js:49:36:49:36 | p | -| tst2.js:51:12:51:17 | unsafe | -| tst2.js:51:12:51:17 | unsafe | -| tst2.js:57:7:57:24 | p | -| tst2.js:57:9:57:9 | p | -| tst2.js:57:9:57:9 | p | -| tst2.js:60:11:60:11 | p | -| tst2.js:63:12:63:12 | p | -| tst2.js:63:12:63:12 | p | -| tst2.js:64:12:64:18 | other.p | -| tst2.js:64:12:64:18 | other.p | -| tst2.js:69:7:69:24 | p | -| tst2.js:69:9:69:9 | p | -| tst2.js:69:9:69:9 | p | -| tst2.js:72:11:72:11 | p | -| tst2.js:75:12:75:12 | p | -| tst2.js:75:12:75:12 | p | -| tst2.js:76:12:76:18 | other.p | -| tst2.js:76:12:76:18 | other.p | -| tst2.js:82:7:82:24 | p | -| tst2.js:82:9:82:9 | p | -| tst2.js:82:9:82:9 | p | -| tst2.js:85:11:85:11 | p | -| tst2.js:88:12:88:12 | p | -| tst2.js:88:12:88:12 | p | -| tst2.js:89:12:89:18 | other.p | -| tst2.js:89:12:89:18 | other.p | -| tst3.js:5:7:5:24 | p | -| tst3.js:5:9:5:9 | p | -| tst3.js:5:9:5:9 | p | -| tst3.js:6:12:6:12 | p | -| tst3.js:6:12:6:12 | p | -| tst3.js:11:9:11:74 | code | -| tst3.js:11:16:11:74 | prettie ... bel" }) | -| tst3.js:11:32:11:39 | reg.body | -| tst3.js:11:32:11:39 | reg.body | -| tst3.js:12:12:12:15 | code | -| tst3.js:12:12:12:15 | code | edges -| ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | -| ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | -| ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | -| ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | -| ReflectedXss.js:17:31:17:39 | params.id | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | -| ReflectedXss.js:17:31:17:39 | params.id | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | -| ReflectedXss.js:17:31:17:39 | params.id | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | -| ReflectedXss.js:17:31:17:39 | params.id | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | -| ReflectedXss.js:22:12:22:19 | req.body | ReflectedXss.js:22:12:22:19 | req.body | -| ReflectedXss.js:23:19:23:26 | req.body | ReflectedXss.js:23:12:23:27 | marked(req.body) | -| ReflectedXss.js:23:19:23:26 | req.body | ReflectedXss.js:23:12:23:27 | marked(req.body) | -| ReflectedXss.js:23:19:23:26 | req.body | ReflectedXss.js:23:12:23:27 | marked(req.body) | -| ReflectedXss.js:23:19:23:26 | req.body | ReflectedXss.js:23:12:23:27 | marked(req.body) | -| ReflectedXss.js:29:12:29:19 | req.body | ReflectedXss.js:29:12:29:19 | req.body | -| ReflectedXss.js:30:7:33:4 | mytable | ReflectedXss.js:34:12:34:18 | mytable | -| ReflectedXss.js:30:7:33:4 | mytable | ReflectedXss.js:34:12:34:18 | mytable | -| ReflectedXss.js:30:17:33:4 | table([ ... y]\\n ]) | ReflectedXss.js:30:7:33:4 | mytable | -| ReflectedXss.js:30:23:33:3 | [\\n [ ... dy]\\n ] | ReflectedXss.js:30:17:33:4 | table([ ... y]\\n ]) | -| ReflectedXss.js:32:5:32:22 | ['body', req.body] | ReflectedXss.js:30:23:33:3 | [\\n [ ... dy]\\n ] | -| ReflectedXss.js:32:14:32:21 | req.body | ReflectedXss.js:32:5:32:22 | ['body', req.body] | -| ReflectedXss.js:32:14:32:21 | req.body | ReflectedXss.js:32:5:32:22 | ['body', req.body] | -| ReflectedXss.js:41:12:41:19 | req.body | ReflectedXss.js:41:12:41:19 | req.body | -| ReflectedXss.js:42:31:42:38 | req.body | ReflectedXss.js:42:12:42:39 | convert ... q.body) | -| ReflectedXss.js:42:31:42:38 | req.body | ReflectedXss.js:42:12:42:39 | convert ... q.body) | -| ReflectedXss.js:42:31:42:38 | req.body | ReflectedXss.js:42:12:42:39 | convert ... q.body) | -| ReflectedXss.js:42:31:42:38 | req.body | ReflectedXss.js:42:12:42:39 | convert ... q.body) | -| ReflectedXss.js:56:12:56:19 | req.body | ReflectedXss.js:56:12:56:19 | req.body | -| ReflectedXss.js:64:14:64:21 | req.body | ReflectedXss.js:64:39:64:42 | file | -| ReflectedXss.js:64:14:64:21 | req.body | ReflectedXss.js:64:39:64:42 | file | -| ReflectedXss.js:64:39:64:42 | file | ReflectedXss.js:65:16:65:19 | file | -| ReflectedXss.js:64:39:64:42 | file | ReflectedXss.js:65:16:65:19 | file | -| ReflectedXss.js:68:12:68:41 | remark( ... q.body) | ReflectedXss.js:68:12:68:52 | remark( ... tring() | -| ReflectedXss.js:68:12:68:41 | remark( ... q.body) | ReflectedXss.js:68:12:68:52 | remark( ... tring() | -| ReflectedXss.js:68:33:68:40 | req.body | ReflectedXss.js:68:12:68:41 | remark( ... q.body) | -| ReflectedXss.js:68:33:68:40 | req.body | ReflectedXss.js:68:12:68:41 | remark( ... q.body) | -| ReflectedXss.js:72:12:72:56 | unified ... q.body) | ReflectedXss.js:72:12:72:65 | unified ... oString | -| ReflectedXss.js:72:12:72:56 | unified ... q.body) | ReflectedXss.js:72:12:72:65 | unified ... oString | -| ReflectedXss.js:72:48:72:55 | req.body | ReflectedXss.js:72:12:72:56 | unified ... q.body) | -| ReflectedXss.js:72:48:72:55 | req.body | ReflectedXss.js:72:12:72:56 | unified ... q.body) | -| ReflectedXss.js:74:20:74:27 | req.body | ReflectedXss.js:74:34:74:34 | f | -| ReflectedXss.js:74:20:74:27 | req.body | ReflectedXss.js:74:34:74:34 | f | -| ReflectedXss.js:74:34:74:34 | f | ReflectedXss.js:75:14:75:14 | f | -| ReflectedXss.js:74:34:74:34 | f | ReflectedXss.js:75:14:75:14 | f | -| ReflectedXss.js:83:12:83:19 | req.body | ReflectedXss.js:83:12:83:19 | req.body | -| ReflectedXss.js:84:22:84:29 | req.body | ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | -| ReflectedXss.js:84:22:84:29 | req.body | ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | -| ReflectedXss.js:84:22:84:29 | req.body | ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | -| ReflectedXss.js:84:22:84:29 | req.body | ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | -| ReflectedXss.js:85:23:85:30 | req.body | ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | -| ReflectedXss.js:85:23:85:30 | req.body | ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | -| ReflectedXss.js:85:23:85:30 | req.body | ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | -| ReflectedXss.js:85:23:85:30 | req.body | ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | -| ReflectedXss.js:97:12:97:19 | req.body | ReflectedXss.js:97:12:97:19 | req.body | -| ReflectedXss.js:98:30:98:37 | req.body | ReflectedXss.js:98:12:98:38 | markdow ... q.body) | -| ReflectedXss.js:98:30:98:37 | req.body | ReflectedXss.js:98:12:98:38 | markdow ... q.body) | -| ReflectedXss.js:98:30:98:37 | req.body | ReflectedXss.js:98:12:98:38 | markdow ... q.body) | -| ReflectedXss.js:98:30:98:37 | req.body | ReflectedXss.js:98:12:98:38 | markdow ... q.body) | -| ReflectedXss.js:100:31:100:38 | req.body | ReflectedXss.js:100:12:100:39 | markdow ... q.body) | -| ReflectedXss.js:100:31:100:38 | req.body | ReflectedXss.js:100:12:100:39 | markdow ... q.body) | -| ReflectedXss.js:100:31:100:38 | req.body | ReflectedXss.js:100:12:100:39 | markdow ... q.body) | -| ReflectedXss.js:100:31:100:38 | req.body | ReflectedXss.js:100:12:100:39 | markdow ... q.body) | -| ReflectedXss.js:103:76:103:83 | req.body | ReflectedXss.js:103:12:103:84 | markdow ... q.body) | -| ReflectedXss.js:103:76:103:83 | req.body | ReflectedXss.js:103:12:103:84 | markdow ... q.body) | -| ReflectedXss.js:103:76:103:83 | req.body | ReflectedXss.js:103:12:103:84 | markdow ... q.body) | -| ReflectedXss.js:103:76:103:83 | req.body | ReflectedXss.js:103:12:103:84 | markdow ... q.body) | -| ReflectedXss.js:110:16:110:30 | request.query.p | ReflectedXss.js:110:16:110:30 | request.query.p | -| ReflectedXss.js:114:11:114:41 | queryKeys | ReflectedXss.js:116:18:116:26 | queryKeys | -| ReflectedXss.js:114:13:114:27 | keys: queryKeys | ReflectedXss.js:114:11:114:41 | queryKeys | -| ReflectedXss.js:114:13:114:27 | keys: queryKeys | ReflectedXss.js:114:11:114:41 | queryKeys | -| ReflectedXss.js:116:11:116:45 | keys | ReflectedXss.js:118:50:118:53 | keys | -| ReflectedXss.js:116:11:116:45 | keys | ReflectedXss.js:118:58:118:61 | keys | -| ReflectedXss.js:116:18:116:26 | queryKeys | ReflectedXss.js:116:18:116:45 | queryKe ... s?.keys | -| ReflectedXss.js:116:18:116:45 | queryKe ... s?.keys | ReflectedXss.js:116:11:116:45 | keys | -| ReflectedXss.js:116:31:116:45 | paramKeys?.keys | ReflectedXss.js:116:18:116:45 | queryKe ... s?.keys | -| ReflectedXss.js:116:31:116:45 | paramKeys?.keys | ReflectedXss.js:116:18:116:45 | queryKe ... s?.keys | -| ReflectedXss.js:118:11:118:61 | keyArray | ReflectedXss.js:119:25:119:32 | keyArray | -| ReflectedXss.js:118:22:118:61 | typeof ... : keys | ReflectedXss.js:118:11:118:61 | keyArray | -| ReflectedXss.js:118:49:118:54 | [keys] | ReflectedXss.js:118:22:118:61 | typeof ... : keys | -| ReflectedXss.js:118:50:118:53 | keys | ReflectedXss.js:118:49:118:54 | [keys] | -| ReflectedXss.js:118:58:118:61 | keys | ReflectedXss.js:118:22:118:61 | typeof ... : keys | -| ReflectedXss.js:119:11:119:72 | invalidKeys | ReflectedXss.js:122:33:122:43 | invalidKeys | -| ReflectedXss.js:119:25:119:32 | keyArray | ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) | -| ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) | ReflectedXss.js:119:11:119:72 | invalidKeys | -| ReflectedXss.js:122:33:122:43 | invalidKeys | ReflectedXss.js:122:33:122:54 | invalid ... n(', ') | -| ReflectedXss.js:122:33:122:54 | invalid ... n(', ') | ReflectedXss.js:122:30:122:73 | `${inva ... telist` | -| ReflectedXss.js:122:33:122:54 | invalid ... n(', ') | ReflectedXss.js:122:30:122:73 | `${inva ... telist` | -| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id | -| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id | -| ReflectedXssGood3.js:135:9:135:27 | url | ReflectedXssGood3.js:139:24:139:26 | url | -| ReflectedXssGood3.js:135:15:135:27 | req.params.id | ReflectedXssGood3.js:135:9:135:27 | url | -| ReflectedXssGood3.js:135:15:135:27 | req.params.id | ReflectedXssGood3.js:135:9:135:27 | url | -| ReflectedXssGood3.js:139:24:139:26 | url | ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) | -| ReflectedXssGood3.js:139:24:139:26 | url | ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) | -| etherpad.js:9:5:9:53 | response | etherpad.js:11:12:11:19 | response | -| etherpad.js:9:5:9:53 | response | etherpad.js:11:12:11:19 | response | -| etherpad.js:9:16:9:30 | req.query.jsonp | etherpad.js:9:16:9:53 | req.que ... e + ")" | -| etherpad.js:9:16:9:30 | req.query.jsonp | etherpad.js:9:16:9:53 | req.que ... e + ")" | -| etherpad.js:9:16:9:53 | req.que ... e + ")" | etherpad.js:9:5:9:53 | response | -| formatting.js:4:9:4:29 | evil | formatting.js:6:43:6:46 | evil | -| formatting.js:4:9:4:29 | evil | formatting.js:7:49:7:52 | evil | -| formatting.js:4:16:4:29 | req.query.evil | formatting.js:4:9:4:29 | evil | -| formatting.js:4:16:4:29 | req.query.evil | formatting.js:4:9:4:29 | evil | -| formatting.js:6:43:6:46 | evil | formatting.js:6:14:6:47 | util.fo ... , evil) | -| formatting.js:6:43:6:46 | evil | formatting.js:6:14:6:47 | util.fo ... , evil) | -| formatting.js:7:49:7:52 | evil | formatting.js:7:14:7:53 | require ... , evil) | -| formatting.js:7:49:7:52 | evil | formatting.js:7:14:7:53 | require ... , evil) | -| live-server.js:4:11:4:27 | tainted | live-server.js:6:28:6:34 | tainted | -| live-server.js:4:21:4:27 | req.url | live-server.js:4:11:4:27 | tainted | -| live-server.js:4:21:4:27 | req.url | live-server.js:4:11:4:27 | tainted | -| live-server.js:6:28:6:34 | tainted | live-server.js:6:13:6:50 | ` ... /html>` | -| live-server.js:6:28:6:34 | tainted | live-server.js:6:13:6:50 | ` ... /html>` | -| live-server.js:10:11:10:27 | tainted | live-server.js:12:28:12:34 | tainted | -| live-server.js:10:21:10:27 | req.url | live-server.js:10:11:10:27 | tainted | -| live-server.js:10:21:10:27 | req.url | live-server.js:10:11:10:27 | tainted | -| live-server.js:12:28:12:34 | tainted | live-server.js:12:13:12:50 | ` ... /html>` | -| live-server.js:12:28:12:34 | tainted | live-server.js:12:13:12:50 | ` ... /html>` | -| pages/Next.jsx:8:13:8:19 | req.url | pages/Next.jsx:8:13:8:19 | req.url | -| pages/Next.jsx:15:13:15:19 | req.url | pages/Next.jsx:15:13:15:19 | req.url | -| pages/api/myapi.js:2:14:2:20 | req.url | pages/api/myapi.js:2:14:2:20 | req.url | -| partial.js:9:25:9:25 | x | partial.js:10:14:10:14 | x | -| partial.js:10:14:10:14 | x | partial.js:10:14:10:18 | x + y | -| partial.js:10:14:10:14 | x | partial.js:10:14:10:18 | x + y | -| partial.js:13:42:13:48 | req.url | partial.js:9:25:9:25 | x | -| partial.js:13:42:13:48 | req.url | partial.js:9:25:9:25 | x | -| partial.js:18:25:18:25 | x | partial.js:19:14:19:14 | x | -| partial.js:19:14:19:14 | x | partial.js:19:14:19:18 | x + y | -| partial.js:19:14:19:14 | x | partial.js:19:14:19:18 | x + y | -| partial.js:22:51:22:57 | req.url | partial.js:18:25:18:25 | x | -| partial.js:22:51:22:57 | req.url | partial.js:18:25:18:25 | x | -| partial.js:27:25:27:25 | x | partial.js:28:14:28:14 | x | -| partial.js:28:14:28:14 | x | partial.js:28:14:28:18 | x + y | -| partial.js:28:14:28:14 | x | partial.js:28:14:28:18 | x + y | -| partial.js:31:47:31:53 | req.url | partial.js:27:25:27:25 | x | -| partial.js:31:47:31:53 | req.url | partial.js:27:25:27:25 | x | -| partial.js:36:25:36:25 | x | partial.js:37:14:37:14 | x | -| partial.js:37:14:37:14 | x | partial.js:37:14:37:18 | x + y | -| partial.js:37:14:37:14 | x | partial.js:37:14:37:18 | x + y | -| partial.js:40:43:40:49 | req.url | partial.js:36:25:36:25 | x | -| partial.js:40:43:40:49 | req.url | partial.js:36:25:36:25 | x | -| promises.js:5:3:5:59 | new Pro ... .data)) | promises.js:6:11:6:11 | x | -| promises.js:5:44:5:57 | req.query.data | promises.js:5:3:5:59 | new Pro ... .data)) | -| promises.js:5:44:5:57 | req.query.data | promises.js:5:3:5:59 | new Pro ... .data)) | -| promises.js:5:44:5:57 | req.query.data | promises.js:6:11:6:11 | x | -| promises.js:5:44:5:57 | req.query.data | promises.js:6:11:6:11 | x | -| promises.js:6:11:6:11 | x | promises.js:6:25:6:25 | x | -| promises.js:6:11:6:11 | x | promises.js:6:25:6:25 | x | -| tst2.js:6:7:6:30 | p | tst2.js:7:12:7:12 | p | -| tst2.js:6:7:6:30 | p | tst2.js:7:12:7:12 | p | -| tst2.js:6:7:6:30 | r | tst2.js:8:12:8:12 | r | -| tst2.js:6:7:6:30 | r | tst2.js:8:12:8:12 | r | -| tst2.js:6:9:6:9 | p | tst2.js:6:7:6:30 | p | -| tst2.js:6:9:6:9 | p | tst2.js:6:7:6:30 | p | -| tst2.js:6:12:6:15 | q: r | tst2.js:6:7:6:30 | r | -| tst2.js:6:12:6:15 | q: r | tst2.js:6:7:6:30 | r | -| tst2.js:14:7:14:24 | p | tst2.js:18:12:18:12 | p | -| tst2.js:14:7:14:24 | p | tst2.js:18:12:18:12 | p | -| tst2.js:14:7:14:24 | p | tst2.js:21:14:21:14 | p | -| tst2.js:14:7:14:24 | p | tst2.js:21:14:21:14 | p | -| tst2.js:14:9:14:9 | p | tst2.js:14:7:14:24 | p | -| tst2.js:14:9:14:9 | p | tst2.js:14:7:14:24 | p | -| tst2.js:30:7:30:24 | p | tst2.js:33:11:33:11 | p | -| tst2.js:30:7:30:24 | p | tst2.js:36:12:36:12 | p | -| tst2.js:30:7:30:24 | p | tst2.js:36:12:36:12 | p | -| tst2.js:30:9:30:9 | p | tst2.js:30:7:30:24 | p | -| tst2.js:30:9:30:9 | p | tst2.js:30:7:30:24 | p | -| tst2.js:33:11:33:11 | p | tst2.js:37:12:37:18 | other.p | -| tst2.js:33:11:33:11 | p | tst2.js:37:12:37:18 | other.p | -| tst2.js:43:7:43:24 | p | tst2.js:49:36:49:36 | p | -| tst2.js:43:9:43:9 | p | tst2.js:43:7:43:24 | p | -| tst2.js:43:9:43:9 | p | tst2.js:43:7:43:24 | p | -| tst2.js:49:7:49:53 | unsafe | tst2.js:51:12:51:17 | unsafe | -| tst2.js:49:7:49:53 | unsafe | tst2.js:51:12:51:17 | unsafe | -| tst2.js:49:16:49:53 | seriali ... true}) | tst2.js:49:7:49:53 | unsafe | -| tst2.js:49:36:49:36 | p | tst2.js:49:16:49:53 | seriali ... true}) | -| tst2.js:57:7:57:24 | p | tst2.js:60:11:60:11 | p | -| tst2.js:57:7:57:24 | p | tst2.js:63:12:63:12 | p | -| tst2.js:57:7:57:24 | p | tst2.js:63:12:63:12 | p | -| tst2.js:57:9:57:9 | p | tst2.js:57:7:57:24 | p | -| tst2.js:57:9:57:9 | p | tst2.js:57:7:57:24 | p | -| tst2.js:60:11:60:11 | p | tst2.js:64:12:64:18 | other.p | -| tst2.js:60:11:60:11 | p | tst2.js:64:12:64:18 | other.p | -| tst2.js:69:7:69:24 | p | tst2.js:72:11:72:11 | p | -| tst2.js:69:7:69:24 | p | tst2.js:75:12:75:12 | p | -| tst2.js:69:7:69:24 | p | tst2.js:75:12:75:12 | p | -| tst2.js:69:9:69:9 | p | tst2.js:69:7:69:24 | p | -| tst2.js:69:9:69:9 | p | tst2.js:69:7:69:24 | p | -| tst2.js:72:11:72:11 | p | tst2.js:76:12:76:18 | other.p | -| tst2.js:72:11:72:11 | p | tst2.js:76:12:76:18 | other.p | -| tst2.js:82:7:82:24 | p | tst2.js:85:11:85:11 | p | -| tst2.js:82:7:82:24 | p | tst2.js:88:12:88:12 | p | -| tst2.js:82:7:82:24 | p | tst2.js:88:12:88:12 | p | -| tst2.js:82:9:82:9 | p | tst2.js:82:7:82:24 | p | -| tst2.js:82:9:82:9 | p | tst2.js:82:7:82:24 | p | -| tst2.js:85:11:85:11 | p | tst2.js:89:12:89:18 | other.p | -| tst2.js:85:11:85:11 | p | tst2.js:89:12:89:18 | other.p | -| tst3.js:5:7:5:24 | p | tst3.js:6:12:6:12 | p | -| tst3.js:5:7:5:24 | p | tst3.js:6:12:6:12 | p | -| tst3.js:5:9:5:9 | p | tst3.js:5:7:5:24 | p | -| tst3.js:5:9:5:9 | p | tst3.js:5:7:5:24 | p | -| tst3.js:11:9:11:74 | code | tst3.js:12:12:12:15 | code | -| tst3.js:11:9:11:74 | code | tst3.js:12:12:12:15 | code | -| tst3.js:11:16:11:74 | prettie ... bel" }) | tst3.js:11:9:11:74 | code | -| tst3.js:11:32:11:39 | reg.body | tst3.js:11:16:11:74 | prettie ... bel" }) | -| tst3.js:11:32:11:39 | reg.body | tst3.js:11:16:11:74 | prettie ... bel" }) | +| ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | provenance | | +| ReflectedXss.js:17:31:17:39 | params.id | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | provenance | | +| ReflectedXss.js:23:19:23:26 | req.body | ReflectedXss.js:23:12:23:27 | marked(req.body) | provenance | | +| ReflectedXss.js:30:7:33:4 | mytable | ReflectedXss.js:34:12:34:18 | mytable | provenance | | +| ReflectedXss.js:30:17:33:4 | table([ ... y]\\n ]) | ReflectedXss.js:30:7:33:4 | mytable | provenance | | +| ReflectedXss.js:32:14:32:21 | req.body | ReflectedXss.js:30:17:33:4 | table([ ... y]\\n ]) | provenance | | +| ReflectedXss.js:42:31:42:38 | req.body | ReflectedXss.js:42:12:42:39 | convert ... q.body) | provenance | | +| ReflectedXss.js:64:14:64:21 | req.body | ReflectedXss.js:64:39:64:42 | file | provenance | | +| ReflectedXss.js:64:39:64:42 | file | ReflectedXss.js:65:16:65:19 | file | provenance | | +| ReflectedXss.js:68:12:68:41 | remark( ... q.body) | ReflectedXss.js:68:12:68:52 | remark( ... tring() | provenance | | +| ReflectedXss.js:68:33:68:40 | req.body | ReflectedXss.js:68:12:68:41 | remark( ... q.body) | provenance | | +| ReflectedXss.js:72:12:72:56 | unified ... q.body) | ReflectedXss.js:72:12:72:65 | unified ... oString | provenance | | +| ReflectedXss.js:72:48:72:55 | req.body | ReflectedXss.js:72:12:72:56 | unified ... q.body) | provenance | | +| ReflectedXss.js:74:20:74:27 | req.body | ReflectedXss.js:74:34:74:34 | f | provenance | | +| ReflectedXss.js:74:34:74:34 | f | ReflectedXss.js:75:14:75:14 | f | provenance | | +| ReflectedXss.js:84:22:84:29 | req.body | ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | provenance | | +| ReflectedXss.js:85:23:85:30 | req.body | ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | provenance | | +| ReflectedXss.js:98:30:98:37 | req.body | ReflectedXss.js:98:12:98:38 | markdow ... q.body) | provenance | | +| ReflectedXss.js:100:31:100:38 | req.body | ReflectedXss.js:100:12:100:39 | markdow ... q.body) | provenance | | +| ReflectedXss.js:103:76:103:83 | req.body | ReflectedXss.js:103:12:103:84 | markdow ... q.body) | provenance | | +| ReflectedXss.js:114:11:114:41 | queryKeys | ReflectedXss.js:116:18:116:26 | queryKeys | provenance | | +| ReflectedXss.js:114:13:114:27 | keys: queryKeys | ReflectedXss.js:114:11:114:41 | queryKeys | provenance | | +| ReflectedXss.js:116:11:116:45 | keys | ReflectedXss.js:118:50:118:53 | keys | provenance | | +| ReflectedXss.js:116:11:116:45 | keys | ReflectedXss.js:118:58:118:61 | keys | provenance | | +| ReflectedXss.js:116:18:116:26 | queryKeys | ReflectedXss.js:116:11:116:45 | keys | provenance | | +| ReflectedXss.js:116:31:116:45 | paramKeys?.keys | ReflectedXss.js:116:11:116:45 | keys | provenance | | +| ReflectedXss.js:118:11:118:61 | keyArray | ReflectedXss.js:119:25:119:32 | keyArray | provenance | | +| ReflectedXss.js:118:50:118:53 | keys | ReflectedXss.js:118:11:118:61 | keyArray | provenance | | +| ReflectedXss.js:118:58:118:61 | keys | ReflectedXss.js:118:11:118:61 | keyArray | provenance | | +| ReflectedXss.js:119:11:119:72 | invalidKeys | ReflectedXss.js:122:33:122:43 | invalidKeys | provenance | | +| ReflectedXss.js:119:25:119:32 | keyArray | ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) | provenance | | +| ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) | ReflectedXss.js:119:11:119:72 | invalidKeys | provenance | | +| ReflectedXss.js:122:33:122:43 | invalidKeys | ReflectedXss.js:122:33:122:54 | invalid ... n(', ') | provenance | | +| ReflectedXss.js:122:33:122:54 | invalid ... n(', ') | ReflectedXss.js:122:30:122:73 | `${inva ... telist` | provenance | | +| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | provenance | | +| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | provenance | | +| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | provenance | | +| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id | provenance | | +| ReflectedXssGood3.js:68:22:68:26 | value | ReflectedXssGood3.js:77:16:77:20 | value | provenance | | +| ReflectedXssGood3.js:68:22:68:26 | value | ReflectedXssGood3.js:105:18:105:22 | value | provenance | | +| ReflectedXssGood3.js:77:7:77:37 | parts | ReflectedXssGood3.js:108:10:108:14 | parts | provenance | | +| ReflectedXssGood3.js:77:16:77:20 | value | ReflectedXssGood3.js:77:16:77:36 | value.s ... g(0, i) | provenance | | +| ReflectedXssGood3.js:77:16:77:36 | value.s ... g(0, i) | ReflectedXssGood3.js:77:7:77:37 | parts | provenance | | +| ReflectedXssGood3.js:77:16:77:36 | value.s ... g(0, i) | ReflectedXssGood3.js:108:10:108:23 | parts.join('') | provenance | | +| ReflectedXssGood3.js:105:7:105:11 | [post update] parts | ReflectedXssGood3.js:77:7:77:37 | parts | provenance | | +| ReflectedXssGood3.js:105:7:105:11 | [post update] parts | ReflectedXssGood3.js:108:10:108:23 | parts.join('') | provenance | | +| ReflectedXssGood3.js:105:18:105:22 | value | ReflectedXssGood3.js:105:18:105:38 | value.s ... g(j, i) | provenance | | +| ReflectedXssGood3.js:105:18:105:38 | value.s ... g(j, i) | ReflectedXssGood3.js:105:7:105:11 | [post update] parts | provenance | | +| ReflectedXssGood3.js:108:10:108:14 | parts | ReflectedXssGood3.js:108:10:108:23 | parts.join('') | provenance | | +| ReflectedXssGood3.js:135:9:135:27 | url | ReflectedXssGood3.js:139:24:139:26 | url | provenance | | +| ReflectedXssGood3.js:135:15:135:27 | req.params.id | ReflectedXssGood3.js:135:9:135:27 | url | provenance | | +| ReflectedXssGood3.js:139:24:139:26 | url | ReflectedXssGood3.js:68:22:68:26 | value | provenance | | +| ReflectedXssGood3.js:139:24:139:26 | url | ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) | provenance | | +| etherpad.js:9:5:9:53 | response | etherpad.js:11:12:11:19 | response | provenance | | +| etherpad.js:9:16:9:30 | req.query.jsonp | etherpad.js:9:5:9:53 | response | provenance | | +| formatting.js:4:9:4:29 | evil | formatting.js:6:43:6:46 | evil | provenance | | +| formatting.js:4:9:4:29 | evil | formatting.js:7:49:7:52 | evil | provenance | | +| formatting.js:4:16:4:29 | req.query.evil | formatting.js:4:9:4:29 | evil | provenance | | +| formatting.js:6:43:6:46 | evil | formatting.js:6:14:6:47 | util.fo ... , evil) | provenance | | +| formatting.js:7:49:7:52 | evil | formatting.js:7:14:7:53 | require ... , evil) | provenance | | +| live-server.js:4:11:4:27 | tainted | live-server.js:6:28:6:34 | tainted | provenance | | +| live-server.js:4:21:4:27 | req.url | live-server.js:4:11:4:27 | tainted | provenance | | +| live-server.js:6:28:6:34 | tainted | live-server.js:6:13:6:50 | ` ... /html>` | provenance | | +| live-server.js:10:11:10:27 | tainted | live-server.js:12:28:12:34 | tainted | provenance | | +| live-server.js:10:21:10:27 | req.url | live-server.js:10:11:10:27 | tainted | provenance | | +| live-server.js:12:28:12:34 | tainted | live-server.js:12:13:12:50 | ` ... /html>` | provenance | | +| partial.js:9:25:9:25 | x | partial.js:10:14:10:14 | x | provenance | | +| partial.js:10:14:10:14 | x | partial.js:10:14:10:18 | x + y | provenance | | +| partial.js:13:42:13:48 | req.url | partial.js:9:25:9:25 | x | provenance | | +| partial.js:18:25:18:25 | x | partial.js:19:14:19:14 | x | provenance | | +| partial.js:19:14:19:14 | x | partial.js:19:14:19:18 | x + y | provenance | | +| partial.js:22:51:22:57 | req.url | partial.js:18:25:18:25 | x | provenance | | +| partial.js:27:25:27:25 | x | partial.js:28:14:28:14 | x | provenance | | +| partial.js:28:14:28:14 | x | partial.js:28:14:28:18 | x + y | provenance | | +| partial.js:31:47:31:53 | req.url | partial.js:27:25:27:25 | x | provenance | | +| partial.js:36:25:36:25 | x | partial.js:37:14:37:14 | x | provenance | | +| partial.js:37:14:37:14 | x | partial.js:37:14:37:18 | x + y | provenance | | +| partial.js:40:43:40:49 | req.url | partial.js:36:25:36:25 | x | provenance | | +| promises.js:5:3:5:59 | new Pro ... .data)) [PromiseValue] | promises.js:6:11:6:11 | x | provenance | | +| promises.js:5:16:5:22 | resolve [Return] [resolve-value] | promises.js:5:3:5:59 | new Pro ... .data)) [PromiseValue] | provenance | | +| promises.js:5:36:5:42 | [post update] resolve [resolve-value] | promises.js:5:16:5:22 | resolve [Return] [resolve-value] | provenance | | +| promises.js:5:44:5:57 | req.query.data | promises.js:5:36:5:42 | [post update] resolve [resolve-value] | provenance | | +| promises.js:6:11:6:11 | x | promises.js:6:25:6:25 | x | provenance | | +| tst2.js:6:7:6:30 | p | tst2.js:7:12:7:12 | p | provenance | | +| tst2.js:6:7:6:30 | r | tst2.js:8:12:8:12 | r | provenance | | +| tst2.js:6:9:6:9 | p | tst2.js:6:7:6:30 | p | provenance | | +| tst2.js:6:12:6:15 | q: r | tst2.js:6:7:6:30 | r | provenance | | +| tst2.js:14:7:14:24 | p | tst2.js:18:12:18:12 | p | provenance | | +| tst2.js:14:7:14:24 | p | tst2.js:21:14:21:14 | p | provenance | | +| tst2.js:14:9:14:9 | p | tst2.js:14:7:14:24 | p | provenance | | +| tst2.js:30:7:30:24 | p | tst2.js:33:11:33:11 | p | provenance | | +| tst2.js:30:7:30:24 | p | tst2.js:36:12:36:12 | p | provenance | | +| tst2.js:30:9:30:9 | p | tst2.js:30:7:30:24 | p | provenance | | +| tst2.js:32:7:32:14 | obj [p] | tst2.js:34:21:34:23 | obj [p] | provenance | | +| tst2.js:33:3:33:5 | [post update] obj [p] | tst2.js:32:7:32:14 | obj [p] | provenance | | +| tst2.js:33:11:33:11 | p | tst2.js:33:3:33:5 | [post update] obj [p] | provenance | | +| tst2.js:34:7:34:24 | other [p] | tst2.js:37:12:37:16 | other [p] | provenance | | +| tst2.js:34:15:34:24 | clone(obj) [p] | tst2.js:34:7:34:24 | other [p] | provenance | | +| tst2.js:34:21:34:23 | obj [p] | tst2.js:34:15:34:24 | clone(obj) [p] | provenance | | +| tst2.js:37:12:37:16 | other [p] | tst2.js:37:12:37:18 | other.p | provenance | | +| tst2.js:43:7:43:24 | p | tst2.js:49:36:49:36 | p | provenance | | +| tst2.js:43:9:43:9 | p | tst2.js:43:7:43:24 | p | provenance | | +| tst2.js:49:7:49:53 | unsafe | tst2.js:51:12:51:17 | unsafe | provenance | | +| tst2.js:49:16:49:53 | seriali ... true}) | tst2.js:49:7:49:53 | unsafe | provenance | | +| tst2.js:49:36:49:36 | p | tst2.js:49:16:49:53 | seriali ... true}) | provenance | | +| tst2.js:57:7:57:24 | p | tst2.js:60:11:60:11 | p | provenance | | +| tst2.js:57:7:57:24 | p | tst2.js:63:12:63:12 | p | provenance | | +| tst2.js:57:9:57:9 | p | tst2.js:57:7:57:24 | p | provenance | | +| tst2.js:59:7:59:14 | obj [p] | tst2.js:61:22:61:24 | obj [p] | provenance | | +| tst2.js:60:3:60:5 | [post update] obj [p] | tst2.js:59:7:59:14 | obj [p] | provenance | | +| tst2.js:60:11:60:11 | p | tst2.js:60:3:60:5 | [post update] obj [p] | provenance | | +| tst2.js:61:7:61:25 | other [p] | tst2.js:64:12:64:16 | other [p] | provenance | | +| tst2.js:61:15:61:25 | fclone(obj) [p] | tst2.js:61:7:61:25 | other [p] | provenance | | +| tst2.js:61:22:61:24 | obj [p] | tst2.js:61:15:61:25 | fclone(obj) [p] | provenance | | +| tst2.js:64:12:64:16 | other [p] | tst2.js:64:12:64:18 | other.p | provenance | | +| tst2.js:69:7:69:24 | p | tst2.js:72:11:72:11 | p | provenance | | +| tst2.js:69:7:69:24 | p | tst2.js:75:12:75:12 | p | provenance | | +| tst2.js:69:9:69:9 | p | tst2.js:69:7:69:24 | p | provenance | | +| tst2.js:71:7:71:14 | obj [p] | tst2.js:73:40:73:42 | obj [p] | provenance | | +| tst2.js:72:3:72:5 | [post update] obj [p] | tst2.js:71:7:71:14 | obj [p] | provenance | | +| tst2.js:72:11:72:11 | p | tst2.js:72:3:72:5 | [post update] obj [p] | provenance | | +| tst2.js:73:7:73:44 | other [p] | tst2.js:76:12:76:16 | other [p] | provenance | | +| tst2.js:73:15:73:44 | jc.retr ... e(obj)) [p] | tst2.js:73:7:73:44 | other [p] | provenance | | +| tst2.js:73:29:73:43 | jc.decycle(obj) [p] | tst2.js:73:15:73:44 | jc.retr ... e(obj)) [p] | provenance | | +| tst2.js:73:40:73:42 | obj [p] | tst2.js:73:29:73:43 | jc.decycle(obj) [p] | provenance | | +| tst2.js:76:12:76:16 | other [p] | tst2.js:76:12:76:18 | other.p | provenance | | +| tst2.js:82:7:82:24 | p | tst2.js:85:11:85:11 | p | provenance | | +| tst2.js:82:7:82:24 | p | tst2.js:88:12:88:12 | p | provenance | | +| tst2.js:82:9:82:9 | p | tst2.js:82:7:82:24 | p | provenance | | +| tst2.js:84:7:84:14 | obj [p] | tst2.js:86:24:86:26 | obj [p] | provenance | | +| tst2.js:85:3:85:5 | [post update] obj [p] | tst2.js:84:7:84:14 | obj [p] | provenance | | +| tst2.js:85:11:85:11 | p | tst2.js:85:3:85:5 | [post update] obj [p] | provenance | | +| tst2.js:86:7:86:27 | other [p] | tst2.js:89:12:89:16 | other [p] | provenance | | +| tst2.js:86:15:86:27 | sortKeys(obj) [p] | tst2.js:86:7:86:27 | other [p] | provenance | | +| tst2.js:86:24:86:26 | obj [p] | tst2.js:86:15:86:27 | sortKeys(obj) [p] | provenance | | +| tst2.js:89:12:89:16 | other [p] | tst2.js:89:12:89:18 | other.p | provenance | | +| tst3.js:5:7:5:24 | p | tst3.js:6:12:6:12 | p | provenance | | +| tst3.js:5:9:5:9 | p | tst3.js:5:7:5:24 | p | provenance | | +| tst3.js:11:9:11:74 | code | tst3.js:12:12:12:15 | code | provenance | | +| tst3.js:11:16:11:74 | prettie ... bel" }) | tst3.js:11:9:11:74 | code | provenance | | +| tst3.js:11:32:11:39 | reg.body | tst3.js:11:16:11:74 | prettie ... bel" }) | provenance | | +nodes +| ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | semmle.label | "Unknow ... rams.id | +| ReflectedXss.js:8:33:8:45 | req.params.id | semmle.label | req.params.id | +| ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | semmle.label | "Unknow ... rams.id | +| ReflectedXss.js:17:31:17:39 | params.id | semmle.label | params.id | +| ReflectedXss.js:22:12:22:19 | req.body | semmle.label | req.body | +| ReflectedXss.js:23:12:23:27 | marked(req.body) | semmle.label | marked(req.body) | +| ReflectedXss.js:23:19:23:26 | req.body | semmle.label | req.body | +| ReflectedXss.js:29:12:29:19 | req.body | semmle.label | req.body | +| ReflectedXss.js:30:7:33:4 | mytable | semmle.label | mytable | +| ReflectedXss.js:30:17:33:4 | table([ ... y]\\n ]) | semmle.label | table([ ... y]\\n ]) | +| ReflectedXss.js:32:14:32:21 | req.body | semmle.label | req.body | +| ReflectedXss.js:34:12:34:18 | mytable | semmle.label | mytable | +| ReflectedXss.js:41:12:41:19 | req.body | semmle.label | req.body | +| ReflectedXss.js:42:12:42:39 | convert ... q.body) | semmle.label | convert ... q.body) | +| ReflectedXss.js:42:31:42:38 | req.body | semmle.label | req.body | +| ReflectedXss.js:56:12:56:19 | req.body | semmle.label | req.body | +| ReflectedXss.js:64:14:64:21 | req.body | semmle.label | req.body | +| ReflectedXss.js:64:39:64:42 | file | semmle.label | file | +| ReflectedXss.js:65:16:65:19 | file | semmle.label | file | +| ReflectedXss.js:68:12:68:41 | remark( ... q.body) | semmle.label | remark( ... q.body) | +| ReflectedXss.js:68:12:68:52 | remark( ... tring() | semmle.label | remark( ... tring() | +| ReflectedXss.js:68:33:68:40 | req.body | semmle.label | req.body | +| ReflectedXss.js:72:12:72:56 | unified ... q.body) | semmle.label | unified ... q.body) | +| ReflectedXss.js:72:12:72:65 | unified ... oString | semmle.label | unified ... oString | +| ReflectedXss.js:72:48:72:55 | req.body | semmle.label | req.body | +| ReflectedXss.js:74:20:74:27 | req.body | semmle.label | req.body | +| ReflectedXss.js:74:34:74:34 | f | semmle.label | f | +| ReflectedXss.js:75:14:75:14 | f | semmle.label | f | +| ReflectedXss.js:83:12:83:19 | req.body | semmle.label | req.body | +| ReflectedXss.js:84:12:84:30 | snarkdown(req.body) | semmle.label | snarkdown(req.body) | +| ReflectedXss.js:84:22:84:29 | req.body | semmle.label | req.body | +| ReflectedXss.js:85:12:85:31 | snarkdown2(req.body) | semmle.label | snarkdown2(req.body) | +| ReflectedXss.js:85:23:85:30 | req.body | semmle.label | req.body | +| ReflectedXss.js:97:12:97:19 | req.body | semmle.label | req.body | +| ReflectedXss.js:98:12:98:38 | markdow ... q.body) | semmle.label | markdow ... q.body) | +| ReflectedXss.js:98:30:98:37 | req.body | semmle.label | req.body | +| ReflectedXss.js:100:12:100:39 | markdow ... q.body) | semmle.label | markdow ... q.body) | +| ReflectedXss.js:100:31:100:38 | req.body | semmle.label | req.body | +| ReflectedXss.js:103:12:103:84 | markdow ... q.body) | semmle.label | markdow ... q.body) | +| ReflectedXss.js:103:76:103:83 | req.body | semmle.label | req.body | +| ReflectedXss.js:110:16:110:30 | request.query.p | semmle.label | request.query.p | +| ReflectedXss.js:114:11:114:41 | queryKeys | semmle.label | queryKeys | +| ReflectedXss.js:114:13:114:27 | keys: queryKeys | semmle.label | keys: queryKeys | +| ReflectedXss.js:116:11:116:45 | keys | semmle.label | keys | +| ReflectedXss.js:116:18:116:26 | queryKeys | semmle.label | queryKeys | +| ReflectedXss.js:116:31:116:45 | paramKeys?.keys | semmle.label | paramKeys?.keys | +| ReflectedXss.js:118:11:118:61 | keyArray | semmle.label | keyArray | +| ReflectedXss.js:118:50:118:53 | keys | semmle.label | keys | +| ReflectedXss.js:118:58:118:61 | keys | semmle.label | keys | +| ReflectedXss.js:119:11:119:72 | invalidKeys | semmle.label | invalidKeys | +| ReflectedXss.js:119:25:119:32 | keyArray | semmle.label | keyArray | +| ReflectedXss.js:119:25:119:72 | keyArra ... s(key)) | semmle.label | keyArra ... s(key)) | +| ReflectedXss.js:122:30:122:73 | `${inva ... telist` | semmle.label | `${inva ... telist` | +| ReflectedXss.js:122:33:122:43 | invalidKeys | semmle.label | invalidKeys | +| ReflectedXss.js:122:33:122:54 | invalid ... n(', ') | semmle.label | invalid ... n(', ') | +| ReflectedXssContentTypes.js:10:14:10:36 | "FOO: " ... rams.id | semmle.label | "FOO: " ... rams.id | +| ReflectedXssContentTypes.js:10:24:10:36 | req.params.id | semmle.label | req.params.id | +| ReflectedXssContentTypes.js:20:14:20:36 | "FOO: " ... rams.id | semmle.label | "FOO: " ... rams.id | +| ReflectedXssContentTypes.js:20:24:20:36 | req.params.id | semmle.label | req.params.id | +| ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | semmle.label | "FOO: " ... rams.id | +| ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | semmle.label | req.params.id | +| ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id | semmle.label | "FOO: " ... rams.id | +| ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | semmle.label | req.params.id | +| ReflectedXssGood3.js:68:22:68:26 | value | semmle.label | value | +| ReflectedXssGood3.js:77:7:77:37 | parts | semmle.label | parts | +| ReflectedXssGood3.js:77:16:77:20 | value | semmle.label | value | +| ReflectedXssGood3.js:77:16:77:36 | value.s ... g(0, i) | semmle.label | value.s ... g(0, i) | +| ReflectedXssGood3.js:105:7:105:11 | [post update] parts | semmle.label | [post update] parts | +| ReflectedXssGood3.js:105:18:105:22 | value | semmle.label | value | +| ReflectedXssGood3.js:105:18:105:38 | value.s ... g(j, i) | semmle.label | value.s ... g(j, i) | +| ReflectedXssGood3.js:108:10:108:14 | parts | semmle.label | parts | +| ReflectedXssGood3.js:108:10:108:23 | parts.join('') | semmle.label | parts.join('') | +| ReflectedXssGood3.js:135:9:135:27 | url | semmle.label | url | +| ReflectedXssGood3.js:135:15:135:27 | req.params.id | semmle.label | req.params.id | +| ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) | semmle.label | escapeHtml3(url) | +| ReflectedXssGood3.js:139:24:139:26 | url | semmle.label | url | +| etherpad.js:9:5:9:53 | response | semmle.label | response | +| etherpad.js:9:16:9:30 | req.query.jsonp | semmle.label | req.query.jsonp | +| etherpad.js:11:12:11:19 | response | semmle.label | response | +| formatting.js:4:9:4:29 | evil | semmle.label | evil | +| formatting.js:4:16:4:29 | req.query.evil | semmle.label | req.query.evil | +| formatting.js:6:14:6:47 | util.fo ... , evil) | semmle.label | util.fo ... , evil) | +| formatting.js:6:43:6:46 | evil | semmle.label | evil | +| formatting.js:7:14:7:53 | require ... , evil) | semmle.label | require ... , evil) | +| formatting.js:7:49:7:52 | evil | semmle.label | evil | +| live-server.js:4:11:4:27 | tainted | semmle.label | tainted | +| live-server.js:4:21:4:27 | req.url | semmle.label | req.url | +| live-server.js:6:13:6:50 | ` ... /html>` | semmle.label | ` ... /html>` | +| live-server.js:6:28:6:34 | tainted | semmle.label | tainted | +| live-server.js:10:11:10:27 | tainted | semmle.label | tainted | +| live-server.js:10:21:10:27 | req.url | semmle.label | req.url | +| live-server.js:12:13:12:50 | ` ... /html>` | semmle.label | ` ... /html>` | +| live-server.js:12:28:12:34 | tainted | semmle.label | tainted | +| pages/Next.jsx:8:13:8:19 | req.url | semmle.label | req.url | +| pages/Next.jsx:15:13:15:19 | req.url | semmle.label | req.url | +| pages/api/myapi.js:2:14:2:20 | req.url | semmle.label | req.url | +| partial.js:9:25:9:25 | x | semmle.label | x | +| partial.js:10:14:10:14 | x | semmle.label | x | +| partial.js:10:14:10:18 | x + y | semmle.label | x + y | +| partial.js:13:42:13:48 | req.url | semmle.label | req.url | +| partial.js:18:25:18:25 | x | semmle.label | x | +| partial.js:19:14:19:14 | x | semmle.label | x | +| partial.js:19:14:19:18 | x + y | semmle.label | x + y | +| partial.js:22:51:22:57 | req.url | semmle.label | req.url | +| partial.js:27:25:27:25 | x | semmle.label | x | +| partial.js:28:14:28:14 | x | semmle.label | x | +| partial.js:28:14:28:18 | x + y | semmle.label | x + y | +| partial.js:31:47:31:53 | req.url | semmle.label | req.url | +| partial.js:36:25:36:25 | x | semmle.label | x | +| partial.js:37:14:37:14 | x | semmle.label | x | +| partial.js:37:14:37:18 | x + y | semmle.label | x + y | +| partial.js:40:43:40:49 | req.url | semmle.label | req.url | +| promises.js:5:3:5:59 | new Pro ... .data)) [PromiseValue] | semmle.label | new Pro ... .data)) [PromiseValue] | +| promises.js:5:16:5:22 | resolve [Return] [resolve-value] | semmle.label | resolve [Return] [resolve-value] | +| promises.js:5:36:5:42 | [post update] resolve [resolve-value] | semmle.label | [post update] resolve [resolve-value] | +| promises.js:5:44:5:57 | req.query.data | semmle.label | req.query.data | +| promises.js:6:11:6:11 | x | semmle.label | x | +| promises.js:6:25:6:25 | x | semmle.label | x | +| tst2.js:6:7:6:30 | p | semmle.label | p | +| tst2.js:6:7:6:30 | r | semmle.label | r | +| tst2.js:6:9:6:9 | p | semmle.label | p | +| tst2.js:6:12:6:15 | q: r | semmle.label | q: r | +| tst2.js:7:12:7:12 | p | semmle.label | p | +| tst2.js:8:12:8:12 | r | semmle.label | r | +| tst2.js:14:7:14:24 | p | semmle.label | p | +| tst2.js:14:9:14:9 | p | semmle.label | p | +| tst2.js:18:12:18:12 | p | semmle.label | p | +| tst2.js:21:14:21:14 | p | semmle.label | p | +| tst2.js:30:7:30:24 | p | semmle.label | p | +| tst2.js:30:9:30:9 | p | semmle.label | p | +| tst2.js:32:7:32:14 | obj [p] | semmle.label | obj [p] | +| tst2.js:33:3:33:5 | [post update] obj [p] | semmle.label | [post update] obj [p] | +| tst2.js:33:11:33:11 | p | semmle.label | p | +| tst2.js:34:7:34:24 | other [p] | semmle.label | other [p] | +| tst2.js:34:15:34:24 | clone(obj) [p] | semmle.label | clone(obj) [p] | +| tst2.js:34:21:34:23 | obj [p] | semmle.label | obj [p] | +| tst2.js:36:12:36:12 | p | semmle.label | p | +| tst2.js:37:12:37:16 | other [p] | semmle.label | other [p] | +| tst2.js:37:12:37:18 | other.p | semmle.label | other.p | +| tst2.js:43:7:43:24 | p | semmle.label | p | +| tst2.js:43:9:43:9 | p | semmle.label | p | +| tst2.js:49:7:49:53 | unsafe | semmle.label | unsafe | +| tst2.js:49:16:49:53 | seriali ... true}) | semmle.label | seriali ... true}) | +| tst2.js:49:36:49:36 | p | semmle.label | p | +| tst2.js:51:12:51:17 | unsafe | semmle.label | unsafe | +| tst2.js:57:7:57:24 | p | semmle.label | p | +| tst2.js:57:9:57:9 | p | semmle.label | p | +| tst2.js:59:7:59:14 | obj [p] | semmle.label | obj [p] | +| tst2.js:60:3:60:5 | [post update] obj [p] | semmle.label | [post update] obj [p] | +| tst2.js:60:11:60:11 | p | semmle.label | p | +| tst2.js:61:7:61:25 | other [p] | semmle.label | other [p] | +| tst2.js:61:15:61:25 | fclone(obj) [p] | semmle.label | fclone(obj) [p] | +| tst2.js:61:22:61:24 | obj [p] | semmle.label | obj [p] | +| tst2.js:63:12:63:12 | p | semmle.label | p | +| tst2.js:64:12:64:16 | other [p] | semmle.label | other [p] | +| tst2.js:64:12:64:18 | other.p | semmle.label | other.p | +| tst2.js:69:7:69:24 | p | semmle.label | p | +| tst2.js:69:9:69:9 | p | semmle.label | p | +| tst2.js:71:7:71:14 | obj [p] | semmle.label | obj [p] | +| tst2.js:72:3:72:5 | [post update] obj [p] | semmle.label | [post update] obj [p] | +| tst2.js:72:11:72:11 | p | semmle.label | p | +| tst2.js:73:7:73:44 | other [p] | semmle.label | other [p] | +| tst2.js:73:15:73:44 | jc.retr ... e(obj)) [p] | semmle.label | jc.retr ... e(obj)) [p] | +| tst2.js:73:29:73:43 | jc.decycle(obj) [p] | semmle.label | jc.decycle(obj) [p] | +| tst2.js:73:40:73:42 | obj [p] | semmle.label | obj [p] | +| tst2.js:75:12:75:12 | p | semmle.label | p | +| tst2.js:76:12:76:16 | other [p] | semmle.label | other [p] | +| tst2.js:76:12:76:18 | other.p | semmle.label | other.p | +| tst2.js:82:7:82:24 | p | semmle.label | p | +| tst2.js:82:9:82:9 | p | semmle.label | p | +| tst2.js:84:7:84:14 | obj [p] | semmle.label | obj [p] | +| tst2.js:85:3:85:5 | [post update] obj [p] | semmle.label | [post update] obj [p] | +| tst2.js:85:11:85:11 | p | semmle.label | p | +| tst2.js:86:7:86:27 | other [p] | semmle.label | other [p] | +| tst2.js:86:15:86:27 | sortKeys(obj) [p] | semmle.label | sortKeys(obj) [p] | +| tst2.js:86:24:86:26 | obj [p] | semmle.label | obj [p] | +| tst2.js:88:12:88:12 | p | semmle.label | p | +| tst2.js:89:12:89:16 | other [p] | semmle.label | other [p] | +| tst2.js:89:12:89:18 | other.p | semmle.label | other.p | +| tst3.js:5:7:5:24 | p | semmle.label | p | +| tst3.js:5:9:5:9 | p | semmle.label | p | +| tst3.js:6:12:6:12 | p | semmle.label | p | +| tst3.js:11:9:11:74 | code | semmle.label | code | +| tst3.js:11:16:11:74 | prettie ... bel" }) | semmle.label | prettie ... bel" }) | +| tst3.js:11:32:11:39 | reg.body | semmle.label | reg.body | +| tst3.js:12:12:12:15 | code | semmle.label | code | +subpaths +| ReflectedXssGood3.js:139:24:139:26 | url | ReflectedXssGood3.js:68:22:68:26 | value | ReflectedXssGood3.js:108:10:108:23 | parts.join('') | ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) | #select | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | ReflectedXss.js:8:33:8:45 | req.params.id | ReflectedXss.js:8:14:8:45 | "Unknow ... rams.id | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:8:33:8:45 | req.params.id | user-provided value | | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | ReflectedXss.js:17:31:17:39 | params.id | ReflectedXss.js:17:12:17:39 | "Unknow ... rams.id | Cross-site scripting vulnerability due to a $@. | ReflectedXss.js:17:31:17:39 | params.id | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.ql b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.ql index 3fcf8c0377bf..b9c4107a6ad9 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.ql +++ b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.ql @@ -3,18 +3,17 @@ // import javascript import semmle.javascript.security.dataflow.ReflectedXssQuery +private import semmle.javascript.security.dataflow.Xss::Shared as SharedXss -class IsVarNameSanitizer extends TaintTracking::AdditionalSanitizerGuardNode, DataFlow::CallNode { +class IsVarNameSanitizer extends SharedXss::BarrierGuard, DataFlow::CallNode { IsVarNameSanitizer() { this.getCalleeName() = "isVarName" } - override predicate sanitizes(boolean outcome, Expr e) { + override predicate blocksExpr(boolean outcome, Expr e) { outcome = true and e = this.getArgument(0).asExpr() } - - override predicate appliesTo(TaintTracking::Configuration cfg) { cfg instanceof Configuration } } -from Configuration xss, Source source, Sink sink -where xss.hasFlow(source, sink) +from Source source, Sink sink +where ReflectedXssFlow::flow(source, sink) select sink, "Cross-site scripting vulnerability due to $@.", source, "user-provided value" diff --git a/javascript/ql/test/query-tests/Security/CWE-079/StoredXss/StoredXss.expected b/javascript/ql/test/query-tests/Security/CWE-079/StoredXss/StoredXss.expected index d6142c980b64..3b3b0501e192 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/StoredXss/StoredXss.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/StoredXss/StoredXss.expected @@ -1,55 +1,90 @@ -nodes -| xss-through-filenames.js:7:43:7:48 | files1 | -| xss-through-filenames.js:7:43:7:48 | files1 | -| xss-through-filenames.js:8:18:8:23 | files1 | -| xss-through-filenames.js:8:18:8:23 | files1 | -| xss-through-filenames.js:25:43:25:48 | files1 | -| xss-through-filenames.js:25:43:25:48 | files1 | -| xss-through-filenames.js:26:19:26:24 | files1 | -| xss-through-filenames.js:26:19:26:24 | files1 | -| xss-through-filenames.js:29:13:29:23 | files2 | -| xss-through-filenames.js:29:22:29:23 | [] | -| xss-through-filenames.js:30:9:30:14 | files1 | -| xss-through-filenames.js:30:34:30:37 | file | -| xss-through-filenames.js:31:25:31:28 | file | -| xss-through-filenames.js:33:19:33:24 | files2 | -| xss-through-filenames.js:33:19:33:24 | files2 | -| xss-through-filenames.js:35:13:35:35 | files3 | -| xss-through-filenames.js:35:22:35:35 | format(files2) | -| xss-through-filenames.js:35:29:35:34 | files2 | -| xss-through-filenames.js:37:19:37:24 | files3 | -| xss-through-filenames.js:37:19:37:24 | files3 | -| xss-through-torrent.js:6:6:6:24 | name | -| xss-through-torrent.js:6:13:6:24 | torrent.name | -| xss-through-torrent.js:6:13:6:24 | torrent.name | -| xss-through-torrent.js:7:11:7:14 | name | -| xss-through-torrent.js:7:11:7:14 | name | edges -| xss-through-filenames.js:7:43:7:48 | files1 | xss-through-filenames.js:8:18:8:23 | files1 | -| xss-through-filenames.js:7:43:7:48 | files1 | xss-through-filenames.js:8:18:8:23 | files1 | -| xss-through-filenames.js:7:43:7:48 | files1 | xss-through-filenames.js:8:18:8:23 | files1 | -| xss-through-filenames.js:7:43:7:48 | files1 | xss-through-filenames.js:8:18:8:23 | files1 | -| xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:26:19:26:24 | files1 | -| xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:26:19:26:24 | files1 | -| xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:26:19:26:24 | files1 | -| xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:26:19:26:24 | files1 | -| xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:30:9:30:14 | files1 | -| xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:30:9:30:14 | files1 | -| xss-through-filenames.js:29:13:29:23 | files2 | xss-through-filenames.js:33:19:33:24 | files2 | -| xss-through-filenames.js:29:13:29:23 | files2 | xss-through-filenames.js:33:19:33:24 | files2 | -| xss-through-filenames.js:29:13:29:23 | files2 | xss-through-filenames.js:35:29:35:34 | files2 | -| xss-through-filenames.js:29:22:29:23 | [] | xss-through-filenames.js:29:13:29:23 | files2 | -| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:30:34:30:37 | file | -| xss-through-filenames.js:30:34:30:37 | file | xss-through-filenames.js:31:25:31:28 | file | -| xss-through-filenames.js:31:25:31:28 | file | xss-through-filenames.js:29:22:29:23 | [] | -| xss-through-filenames.js:35:13:35:35 | files3 | xss-through-filenames.js:37:19:37:24 | files3 | -| xss-through-filenames.js:35:13:35:35 | files3 | xss-through-filenames.js:37:19:37:24 | files3 | -| xss-through-filenames.js:35:22:35:35 | format(files2) | xss-through-filenames.js:35:13:35:35 | files3 | -| xss-through-filenames.js:35:29:35:34 | files2 | xss-through-filenames.js:35:22:35:35 | format(files2) | -| xss-through-torrent.js:6:6:6:24 | name | xss-through-torrent.js:7:11:7:14 | name | -| xss-through-torrent.js:6:6:6:24 | name | xss-through-torrent.js:7:11:7:14 | name | -| xss-through-torrent.js:6:13:6:24 | torrent.name | xss-through-torrent.js:6:6:6:24 | name | -| xss-through-torrent.js:6:13:6:24 | torrent.name | xss-through-torrent.js:6:6:6:24 | name | +| xss-through-filenames.js:7:43:7:48 | files1 | xss-through-filenames.js:8:18:8:23 | files1 | provenance | | +| xss-through-filenames.js:17:21:17:26 | files2 | xss-through-filenames.js:19:9:19:14 | files2 | provenance | | +| xss-through-filenames.js:17:21:17:26 | files2 [ArrayElement] | xss-through-filenames.js:19:9:19:14 | files2 [ArrayElement] | provenance | | +| xss-through-filenames.js:19:9:19:14 | files2 | xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | provenance | | +| xss-through-filenames.js:19:9:19:14 | files2 | xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | provenance | | +| xss-through-filenames.js:19:9:19:14 | files2 [ArrayElement] | xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | provenance | | +| xss-through-filenames.js:19:9:19:14 | files2 [ArrayElement] | xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | provenance | | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:19:45:19:48 | file | provenance | | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:19:45:19:48 | file | provenance | | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:22:16:22:21 | files3 | provenance | | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:22:16:22:21 | files3 | provenance | | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:19:45:19:48 | file | provenance | | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:19:45:19:48 | file | provenance | | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:22:16:22:21 | files3 | provenance | | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:22:16:22:21 | files3 | provenance | | +| xss-through-filenames.js:19:45:19:48 | file | xss-through-filenames.js:20:34:20:37 | file | provenance | | +| xss-through-filenames.js:20:25:20:47 | '
  • ' ... '
    • ' | xss-through-filenames.js:20:13:20:18 | [post update] files3 | provenance | | +| xss-through-filenames.js:20:34:20:37 | file | xss-through-filenames.js:20:25:20:47 | '
  • ' ... '
    • ' | provenance | | +| xss-through-filenames.js:22:16:22:21 | files3 | xss-through-filenames.js:22:16:22:30 | files3.join('') | provenance | | +| xss-through-filenames.js:22:16:22:21 | files3 | xss-through-filenames.js:22:16:22:30 | files3.join('') | provenance | | +| xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:26:19:26:24 | files1 | provenance | | +| xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:30:9:30:14 | files1 | provenance | | +| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:30:34:30:37 | file | provenance | | +| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:33:19:33:24 | files2 | provenance | | +| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:33:19:33:24 | files2 | provenance | | +| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:33:19:33:24 | files2 [ArrayElement] | provenance | | +| xss-through-filenames.js:30:34:30:37 | file | xss-through-filenames.js:31:25:31:28 | file | provenance | | +| xss-through-filenames.js:31:25:31:28 | file | xss-through-filenames.js:31:13:31:18 | [post update] files2 | provenance | | +| xss-through-filenames.js:31:25:31:28 | file | xss-through-filenames.js:31:13:31:18 | [post update] files2 [ArrayElement] | provenance | | +| xss-through-filenames.js:33:19:33:24 | files2 | xss-through-filenames.js:35:29:35:34 | files2 | provenance | | +| xss-through-filenames.js:33:19:33:24 | files2 [ArrayElement] | xss-through-filenames.js:35:29:35:34 | files2 [ArrayElement] | provenance | | +| xss-through-filenames.js:35:13:35:35 | files3 | xss-through-filenames.js:37:19:37:24 | files3 | provenance | | +| xss-through-filenames.js:35:22:35:35 | format(files2) | xss-through-filenames.js:35:13:35:35 | files3 | provenance | | +| xss-through-filenames.js:35:29:35:34 | files2 | xss-through-filenames.js:17:21:17:26 | files2 | provenance | | +| xss-through-filenames.js:35:29:35:34 | files2 | xss-through-filenames.js:35:22:35:35 | format(files2) | provenance | | +| xss-through-filenames.js:35:29:35:34 | files2 [ArrayElement] | xss-through-filenames.js:17:21:17:26 | files2 [ArrayElement] | provenance | | +| xss-through-filenames.js:35:29:35:34 | files2 [ArrayElement] | xss-through-filenames.js:35:22:35:35 | format(files2) | provenance | | +| xss-through-torrent.js:6:6:6:24 | name | xss-through-torrent.js:7:11:7:14 | name | provenance | | +| xss-through-torrent.js:6:13:6:24 | torrent.name | xss-through-torrent.js:6:6:6:24 | name | provenance | | +nodes +| xss-through-filenames.js:7:43:7:48 | files1 | semmle.label | files1 | +| xss-through-filenames.js:8:18:8:23 | files1 | semmle.label | files1 | +| xss-through-filenames.js:17:21:17:26 | files2 | semmle.label | files2 | +| xss-through-filenames.js:17:21:17:26 | files2 [ArrayElement] | semmle.label | files2 [ArrayElement] | +| xss-through-filenames.js:19:9:19:14 | files2 | semmle.label | files2 | +| xss-through-filenames.js:19:9:19:14 | files2 [ArrayElement] | semmle.label | files2 [ArrayElement] | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | semmle.label | files2.sort(sort) | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | semmle.label | files2.sort(sort) | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | semmle.label | files2.sort(sort) [ArrayElement] | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | semmle.label | files2.sort(sort) [ArrayElement] | +| xss-through-filenames.js:19:45:19:48 | file | semmle.label | file | +| xss-through-filenames.js:20:13:20:18 | [post update] files3 | semmle.label | [post update] files3 | +| xss-through-filenames.js:20:25:20:47 | '
  • ' ... '
    • ' | semmle.label | '
  • ' ... '
    • ' | +| xss-through-filenames.js:20:34:20:37 | file | semmle.label | file | +| xss-through-filenames.js:22:16:22:21 | files3 | semmle.label | files3 | +| xss-through-filenames.js:22:16:22:21 | files3 | semmle.label | files3 | +| xss-through-filenames.js:22:16:22:30 | files3.join('') | semmle.label | files3.join('') | +| xss-through-filenames.js:22:16:22:30 | files3.join('') | semmle.label | files3.join('') | +| xss-through-filenames.js:25:43:25:48 | files1 | semmle.label | files1 | +| xss-through-filenames.js:26:19:26:24 | files1 | semmle.label | files1 | +| xss-through-filenames.js:30:9:30:14 | files1 | semmle.label | files1 | +| xss-through-filenames.js:30:34:30:37 | file | semmle.label | file | +| xss-through-filenames.js:31:13:31:18 | [post update] files2 | semmle.label | [post update] files2 | +| xss-through-filenames.js:31:13:31:18 | [post update] files2 [ArrayElement] | semmle.label | [post update] files2 [ArrayElement] | +| xss-through-filenames.js:31:25:31:28 | file | semmle.label | file | +| xss-through-filenames.js:33:19:33:24 | files2 | semmle.label | files2 | +| xss-through-filenames.js:33:19:33:24 | files2 | semmle.label | files2 | +| xss-through-filenames.js:33:19:33:24 | files2 [ArrayElement] | semmle.label | files2 [ArrayElement] | +| xss-through-filenames.js:35:13:35:35 | files3 | semmle.label | files3 | +| xss-through-filenames.js:35:22:35:35 | format(files2) | semmle.label | format(files2) | +| xss-through-filenames.js:35:29:35:34 | files2 | semmle.label | files2 | +| xss-through-filenames.js:35:29:35:34 | files2 [ArrayElement] | semmle.label | files2 [ArrayElement] | +| xss-through-filenames.js:37:19:37:24 | files3 | semmle.label | files3 | +| xss-through-torrent.js:6:6:6:24 | name | semmle.label | name | +| xss-through-torrent.js:6:13:6:24 | torrent.name | semmle.label | torrent.name | +| xss-through-torrent.js:7:11:7:14 | name | semmle.label | name | +subpaths +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:19:45:19:48 | file | xss-through-filenames.js:20:13:20:18 | [post update] files3 | xss-through-filenames.js:22:16:22:21 | files3 | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) | xss-through-filenames.js:19:45:19:48 | file | xss-through-filenames.js:20:13:20:18 | [post update] files3 | xss-through-filenames.js:22:16:22:21 | files3 | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:19:45:19:48 | file | xss-through-filenames.js:20:13:20:18 | [post update] files3 | xss-through-filenames.js:22:16:22:21 | files3 | +| xss-through-filenames.js:19:9:19:25 | files2.sort(sort) [ArrayElement] | xss-through-filenames.js:19:45:19:48 | file | xss-through-filenames.js:20:13:20:18 | [post update] files3 | xss-through-filenames.js:22:16:22:21 | files3 | +| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:30:34:30:37 | file | xss-through-filenames.js:31:13:31:18 | [post update] files2 | xss-through-filenames.js:33:19:33:24 | files2 | +| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:30:34:30:37 | file | xss-through-filenames.js:31:13:31:18 | [post update] files2 | xss-through-filenames.js:33:19:33:24 | files2 | +| xss-through-filenames.js:30:9:30:14 | files1 | xss-through-filenames.js:30:34:30:37 | file | xss-through-filenames.js:31:13:31:18 | [post update] files2 [ArrayElement] | xss-through-filenames.js:33:19:33:24 | files2 [ArrayElement] | +| xss-through-filenames.js:35:29:35:34 | files2 | xss-through-filenames.js:17:21:17:26 | files2 | xss-through-filenames.js:22:16:22:30 | files3.join('') | xss-through-filenames.js:35:22:35:35 | format(files2) | +| xss-through-filenames.js:35:29:35:34 | files2 [ArrayElement] | xss-through-filenames.js:17:21:17:26 | files2 [ArrayElement] | xss-through-filenames.js:22:16:22:30 | files3.join('') | xss-through-filenames.js:35:22:35:35 | format(files2) | #select | xss-through-filenames.js:8:18:8:23 | files1 | xss-through-filenames.js:7:43:7:48 | files1 | xss-through-filenames.js:8:18:8:23 | files1 | Stored cross-site scripting vulnerability due to $@. | xss-through-filenames.js:7:43:7:48 | files1 | stored value | | xss-through-filenames.js:26:19:26:24 | files1 | xss-through-filenames.js:25:43:25:48 | files1 | xss-through-filenames.js:26:19:26:24 | files1 | Stored cross-site scripting vulnerability due to $@. | xss-through-filenames.js:25:43:25:48 | files1 | stored value | diff --git a/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/UnsafeHtmlConstruction.expected b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/UnsafeHtmlConstruction.expected index b05425e65da6..49092b056422 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/UnsafeHtmlConstruction.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeHtmlConstruction/UnsafeHtmlConstruction.expected @@ -1,287 +1,104 @@ nodes -| jquery-plugin.js:11:27:11:31 | stuff | -| jquery-plugin.js:11:27:11:31 | stuff | -| jquery-plugin.js:11:34:11:40 | options | -| jquery-plugin.js:11:34:11:40 | options | -| jquery-plugin.js:11:34:11:40 | options | -| jquery-plugin.js:11:34:11:40 | options | -| jquery-plugin.js:12:31:12:37 | options | -| jquery-plugin.js:12:31:12:37 | options | -| jquery-plugin.js:12:31:12:37 | options | -| jquery-plugin.js:12:31:12:41 | options.foo | -| jquery-plugin.js:12:31:12:41 | options.foo | -| jquery-plugin.js:12:31:12:41 | options.foo | -| jquery-plugin.js:12:31:12:41 | options.foo | -| jquery-plugin.js:14:31:14:35 | stuff | -| jquery-plugin.js:14:31:14:35 | stuff | -| lib2/index.ts:1:28:1:28 | s | -| lib2/index.ts:1:28:1:28 | s | -| lib2/index.ts:2:27:2:27 | s | -| lib2/index.ts:2:27:2:27 | s | -| lib2/index.ts:6:29:6:36 | settings | -| lib2/index.ts:6:29:6:36 | settings | -| lib2/index.ts:6:29:6:36 | settings | -| lib2/index.ts:7:58:7:65 | settings | -| lib2/index.ts:7:58:7:65 | settings | -| lib2/index.ts:13:9:13:41 | name | -| lib2/index.ts:13:16:13:23 | settings | -| lib2/index.ts:13:16:13:33 | settings.mySetting | -| lib2/index.ts:13:16:13:36 | setting ... ting[i] | -| lib2/index.ts:13:16:13:41 | setting ... i].name | -| lib2/index.ts:18:62:18:65 | name | -| lib2/index.ts:18:62:18:65 | name | -| lib2/src/MyNode.ts:1:28:1:28 | s | -| lib2/src/MyNode.ts:1:28:1:28 | s | -| lib2/src/MyNode.ts:2:29:2:29 | s | -| lib2/src/MyNode.ts:2:29:2:29 | s | -| lib/src/MyNode.ts:1:28:1:28 | s | -| lib/src/MyNode.ts:1:28:1:28 | s | -| lib/src/MyNode.ts:2:29:2:29 | s | -| lib/src/MyNode.ts:2:29:2:29 | s | -| main.js:1:55:1:55 | s | -| main.js:1:55:1:55 | s | -| main.js:2:29:2:29 | s | -| main.js:2:29:2:29 | s | -| main.js:6:49:6:49 | s | -| main.js:6:49:6:49 | s | -| main.js:7:49:7:49 | s | -| main.js:7:49:7:49 | s | -| main.js:11:60:11:60 | s | -| main.js:11:60:11:60 | s | -| main.js:12:49:12:49 | s | -| main.js:12:49:12:49 | s | -| main.js:21:47:21:47 | s | -| main.js:21:47:21:47 | s | -| main.js:22:34:22:34 | s | -| main.js:22:34:22:34 | s | -| main.js:41:17:41:17 | s | -| main.js:42:21:42:21 | s | -| main.js:47:65:47:73 | this.step | -| main.js:47:65:47:73 | this.step | -| main.js:52:41:52:41 | s | -| main.js:52:41:52:41 | s | -| main.js:53:20:53:20 | s | -| main.js:56:28:56:34 | options | -| main.js:56:28:56:34 | options | -| main.js:56:28:56:34 | options | -| main.js:56:28:56:34 | options | -| main.js:57:11:59:5 | defaults | -| main.js:57:11:59:5 | defaults | -| main.js:57:11:59:5 | defaults | -| main.js:57:22:59:5 | {\\n ... "\\n } | -| main.js:57:22:59:5 | {\\n ... "\\n } | -| main.js:57:22:59:5 | {\\n ... "\\n } | -| main.js:60:11:60:48 | settings | -| main.js:60:11:60:48 | settings | -| main.js:60:11:60:48 | settings | -| main.js:60:22:60:48 | $.exten ... ptions) | -| main.js:60:22:60:48 | $.exten ... ptions) | -| main.js:60:22:60:48 | $.exten ... ptions) | -| main.js:60:31:60:38 | defaults | -| main.js:60:31:60:38 | defaults | -| main.js:60:31:60:38 | defaults | -| main.js:60:41:60:47 | options | -| main.js:60:41:60:47 | options | -| main.js:60:41:60:47 | options | -| main.js:62:19:62:26 | settings | -| main.js:62:19:62:26 | settings | -| main.js:62:19:62:26 | settings | -| main.js:62:19:62:31 | settings.name | -| main.js:62:19:62:31 | settings.name | -| main.js:62:19:62:31 | settings.name | -| main.js:62:19:62:31 | settings.name | -| main.js:66:35:66:41 | attrVal | -| main.js:66:35:66:41 | attrVal | -| main.js:67:63:67:69 | attrVal | -| main.js:67:63:67:69 | attrVal | -| main.js:79:34:79:36 | val | -| main.js:79:34:79:36 | val | -| main.js:81:35:81:37 | val | -| main.js:81:35:81:37 | val | -| main.js:89:21:89:21 | x | -| main.js:90:23:90:23 | x | -| main.js:90:23:90:23 | x | -| main.js:93:43:93:43 | x | -| main.js:93:43:93:43 | x | -| main.js:94:31:94:31 | x | -| main.js:98:43:98:43 | x | -| main.js:98:43:98:43 | x | -| main.js:99:28:99:28 | x | -| main.js:99:28:99:28 | x | -| main.js:103:43:103:43 | x | -| main.js:103:43:103:43 | x | -| main.js:105:26:105:26 | x | -| main.js:105:26:105:26 | x | -| main.js:109:41:109:41 | x | -| main.js:109:41:109:41 | x | -| main.js:111:37:111:37 | x | -| main.js:111:37:111:37 | x | -| main.js:116:47:116:47 | s | -| main.js:116:47:116:47 | s | -| main.js:117:34:117:34 | s | -| main.js:117:34:117:34 | s | -| typed.ts:1:39:1:39 | s | -| typed.ts:1:39:1:39 | s | -| typed.ts:2:29:2:29 | s | -| typed.ts:2:29:2:29 | s | -| typed.ts:6:43:6:43 | s | -| typed.ts:6:43:6:43 | s | -| typed.ts:8:40:8:40 | s | -| typed.ts:8:40:8:40 | s | -| typed.ts:11:20:11:20 | s | -| typed.ts:11:20:11:20 | s | -| typed.ts:12:12:12:12 | s | -| typed.ts:16:11:16:21 | s | -| typed.ts:16:15:16:21 | id("x") | -| typed.ts:17:29:17:29 | s | -| typed.ts:17:29:17:29 | s | +| jquery-plugin.js:11:27:11:31 | stuff | semmle.label | stuff | +| jquery-plugin.js:11:34:11:40 | options | semmle.label | options | +| jquery-plugin.js:12:31:12:37 | options | semmle.label | options | +| jquery-plugin.js:12:31:12:41 | options.foo | semmle.label | options.foo | +| jquery-plugin.js:14:31:14:35 | stuff | semmle.label | stuff | +| lib2/index.ts:1:28:1:28 | s | semmle.label | s | +| lib2/index.ts:2:27:2:27 | s | semmle.label | s | +| lib2/index.ts:6:29:6:36 | settings | semmle.label | settings | +| lib2/index.ts:7:58:7:65 | settings | semmle.label | settings | +| lib2/index.ts:13:9:13:41 | name | semmle.label | name | +| lib2/index.ts:13:16:13:23 | settings | semmle.label | settings | +| lib2/index.ts:13:16:13:33 | settings.mySetting | semmle.label | settings.mySetting | +| lib2/index.ts:13:16:13:36 | setting ... ting[i] | semmle.label | setting ... ting[i] | +| lib2/index.ts:13:16:13:41 | setting ... i].name | semmle.label | setting ... i].name | +| lib2/index.ts:18:62:18:65 | name | semmle.label | name | +| lib2/src/MyNode.ts:1:28:1:28 | s | semmle.label | s | +| lib2/src/MyNode.ts:2:29:2:29 | s | semmle.label | s | +| lib/src/MyNode.ts:1:28:1:28 | s | semmle.label | s | +| lib/src/MyNode.ts:2:29:2:29 | s | semmle.label | s | +| main.js:1:55:1:55 | s | semmle.label | s | +| main.js:2:29:2:29 | s | semmle.label | s | +| main.js:6:49:6:49 | s | semmle.label | s | +| main.js:7:49:7:49 | s | semmle.label | s | +| main.js:11:60:11:60 | s | semmle.label | s | +| main.js:12:49:12:49 | s | semmle.label | s | +| main.js:21:47:21:47 | s | semmle.label | s | +| main.js:22:34:22:34 | s | semmle.label | s | +| main.js:56:28:56:34 | options | semmle.label | options | +| main.js:57:11:59:5 | defaults | semmle.label | defaults | +| main.js:57:22:59:5 | {\\n ... "\\n } | semmle.label | {\\n ... "\\n } | +| main.js:60:11:60:48 | settings | semmle.label | settings | +| main.js:60:22:60:48 | $.exten ... ptions) | semmle.label | $.exten ... ptions) | +| main.js:60:31:60:38 | defaults | semmle.label | defaults | +| main.js:60:41:60:47 | options | semmle.label | options | +| main.js:62:19:62:26 | settings | semmle.label | settings | +| main.js:62:19:62:31 | settings.name | semmle.label | settings.name | +| main.js:66:35:66:41 | attrVal | semmle.label | attrVal | +| main.js:67:63:67:69 | attrVal | semmle.label | attrVal | +| main.js:79:34:79:36 | val | semmle.label | val | +| main.js:81:35:81:37 | val | semmle.label | val | +| main.js:89:21:89:21 | x | semmle.label | x | +| main.js:90:23:90:23 | x | semmle.label | x | +| main.js:93:43:93:43 | x | semmle.label | x | +| main.js:94:31:94:31 | x | semmle.label | x | +| main.js:98:43:98:43 | x | semmle.label | x | +| main.js:99:28:99:28 | x | semmle.label | x | +| main.js:103:43:103:43 | x | semmle.label | x | +| main.js:105:26:105:26 | x | semmle.label | x | +| main.js:109:41:109:41 | x | semmle.label | x | +| main.js:111:37:111:37 | x | semmle.label | x | +| main.js:116:47:116:47 | s | semmle.label | s | +| main.js:117:34:117:34 | s | semmle.label | s | +| typed.ts:1:39:1:39 | s | semmle.label | s | +| typed.ts:2:29:2:29 | s | semmle.label | s | +| typed.ts:6:43:6:43 | s | semmle.label | s | +| typed.ts:8:40:8:40 | s | semmle.label | s | edges -| jquery-plugin.js:11:27:11:31 | stuff | jquery-plugin.js:14:31:14:35 | stuff | -| jquery-plugin.js:11:27:11:31 | stuff | jquery-plugin.js:14:31:14:35 | stuff | -| jquery-plugin.js:11:27:11:31 | stuff | jquery-plugin.js:14:31:14:35 | stuff | -| jquery-plugin.js:11:27:11:31 | stuff | jquery-plugin.js:14:31:14:35 | stuff | -| jquery-plugin.js:11:34:11:40 | options | jquery-plugin.js:12:31:12:37 | options | -| jquery-plugin.js:11:34:11:40 | options | jquery-plugin.js:12:31:12:37 | options | -| jquery-plugin.js:11:34:11:40 | options | jquery-plugin.js:12:31:12:37 | options | -| jquery-plugin.js:11:34:11:40 | options | jquery-plugin.js:12:31:12:37 | options | -| jquery-plugin.js:11:34:11:40 | options | jquery-plugin.js:12:31:12:37 | options | -| jquery-plugin.js:11:34:11:40 | options | jquery-plugin.js:12:31:12:37 | options | -| jquery-plugin.js:12:31:12:37 | options | jquery-plugin.js:12:31:12:41 | options.foo | -| jquery-plugin.js:12:31:12:37 | options | jquery-plugin.js:12:31:12:41 | options.foo | -| jquery-plugin.js:12:31:12:37 | options | jquery-plugin.js:12:31:12:41 | options.foo | -| jquery-plugin.js:12:31:12:37 | options | jquery-plugin.js:12:31:12:41 | options.foo | -| jquery-plugin.js:12:31:12:37 | options | jquery-plugin.js:12:31:12:41 | options.foo | -| jquery-plugin.js:12:31:12:37 | options | jquery-plugin.js:12:31:12:41 | options.foo | -| lib2/index.ts:1:28:1:28 | s | lib2/index.ts:2:27:2:27 | s | -| lib2/index.ts:1:28:1:28 | s | lib2/index.ts:2:27:2:27 | s | -| lib2/index.ts:1:28:1:28 | s | lib2/index.ts:2:27:2:27 | s | -| lib2/index.ts:1:28:1:28 | s | lib2/index.ts:2:27:2:27 | s | -| lib2/index.ts:6:29:6:36 | settings | lib2/index.ts:7:58:7:65 | settings | -| lib2/index.ts:6:29:6:36 | settings | lib2/index.ts:7:58:7:65 | settings | -| lib2/index.ts:6:29:6:36 | settings | lib2/index.ts:7:58:7:65 | settings | -| lib2/index.ts:6:29:6:36 | settings | lib2/index.ts:7:58:7:65 | settings | -| lib2/index.ts:6:29:6:36 | settings | lib2/index.ts:13:16:13:23 | settings | -| lib2/index.ts:6:29:6:36 | settings | lib2/index.ts:13:16:13:23 | settings | -| lib2/index.ts:13:9:13:41 | name | lib2/index.ts:18:62:18:65 | name | -| lib2/index.ts:13:9:13:41 | name | lib2/index.ts:18:62:18:65 | name | -| lib2/index.ts:13:16:13:23 | settings | lib2/index.ts:13:16:13:33 | settings.mySetting | -| lib2/index.ts:13:16:13:33 | settings.mySetting | lib2/index.ts:13:16:13:36 | setting ... ting[i] | -| lib2/index.ts:13:16:13:36 | setting ... ting[i] | lib2/index.ts:13:16:13:41 | setting ... i].name | -| lib2/index.ts:13:16:13:41 | setting ... i].name | lib2/index.ts:13:9:13:41 | name | -| lib2/src/MyNode.ts:1:28:1:28 | s | lib2/src/MyNode.ts:2:29:2:29 | s | -| lib2/src/MyNode.ts:1:28:1:28 | s | lib2/src/MyNode.ts:2:29:2:29 | s | -| lib2/src/MyNode.ts:1:28:1:28 | s | lib2/src/MyNode.ts:2:29:2:29 | s | -| lib2/src/MyNode.ts:1:28:1:28 | s | lib2/src/MyNode.ts:2:29:2:29 | s | -| lib/src/MyNode.ts:1:28:1:28 | s | lib/src/MyNode.ts:2:29:2:29 | s | -| lib/src/MyNode.ts:1:28:1:28 | s | lib/src/MyNode.ts:2:29:2:29 | s | -| lib/src/MyNode.ts:1:28:1:28 | s | lib/src/MyNode.ts:2:29:2:29 | s | -| lib/src/MyNode.ts:1:28:1:28 | s | lib/src/MyNode.ts:2:29:2:29 | s | -| main.js:1:55:1:55 | s | main.js:2:29:2:29 | s | -| main.js:1:55:1:55 | s | main.js:2:29:2:29 | s | -| main.js:1:55:1:55 | s | main.js:2:29:2:29 | s | -| main.js:1:55:1:55 | s | main.js:2:29:2:29 | s | -| main.js:6:49:6:49 | s | main.js:7:49:7:49 | s | -| main.js:6:49:6:49 | s | main.js:7:49:7:49 | s | -| main.js:6:49:6:49 | s | main.js:7:49:7:49 | s | -| main.js:6:49:6:49 | s | main.js:7:49:7:49 | s | -| main.js:11:60:11:60 | s | main.js:12:49:12:49 | s | -| main.js:11:60:11:60 | s | main.js:12:49:12:49 | s | -| main.js:11:60:11:60 | s | main.js:12:49:12:49 | s | -| main.js:11:60:11:60 | s | main.js:12:49:12:49 | s | -| main.js:21:47:21:47 | s | main.js:22:34:22:34 | s | -| main.js:21:47:21:47 | s | main.js:22:34:22:34 | s | -| main.js:21:47:21:47 | s | main.js:22:34:22:34 | s | -| main.js:21:47:21:47 | s | main.js:22:34:22:34 | s | -| main.js:41:17:41:17 | s | main.js:42:21:42:21 | s | -| main.js:42:21:42:21 | s | main.js:47:65:47:73 | this.step | -| main.js:42:21:42:21 | s | main.js:47:65:47:73 | this.step | -| main.js:52:41:52:41 | s | main.js:53:20:53:20 | s | -| main.js:52:41:52:41 | s | main.js:53:20:53:20 | s | -| main.js:53:20:53:20 | s | main.js:41:17:41:17 | s | -| main.js:56:28:56:34 | options | main.js:60:41:60:47 | options | -| main.js:56:28:56:34 | options | main.js:60:41:60:47 | options | -| main.js:56:28:56:34 | options | main.js:60:41:60:47 | options | -| main.js:56:28:56:34 | options | main.js:60:41:60:47 | options | -| main.js:56:28:56:34 | options | main.js:60:41:60:47 | options | -| main.js:56:28:56:34 | options | main.js:60:41:60:47 | options | -| main.js:57:11:59:5 | defaults | main.js:60:31:60:38 | defaults | -| main.js:57:11:59:5 | defaults | main.js:60:31:60:38 | defaults | -| main.js:57:11:59:5 | defaults | main.js:60:31:60:38 | defaults | -| main.js:57:22:59:5 | {\\n ... "\\n } | main.js:57:11:59:5 | defaults | -| main.js:57:22:59:5 | {\\n ... "\\n } | main.js:57:11:59:5 | defaults | -| main.js:57:22:59:5 | {\\n ... "\\n } | main.js:57:11:59:5 | defaults | -| main.js:60:11:60:48 | settings | main.js:62:19:62:26 | settings | -| main.js:60:11:60:48 | settings | main.js:62:19:62:26 | settings | -| main.js:60:11:60:48 | settings | main.js:62:19:62:26 | settings | -| main.js:60:22:60:48 | $.exten ... ptions) | main.js:60:11:60:48 | settings | -| main.js:60:22:60:48 | $.exten ... ptions) | main.js:60:11:60:48 | settings | -| main.js:60:22:60:48 | $.exten ... ptions) | main.js:60:11:60:48 | settings | -| main.js:60:31:60:38 | defaults | main.js:60:22:60:48 | $.exten ... ptions) | -| main.js:60:31:60:38 | defaults | main.js:60:22:60:48 | $.exten ... ptions) | -| main.js:60:31:60:38 | defaults | main.js:60:22:60:48 | $.exten ... ptions) | -| main.js:60:41:60:47 | options | main.js:57:22:59:5 | {\\n ... "\\n } | -| main.js:60:41:60:47 | options | main.js:57:22:59:5 | {\\n ... "\\n } | -| main.js:60:41:60:47 | options | main.js:57:22:59:5 | {\\n ... "\\n } | -| main.js:60:41:60:47 | options | main.js:60:22:60:48 | $.exten ... ptions) | -| main.js:60:41:60:47 | options | main.js:60:22:60:48 | $.exten ... ptions) | -| main.js:60:41:60:47 | options | main.js:60:22:60:48 | $.exten ... ptions) | -| main.js:62:19:62:26 | settings | main.js:62:19:62:31 | settings.name | -| main.js:62:19:62:26 | settings | main.js:62:19:62:31 | settings.name | -| main.js:62:19:62:26 | settings | main.js:62:19:62:31 | settings.name | -| main.js:62:19:62:26 | settings | main.js:62:19:62:31 | settings.name | -| main.js:62:19:62:26 | settings | main.js:62:19:62:31 | settings.name | -| main.js:62:19:62:26 | settings | main.js:62:19:62:31 | settings.name | -| main.js:66:35:66:41 | attrVal | main.js:67:63:67:69 | attrVal | -| main.js:66:35:66:41 | attrVal | main.js:67:63:67:69 | attrVal | -| main.js:66:35:66:41 | attrVal | main.js:67:63:67:69 | attrVal | -| main.js:66:35:66:41 | attrVal | main.js:67:63:67:69 | attrVal | -| main.js:79:34:79:36 | val | main.js:81:35:81:37 | val | -| main.js:79:34:79:36 | val | main.js:81:35:81:37 | val | -| main.js:79:34:79:36 | val | main.js:81:35:81:37 | val | -| main.js:79:34:79:36 | val | main.js:81:35:81:37 | val | -| main.js:89:21:89:21 | x | main.js:90:23:90:23 | x | -| main.js:89:21:89:21 | x | main.js:90:23:90:23 | x | -| main.js:93:43:93:43 | x | main.js:94:31:94:31 | x | -| main.js:93:43:93:43 | x | main.js:94:31:94:31 | x | -| main.js:94:31:94:31 | x | main.js:89:21:89:21 | x | -| main.js:98:43:98:43 | x | main.js:99:28:99:28 | x | -| main.js:98:43:98:43 | x | main.js:99:28:99:28 | x | -| main.js:98:43:98:43 | x | main.js:99:28:99:28 | x | -| main.js:98:43:98:43 | x | main.js:99:28:99:28 | x | -| main.js:98:43:98:43 | x | main.js:103:43:103:43 | x | -| main.js:98:43:98:43 | x | main.js:103:43:103:43 | x | -| main.js:98:43:98:43 | x | main.js:103:43:103:43 | x | -| main.js:98:43:98:43 | x | main.js:103:43:103:43 | x | -| main.js:98:43:98:43 | x | main.js:105:26:105:26 | x | -| main.js:98:43:98:43 | x | main.js:105:26:105:26 | x | -| main.js:98:43:98:43 | x | main.js:105:26:105:26 | x | -| main.js:98:43:98:43 | x | main.js:105:26:105:26 | x | -| main.js:98:43:98:43 | x | main.js:109:41:109:41 | x | -| main.js:98:43:98:43 | x | main.js:109:41:109:41 | x | -| main.js:98:43:98:43 | x | main.js:109:41:109:41 | x | -| main.js:98:43:98:43 | x | main.js:109:41:109:41 | x | -| main.js:98:43:98:43 | x | main.js:111:37:111:37 | x | -| main.js:98:43:98:43 | x | main.js:111:37:111:37 | x | -| main.js:98:43:98:43 | x | main.js:111:37:111:37 | x | -| main.js:98:43:98:43 | x | main.js:111:37:111:37 | x | -| main.js:116:47:116:47 | s | main.js:117:34:117:34 | s | -| main.js:116:47:116:47 | s | main.js:117:34:117:34 | s | -| main.js:116:47:116:47 | s | main.js:117:34:117:34 | s | -| main.js:116:47:116:47 | s | main.js:117:34:117:34 | s | -| typed.ts:1:39:1:39 | s | typed.ts:2:29:2:29 | s | -| typed.ts:1:39:1:39 | s | typed.ts:2:29:2:29 | s | -| typed.ts:1:39:1:39 | s | typed.ts:2:29:2:29 | s | -| typed.ts:1:39:1:39 | s | typed.ts:2:29:2:29 | s | -| typed.ts:6:43:6:43 | s | typed.ts:8:40:8:40 | s | -| typed.ts:6:43:6:43 | s | typed.ts:8:40:8:40 | s | -| typed.ts:6:43:6:43 | s | typed.ts:8:40:8:40 | s | -| typed.ts:6:43:6:43 | s | typed.ts:8:40:8:40 | s | -| typed.ts:11:20:11:20 | s | typed.ts:12:12:12:12 | s | -| typed.ts:11:20:11:20 | s | typed.ts:12:12:12:12 | s | -| typed.ts:12:12:12:12 | s | typed.ts:16:15:16:21 | id("x") | -| typed.ts:16:11:16:21 | s | typed.ts:17:29:17:29 | s | -| typed.ts:16:11:16:21 | s | typed.ts:17:29:17:29 | s | -| typed.ts:16:15:16:21 | id("x") | typed.ts:16:11:16:21 | s | +| jquery-plugin.js:11:27:11:31 | stuff | jquery-plugin.js:14:31:14:35 | stuff | provenance | | +| jquery-plugin.js:11:34:11:40 | options | jquery-plugin.js:12:31:12:37 | options | provenance | | +| jquery-plugin.js:12:31:12:37 | options | jquery-plugin.js:12:31:12:41 | options.foo | provenance | Config | +| lib2/index.ts:1:28:1:28 | s | lib2/index.ts:2:27:2:27 | s | provenance | | +| lib2/index.ts:6:29:6:36 | settings | lib2/index.ts:7:58:7:65 | settings | provenance | | +| lib2/index.ts:6:29:6:36 | settings | lib2/index.ts:13:16:13:23 | settings | provenance | | +| lib2/index.ts:13:9:13:41 | name | lib2/index.ts:18:62:18:65 | name | provenance | | +| lib2/index.ts:13:16:13:23 | settings | lib2/index.ts:13:16:13:33 | settings.mySetting | provenance | Config | +| lib2/index.ts:13:16:13:33 | settings.mySetting | lib2/index.ts:13:16:13:36 | setting ... ting[i] | provenance | Config | +| lib2/index.ts:13:16:13:36 | setting ... ting[i] | lib2/index.ts:13:16:13:41 | setting ... i].name | provenance | Config | +| lib2/index.ts:13:16:13:41 | setting ... i].name | lib2/index.ts:13:9:13:41 | name | provenance | | +| lib2/src/MyNode.ts:1:28:1:28 | s | lib2/src/MyNode.ts:2:29:2:29 | s | provenance | | +| lib/src/MyNode.ts:1:28:1:28 | s | lib/src/MyNode.ts:2:29:2:29 | s | provenance | | +| main.js:1:55:1:55 | s | main.js:2:29:2:29 | s | provenance | | +| main.js:6:49:6:49 | s | main.js:7:49:7:49 | s | provenance | | +| main.js:11:60:11:60 | s | main.js:12:49:12:49 | s | provenance | | +| main.js:21:47:21:47 | s | main.js:22:34:22:34 | s | provenance | | +| main.js:56:28:56:34 | options | main.js:60:41:60:47 | options | provenance | | +| main.js:57:11:59:5 | defaults | main.js:60:31:60:38 | defaults | provenance | | +| main.js:57:22:59:5 | {\\n ... "\\n } | main.js:57:11:59:5 | defaults | provenance | | +| main.js:60:11:60:48 | settings | main.js:62:19:62:26 | settings | provenance | | +| main.js:60:22:60:48 | $.exten ... ptions) | main.js:60:11:60:48 | settings | provenance | | +| main.js:60:31:60:38 | defaults | main.js:60:22:60:48 | $.exten ... ptions) | provenance | | +| main.js:60:31:60:38 | defaults | main.js:60:22:60:48 | $.exten ... ptions) | provenance | Config | +| main.js:60:41:60:47 | options | main.js:57:22:59:5 | {\\n ... "\\n } | provenance | | +| main.js:60:41:60:47 | options | main.js:57:22:59:5 | {\\n ... "\\n } | provenance | Config | +| main.js:60:41:60:47 | options | main.js:60:22:60:48 | $.exten ... ptions) | provenance | | +| main.js:60:41:60:47 | options | main.js:60:22:60:48 | $.exten ... ptions) | provenance | Config | +| main.js:62:19:62:26 | settings | main.js:62:19:62:31 | settings.name | provenance | Config | +| main.js:66:35:66:41 | attrVal | main.js:67:63:67:69 | attrVal | provenance | | +| main.js:79:34:79:36 | val | main.js:81:35:81:37 | val | provenance | | +| main.js:89:21:89:21 | x | main.js:90:23:90:23 | x | provenance | | +| main.js:93:43:93:43 | x | main.js:94:31:94:31 | x | provenance | | +| main.js:94:31:94:31 | x | main.js:89:21:89:21 | x | provenance | | +| main.js:98:43:98:43 | x | main.js:99:28:99:28 | x | provenance | | +| main.js:98:43:98:43 | x | main.js:103:43:103:43 | x | provenance | | +| main.js:98:43:98:43 | x | main.js:105:26:105:26 | x | provenance | | +| main.js:98:43:98:43 | x | main.js:109:41:109:41 | x | provenance | | +| main.js:98:43:98:43 | x | main.js:111:37:111:37 | x | provenance | | +| main.js:116:47:116:47 | s | main.js:117:34:117:34 | s | provenance | | +| typed.ts:1:39:1:39 | s | typed.ts:2:29:2:29 | s | provenance | | +| typed.ts:6:43:6:43 | s | typed.ts:8:40:8:40 | s | provenance | | +subpaths #select | jquery-plugin.js:12:31:12:41 | options.foo | jquery-plugin.js:11:34:11:40 | options | jquery-plugin.js:12:31:12:41 | options.foo | This HTML construction which depends on $@ might later allow $@. | jquery-plugin.js:11:34:11:40 | options | library input | jquery-plugin.js:12:20:12:53 | " ... /span>" | cross-site scripting | | jquery-plugin.js:14:31:14:35 | stuff | jquery-plugin.js:11:27:11:31 | stuff | jquery-plugin.js:14:31:14:35 | stuff | This HTML construction which depends on $@ might later allow $@. | jquery-plugin.js:11:27:11:31 | stuff | library input | jquery-plugin.js:14:20:14:47 | " ... /span>" | cross-site scripting | @@ -295,7 +112,6 @@ edges | main.js:12:49:12:49 | s | main.js:11:60:11:60 | s | main.js:12:49:12:49 | s | This XML parsing which depends on $@ might later allow $@. | main.js:11:60:11:60 | s | library input | main.js:16:21:16:35 | xml.cloneNode() | cross-site scripting | | main.js:12:49:12:49 | s | main.js:11:60:11:60 | s | main.js:12:49:12:49 | s | This XML parsing which depends on $@ might later allow $@. | main.js:11:60:11:60 | s | library input | main.js:17:48:17:50 | tmp | cross-site scripting | | main.js:22:34:22:34 | s | main.js:21:47:21:47 | s | main.js:22:34:22:34 | s | This markdown rendering which depends on $@ might later allow $@. | main.js:21:47:21:47 | s | library input | main.js:23:53:23:56 | html | cross-site scripting | -| main.js:47:65:47:73 | this.step | main.js:52:41:52:41 | s | main.js:47:65:47:73 | this.step | This HTML construction which depends on $@ might later allow $@. | main.js:52:41:52:41 | s | library input | main.js:47:54:47:85 | " ... /span>" | cross-site scripting | | main.js:62:19:62:31 | settings.name | main.js:56:28:56:34 | options | main.js:62:19:62:31 | settings.name | This HTML construction which depends on $@ might later allow $@. | main.js:56:28:56:34 | options | library input | main.js:62:11:62:40 | "" + ... "" | cross-site scripting | | main.js:67:63:67:69 | attrVal | main.js:66:35:66:41 | attrVal | main.js:67:63:67:69 | attrVal | This HTML construction which depends on $@ might later allow $@. | main.js:66:35:66:41 | attrVal | library input | main.js:67:47:67:78 | "" | cross-site scripting | | main.js:81:35:81:37 | val | main.js:79:34:79:36 | val | main.js:81:35:81:37 | val | This HTML construction which depends on $@ might later allow $@. | main.js:79:34:79:36 | val | library input | main.js:81:24:81:49 | " ... /span>" | cross-site scripting | diff --git a/javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin/UnsafeJQueryPlugin.expected b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin/UnsafeJQueryPlugin.expected index 23a7d82ca143..cf7af63c1224 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin/UnsafeJQueryPlugin.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/UnsafeJQueryPlugin/UnsafeJQueryPlugin.expected @@ -1,261 +1,130 @@ -nodes -| unsafe-jquery-plugin.js:2:38:2:44 | options | -| unsafe-jquery-plugin.js:2:38:2:44 | options | -| unsafe-jquery-plugin.js:3:5:3:11 | options | -| unsafe-jquery-plugin.js:3:5:3:11 | options | -| unsafe-jquery-plugin.js:5:5:5:11 | options | -| unsafe-jquery-plugin.js:5:5:5:18 | options.target | -| unsafe-jquery-plugin.js:5:5:5:18 | options.target | -| unsafe-jquery-plugin.js:7:17:7:23 | options | -| unsafe-jquery-plugin.js:7:17:7:30 | options.target | -| unsafe-jquery-plugin.js:11:7:11:29 | target | -| unsafe-jquery-plugin.js:11:16:11:22 | options | -| unsafe-jquery-plugin.js:11:16:11:29 | options.target | -| unsafe-jquery-plugin.js:22:6:22:11 | target | -| unsafe-jquery-plugin.js:22:6:22:11 | target | -| unsafe-jquery-plugin.js:30:6:30:11 | target | -| unsafe-jquery-plugin.js:30:6:30:11 | target | -| unsafe-jquery-plugin.js:36:6:36:11 | target | -| unsafe-jquery-plugin.js:36:6:36:11 | target | -| unsafe-jquery-plugin.js:40:6:40:11 | target | -| unsafe-jquery-plugin.js:40:6:40:11 | target | -| unsafe-jquery-plugin.js:48:6:48:11 | target | -| unsafe-jquery-plugin.js:48:6:48:11 | target | -| unsafe-jquery-plugin.js:52:6:52:11 | target | -| unsafe-jquery-plugin.js:52:6:52:11 | target | -| unsafe-jquery-plugin.js:60:6:60:11 | target | -| unsafe-jquery-plugin.js:60:6:60:11 | target | -| unsafe-jquery-plugin.js:65:47:65:53 | options | -| unsafe-jquery-plugin.js:65:47:65:53 | options | -| unsafe-jquery-plugin.js:67:24:67:44 | $.exten ... ptions) | -| unsafe-jquery-plugin.js:67:33:67:34 | {} | -| unsafe-jquery-plugin.js:67:37:67:43 | options | -| unsafe-jquery-plugin.js:68:7:68:18 | this.options | -| unsafe-jquery-plugin.js:68:7:68:25 | this.options.parent | -| unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | -| unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | -| unsafe-jquery-plugin.js:71:38:71:44 | options | -| unsafe-jquery-plugin.js:71:38:71:44 | options | -| unsafe-jquery-plugin.js:72:5:72:11 | options | -| unsafe-jquery-plugin.js:72:5:72:15 | options.foo | -| unsafe-jquery-plugin.js:72:5:72:19 | options.foo.bar | -| unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | -| unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | -| unsafe-jquery-plugin.js:76:38:76:44 | options | -| unsafe-jquery-plugin.js:76:38:76:44 | options | -| unsafe-jquery-plugin.js:77:17:77:23 | options | -| unsafe-jquery-plugin.js:77:17:77:27 | options.foo | -| unsafe-jquery-plugin.js:77:17:77:31 | options.foo.bar | -| unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | -| unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | -| unsafe-jquery-plugin.js:84:38:84:44 | options | -| unsafe-jquery-plugin.js:84:38:84:44 | options | -| unsafe-jquery-plugin.js:85:14:85:14 | o | -| unsafe-jquery-plugin.js:86:13:86:27 | $.extend({}, o) | -| unsafe-jquery-plugin.js:86:22:86:23 | {} | -| unsafe-jquery-plugin.js:86:26:86:26 | o | -| unsafe-jquery-plugin.js:87:8:87:24 | t | -| unsafe-jquery-plugin.js:87:12:87:17 | this.o | -| unsafe-jquery-plugin.js:87:12:87:24 | this.o.target | -| unsafe-jquery-plugin.js:90:6:90:6 | t | -| unsafe-jquery-plugin.js:90:6:90:6 | t | -| unsafe-jquery-plugin.js:92:5:92:11 | options | -| unsafe-jquery-plugin.js:101:38:101:44 | options | -| unsafe-jquery-plugin.js:101:38:101:44 | options | -| unsafe-jquery-plugin.js:102:3:105:13 | options | -| unsafe-jquery-plugin.js:102:13:105:13 | $.exten ... ptions) | -| unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | -| unsafe-jquery-plugin.js:105:6:105:12 | options | -| unsafe-jquery-plugin.js:107:5:107:11 | options | -| unsafe-jquery-plugin.js:107:5:107:18 | options.target | -| unsafe-jquery-plugin.js:107:5:107:18 | options.target | -| unsafe-jquery-plugin.js:114:38:114:44 | options | -| unsafe-jquery-plugin.js:114:38:114:44 | options | -| unsafe-jquery-plugin.js:115:3:115:58 | options | -| unsafe-jquery-plugin.js:115:13:115:58 | $.exten ... ptions) | -| unsafe-jquery-plugin.js:115:22:115:23 | {} | -| unsafe-jquery-plugin.js:115:51:115:57 | options | -| unsafe-jquery-plugin.js:117:5:117:11 | options | -| unsafe-jquery-plugin.js:117:5:117:18 | options.target | -| unsafe-jquery-plugin.js:117:5:117:18 | options.target | -| unsafe-jquery-plugin.js:121:40:121:46 | options | -| unsafe-jquery-plugin.js:121:40:121:46 | options | -| unsafe-jquery-plugin.js:122:5:122:11 | options | -| unsafe-jquery-plugin.js:122:5:122:18 | options.target | -| unsafe-jquery-plugin.js:122:5:122:18 | options.target | -| unsafe-jquery-plugin.js:126:33:126:39 | options | -| unsafe-jquery-plugin.js:126:33:126:39 | options | -| unsafe-jquery-plugin.js:127:6:127:12 | options | -| unsafe-jquery-plugin.js:127:6:127:19 | options.target | -| unsafe-jquery-plugin.js:127:6:127:19 | options.target | -| unsafe-jquery-plugin.js:131:34:131:40 | options | -| unsafe-jquery-plugin.js:131:34:131:40 | options | -| unsafe-jquery-plugin.js:132:5:132:11 | options | -| unsafe-jquery-plugin.js:132:5:132:18 | options.target | -| unsafe-jquery-plugin.js:132:5:132:18 | options.target | -| unsafe-jquery-plugin.js:135:36:135:42 | options | -| unsafe-jquery-plugin.js:135:36:135:42 | options | -| unsafe-jquery-plugin.js:136:5:136:11 | options | -| unsafe-jquery-plugin.js:136:5:136:20 | options.viewport | -| unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | -| unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | -| unsafe-jquery-plugin.js:153:38:153:44 | options | -| unsafe-jquery-plugin.js:153:38:153:44 | options | -| unsafe-jquery-plugin.js:154:16:154:22 | options | -| unsafe-jquery-plugin.js:154:16:154:29 | options.target | -| unsafe-jquery-plugin.js:156:3:156:9 | options | -| unsafe-jquery-plugin.js:156:3:156:16 | options.target | -| unsafe-jquery-plugin.js:157:44:157:50 | options | -| unsafe-jquery-plugin.js:157:44:157:57 | options.target | -| unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | -| unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | -| unsafe-jquery-plugin.js:160:38:160:44 | options | -| unsafe-jquery-plugin.js:160:38:160:44 | options | -| unsafe-jquery-plugin.js:165:7:165:29 | target | -| unsafe-jquery-plugin.js:165:16:165:22 | options | -| unsafe-jquery-plugin.js:165:16:165:29 | options.target | -| unsafe-jquery-plugin.js:170:6:170:11 | target | -| unsafe-jquery-plugin.js:170:6:170:11 | target | -| unsafe-jquery-plugin.js:178:27:178:33 | options | -| unsafe-jquery-plugin.js:178:27:178:33 | options | -| unsafe-jquery-plugin.js:179:5:179:11 | options | -| unsafe-jquery-plugin.js:179:5:179:18 | options.target | -| unsafe-jquery-plugin.js:179:5:179:18 | options.target | -| unsafe-jquery-plugin.js:185:28:185:34 | options | -| unsafe-jquery-plugin.js:185:28:185:34 | options | -| unsafe-jquery-plugin.js:186:21:186:27 | options | -| unsafe-jquery-plugin.js:186:21:186:30 | options.of | -| unsafe-jquery-plugin.js:192:19:192:28 | options.of | -| unsafe-jquery-plugin.js:192:19:192:28 | options.of | edges -| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:3:5:3:11 | options | -| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:3:5:3:11 | options | -| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:3:5:3:11 | options | -| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:3:5:3:11 | options | -| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:5:5:5:11 | options | -| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:5:5:5:11 | options | -| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:7:17:7:23 | options | -| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:7:17:7:23 | options | -| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:11:16:11:22 | options | -| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:11:16:11:22 | options | -| unsafe-jquery-plugin.js:5:5:5:11 | options | unsafe-jquery-plugin.js:5:5:5:18 | options.target | -| unsafe-jquery-plugin.js:5:5:5:11 | options | unsafe-jquery-plugin.js:5:5:5:18 | options.target | -| unsafe-jquery-plugin.js:5:5:5:18 | options.target | unsafe-jquery-plugin.js:11:16:11:29 | options.target | -| unsafe-jquery-plugin.js:7:17:7:23 | options | unsafe-jquery-plugin.js:7:17:7:30 | options.target | -| unsafe-jquery-plugin.js:7:17:7:30 | options.target | unsafe-jquery-plugin.js:11:16:11:29 | options.target | -| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:22:6:22:11 | target | -| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:22:6:22:11 | target | -| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:30:6:30:11 | target | -| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:30:6:30:11 | target | -| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:36:6:36:11 | target | -| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:36:6:36:11 | target | -| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:40:6:40:11 | target | -| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:40:6:40:11 | target | -| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:48:6:48:11 | target | -| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:48:6:48:11 | target | -| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:52:6:52:11 | target | -| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:52:6:52:11 | target | -| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:60:6:60:11 | target | -| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:60:6:60:11 | target | -| unsafe-jquery-plugin.js:11:16:11:22 | options | unsafe-jquery-plugin.js:11:16:11:29 | options.target | -| unsafe-jquery-plugin.js:11:16:11:29 | options.target | unsafe-jquery-plugin.js:11:7:11:29 | target | -| unsafe-jquery-plugin.js:65:47:65:53 | options | unsafe-jquery-plugin.js:67:37:67:43 | options | -| unsafe-jquery-plugin.js:65:47:65:53 | options | unsafe-jquery-plugin.js:67:37:67:43 | options | -| unsafe-jquery-plugin.js:67:24:67:44 | $.exten ... ptions) | unsafe-jquery-plugin.js:68:7:68:18 | this.options | -| unsafe-jquery-plugin.js:67:33:67:34 | {} | unsafe-jquery-plugin.js:67:24:67:44 | $.exten ... ptions) | -| unsafe-jquery-plugin.js:67:37:67:43 | options | unsafe-jquery-plugin.js:67:24:67:44 | $.exten ... ptions) | -| unsafe-jquery-plugin.js:67:37:67:43 | options | unsafe-jquery-plugin.js:67:33:67:34 | {} | -| unsafe-jquery-plugin.js:68:7:68:18 | this.options | unsafe-jquery-plugin.js:68:7:68:25 | this.options.parent | -| unsafe-jquery-plugin.js:68:7:68:25 | this.options.parent | unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | -| unsafe-jquery-plugin.js:68:7:68:25 | this.options.parent | unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | -| unsafe-jquery-plugin.js:71:38:71:44 | options | unsafe-jquery-plugin.js:72:5:72:11 | options | -| unsafe-jquery-plugin.js:71:38:71:44 | options | unsafe-jquery-plugin.js:72:5:72:11 | options | -| unsafe-jquery-plugin.js:72:5:72:11 | options | unsafe-jquery-plugin.js:72:5:72:15 | options.foo | -| unsafe-jquery-plugin.js:72:5:72:15 | options.foo | unsafe-jquery-plugin.js:72:5:72:19 | options.foo.bar | -| unsafe-jquery-plugin.js:72:5:72:19 | options.foo.bar | unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | -| unsafe-jquery-plugin.js:72:5:72:19 | options.foo.bar | unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | -| unsafe-jquery-plugin.js:76:38:76:44 | options | unsafe-jquery-plugin.js:77:17:77:23 | options | -| unsafe-jquery-plugin.js:76:38:76:44 | options | unsafe-jquery-plugin.js:77:17:77:23 | options | -| unsafe-jquery-plugin.js:77:17:77:23 | options | unsafe-jquery-plugin.js:77:17:77:27 | options.foo | -| unsafe-jquery-plugin.js:77:17:77:27 | options.foo | unsafe-jquery-plugin.js:77:17:77:31 | options.foo.bar | -| unsafe-jquery-plugin.js:77:17:77:31 | options.foo.bar | unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | -| unsafe-jquery-plugin.js:77:17:77:31 | options.foo.bar | unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | -| unsafe-jquery-plugin.js:84:38:84:44 | options | unsafe-jquery-plugin.js:92:5:92:11 | options | -| unsafe-jquery-plugin.js:84:38:84:44 | options | unsafe-jquery-plugin.js:92:5:92:11 | options | -| unsafe-jquery-plugin.js:85:14:85:14 | o | unsafe-jquery-plugin.js:86:26:86:26 | o | -| unsafe-jquery-plugin.js:86:13:86:27 | $.extend({}, o) | unsafe-jquery-plugin.js:87:12:87:17 | this.o | -| unsafe-jquery-plugin.js:86:22:86:23 | {} | unsafe-jquery-plugin.js:86:13:86:27 | $.extend({}, o) | -| unsafe-jquery-plugin.js:86:26:86:26 | o | unsafe-jquery-plugin.js:86:13:86:27 | $.extend({}, o) | -| unsafe-jquery-plugin.js:86:26:86:26 | o | unsafe-jquery-plugin.js:86:22:86:23 | {} | -| unsafe-jquery-plugin.js:87:8:87:24 | t | unsafe-jquery-plugin.js:90:6:90:6 | t | -| unsafe-jquery-plugin.js:87:8:87:24 | t | unsafe-jquery-plugin.js:90:6:90:6 | t | -| unsafe-jquery-plugin.js:87:12:87:17 | this.o | unsafe-jquery-plugin.js:87:12:87:24 | this.o.target | -| unsafe-jquery-plugin.js:87:12:87:24 | this.o.target | unsafe-jquery-plugin.js:87:8:87:24 | t | -| unsafe-jquery-plugin.js:92:5:92:11 | options | unsafe-jquery-plugin.js:85:14:85:14 | o | -| unsafe-jquery-plugin.js:101:38:101:44 | options | unsafe-jquery-plugin.js:105:6:105:12 | options | -| unsafe-jquery-plugin.js:101:38:101:44 | options | unsafe-jquery-plugin.js:105:6:105:12 | options | -| unsafe-jquery-plugin.js:102:3:105:13 | options | unsafe-jquery-plugin.js:107:5:107:11 | options | -| unsafe-jquery-plugin.js:102:13:105:13 | $.exten ... ptions) | unsafe-jquery-plugin.js:102:3:105:13 | options | -| unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | unsafe-jquery-plugin.js:102:13:105:13 | $.exten ... ptions) | -| unsafe-jquery-plugin.js:105:6:105:12 | options | unsafe-jquery-plugin.js:102:13:105:13 | $.exten ... ptions) | -| unsafe-jquery-plugin.js:105:6:105:12 | options | unsafe-jquery-plugin.js:102:22:105:3 | {\\n\\t\\t\\tme ... in'\\n\\t\\t} | -| unsafe-jquery-plugin.js:107:5:107:11 | options | unsafe-jquery-plugin.js:107:5:107:18 | options.target | -| unsafe-jquery-plugin.js:107:5:107:11 | options | unsafe-jquery-plugin.js:107:5:107:18 | options.target | -| unsafe-jquery-plugin.js:114:38:114:44 | options | unsafe-jquery-plugin.js:115:51:115:57 | options | -| unsafe-jquery-plugin.js:114:38:114:44 | options | unsafe-jquery-plugin.js:115:51:115:57 | options | -| unsafe-jquery-plugin.js:115:3:115:58 | options | unsafe-jquery-plugin.js:117:5:117:11 | options | -| unsafe-jquery-plugin.js:115:13:115:58 | $.exten ... ptions) | unsafe-jquery-plugin.js:115:3:115:58 | options | -| unsafe-jquery-plugin.js:115:22:115:23 | {} | unsafe-jquery-plugin.js:115:13:115:58 | $.exten ... ptions) | -| unsafe-jquery-plugin.js:115:51:115:57 | options | unsafe-jquery-plugin.js:115:13:115:58 | $.exten ... ptions) | -| unsafe-jquery-plugin.js:115:51:115:57 | options | unsafe-jquery-plugin.js:115:22:115:23 | {} | -| unsafe-jquery-plugin.js:117:5:117:11 | options | unsafe-jquery-plugin.js:117:5:117:18 | options.target | -| unsafe-jquery-plugin.js:117:5:117:11 | options | unsafe-jquery-plugin.js:117:5:117:18 | options.target | -| unsafe-jquery-plugin.js:121:40:121:46 | options | unsafe-jquery-plugin.js:122:5:122:11 | options | -| unsafe-jquery-plugin.js:121:40:121:46 | options | unsafe-jquery-plugin.js:122:5:122:11 | options | -| unsafe-jquery-plugin.js:122:5:122:11 | options | unsafe-jquery-plugin.js:122:5:122:18 | options.target | -| unsafe-jquery-plugin.js:122:5:122:11 | options | unsafe-jquery-plugin.js:122:5:122:18 | options.target | -| unsafe-jquery-plugin.js:126:33:126:39 | options | unsafe-jquery-plugin.js:127:6:127:12 | options | -| unsafe-jquery-plugin.js:126:33:126:39 | options | unsafe-jquery-plugin.js:127:6:127:12 | options | -| unsafe-jquery-plugin.js:127:6:127:12 | options | unsafe-jquery-plugin.js:127:6:127:19 | options.target | -| unsafe-jquery-plugin.js:127:6:127:12 | options | unsafe-jquery-plugin.js:127:6:127:19 | options.target | -| unsafe-jquery-plugin.js:131:34:131:40 | options | unsafe-jquery-plugin.js:132:5:132:11 | options | -| unsafe-jquery-plugin.js:131:34:131:40 | options | unsafe-jquery-plugin.js:132:5:132:11 | options | -| unsafe-jquery-plugin.js:132:5:132:11 | options | unsafe-jquery-plugin.js:132:5:132:18 | options.target | -| unsafe-jquery-plugin.js:132:5:132:11 | options | unsafe-jquery-plugin.js:132:5:132:18 | options.target | -| unsafe-jquery-plugin.js:135:36:135:42 | options | unsafe-jquery-plugin.js:136:5:136:11 | options | -| unsafe-jquery-plugin.js:135:36:135:42 | options | unsafe-jquery-plugin.js:136:5:136:11 | options | -| unsafe-jquery-plugin.js:136:5:136:11 | options | unsafe-jquery-plugin.js:136:5:136:20 | options.viewport | -| unsafe-jquery-plugin.js:136:5:136:20 | options.viewport | unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | -| unsafe-jquery-plugin.js:136:5:136:20 | options.viewport | unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | -| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:154:16:154:22 | options | -| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:154:16:154:22 | options | -| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:156:3:156:9 | options | -| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:156:3:156:9 | options | -| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:157:44:157:50 | options | -| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:157:44:157:50 | options | -| unsafe-jquery-plugin.js:154:16:154:22 | options | unsafe-jquery-plugin.js:154:16:154:29 | options.target | -| unsafe-jquery-plugin.js:154:16:154:29 | options.target | unsafe-jquery-plugin.js:156:3:156:16 | options.target | -| unsafe-jquery-plugin.js:154:16:154:29 | options.target | unsafe-jquery-plugin.js:157:44:157:57 | options.target | -| unsafe-jquery-plugin.js:156:3:156:9 | options | unsafe-jquery-plugin.js:156:3:156:16 | options.target | -| unsafe-jquery-plugin.js:156:3:156:16 | options.target | unsafe-jquery-plugin.js:157:44:157:57 | options.target | -| unsafe-jquery-plugin.js:157:44:157:50 | options | unsafe-jquery-plugin.js:157:44:157:57 | options.target | -| unsafe-jquery-plugin.js:157:44:157:57 | options.target | unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | -| unsafe-jquery-plugin.js:157:44:157:57 | options.target | unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | -| unsafe-jquery-plugin.js:160:38:160:44 | options | unsafe-jquery-plugin.js:165:16:165:22 | options | -| unsafe-jquery-plugin.js:160:38:160:44 | options | unsafe-jquery-plugin.js:165:16:165:22 | options | -| unsafe-jquery-plugin.js:165:7:165:29 | target | unsafe-jquery-plugin.js:170:6:170:11 | target | -| unsafe-jquery-plugin.js:165:7:165:29 | target | unsafe-jquery-plugin.js:170:6:170:11 | target | -| unsafe-jquery-plugin.js:165:16:165:22 | options | unsafe-jquery-plugin.js:165:16:165:29 | options.target | -| unsafe-jquery-plugin.js:165:16:165:29 | options.target | unsafe-jquery-plugin.js:165:7:165:29 | target | -| unsafe-jquery-plugin.js:178:27:178:33 | options | unsafe-jquery-plugin.js:179:5:179:11 | options | -| unsafe-jquery-plugin.js:178:27:178:33 | options | unsafe-jquery-plugin.js:179:5:179:11 | options | -| unsafe-jquery-plugin.js:179:5:179:11 | options | unsafe-jquery-plugin.js:179:5:179:18 | options.target | -| unsafe-jquery-plugin.js:179:5:179:11 | options | unsafe-jquery-plugin.js:179:5:179:18 | options.target | -| unsafe-jquery-plugin.js:185:28:185:34 | options | unsafe-jquery-plugin.js:186:21:186:27 | options | -| unsafe-jquery-plugin.js:185:28:185:34 | options | unsafe-jquery-plugin.js:186:21:186:27 | options | -| unsafe-jquery-plugin.js:186:21:186:27 | options | unsafe-jquery-plugin.js:186:21:186:30 | options.of | -| unsafe-jquery-plugin.js:186:21:186:30 | options.of | unsafe-jquery-plugin.js:192:19:192:28 | options.of | -| unsafe-jquery-plugin.js:186:21:186:30 | options.of | unsafe-jquery-plugin.js:192:19:192:28 | options.of | +| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:3:5:3:11 | options | provenance | | +| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:5:5:5:11 | options | provenance | | +| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:7:17:7:23 | options | provenance | | +| unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:11:16:11:22 | options | provenance | | +| unsafe-jquery-plugin.js:5:5:5:11 | options | unsafe-jquery-plugin.js:5:5:5:18 | options.target | provenance | | +| unsafe-jquery-plugin.js:5:5:5:11 | options | unsafe-jquery-plugin.js:5:5:5:18 | options.target | provenance | | +| unsafe-jquery-plugin.js:5:5:5:18 | options.target | unsafe-jquery-plugin.js:11:16:11:29 | options.target | provenance | Config | +| unsafe-jquery-plugin.js:7:17:7:23 | options | unsafe-jquery-plugin.js:7:17:7:30 | options.target | provenance | | +| unsafe-jquery-plugin.js:7:17:7:30 | options.target | unsafe-jquery-plugin.js:11:16:11:29 | options.target | provenance | Config | +| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:22:6:22:11 | target | provenance | | +| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:30:6:30:11 | target | provenance | | +| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:36:6:36:11 | target | provenance | | +| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:40:6:40:11 | target | provenance | | +| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:48:6:48:11 | target | provenance | | +| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:52:6:52:11 | target | provenance | | +| unsafe-jquery-plugin.js:11:7:11:29 | target | unsafe-jquery-plugin.js:60:6:60:11 | target | provenance | | +| unsafe-jquery-plugin.js:11:16:11:22 | options | unsafe-jquery-plugin.js:11:16:11:29 | options.target | provenance | | +| unsafe-jquery-plugin.js:11:16:11:29 | options.target | unsafe-jquery-plugin.js:11:7:11:29 | target | provenance | | +| unsafe-jquery-plugin.js:71:38:71:44 | options | unsafe-jquery-plugin.js:72:5:72:11 | options | provenance | | +| unsafe-jquery-plugin.js:72:5:72:11 | options | unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | provenance | | +| unsafe-jquery-plugin.js:76:38:76:44 | options | unsafe-jquery-plugin.js:77:17:77:23 | options | provenance | | +| unsafe-jquery-plugin.js:77:17:77:23 | options | unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | provenance | | +| unsafe-jquery-plugin.js:101:38:101:44 | options | unsafe-jquery-plugin.js:105:6:105:12 | options | provenance | | +| unsafe-jquery-plugin.js:102:3:105:13 | options | unsafe-jquery-plugin.js:107:5:107:11 | options | provenance | | +| unsafe-jquery-plugin.js:102:13:105:13 | $.exten ... ptions) | unsafe-jquery-plugin.js:102:3:105:13 | options | provenance | | +| unsafe-jquery-plugin.js:105:6:105:12 | options | unsafe-jquery-plugin.js:102:13:105:13 | $.exten ... ptions) | provenance | | +| unsafe-jquery-plugin.js:107:5:107:11 | options | unsafe-jquery-plugin.js:107:5:107:18 | options.target | provenance | | +| unsafe-jquery-plugin.js:114:38:114:44 | options | unsafe-jquery-plugin.js:115:51:115:57 | options | provenance | | +| unsafe-jquery-plugin.js:115:3:115:58 | options | unsafe-jquery-plugin.js:117:5:117:11 | options | provenance | | +| unsafe-jquery-plugin.js:115:13:115:58 | $.exten ... ptions) | unsafe-jquery-plugin.js:115:3:115:58 | options | provenance | | +| unsafe-jquery-plugin.js:115:51:115:57 | options | unsafe-jquery-plugin.js:115:13:115:58 | $.exten ... ptions) | provenance | | +| unsafe-jquery-plugin.js:117:5:117:11 | options | unsafe-jquery-plugin.js:117:5:117:18 | options.target | provenance | | +| unsafe-jquery-plugin.js:121:40:121:46 | options | unsafe-jquery-plugin.js:122:5:122:11 | options | provenance | | +| unsafe-jquery-plugin.js:122:5:122:11 | options | unsafe-jquery-plugin.js:122:5:122:18 | options.target | provenance | | +| unsafe-jquery-plugin.js:126:33:126:39 | options | unsafe-jquery-plugin.js:127:6:127:12 | options | provenance | | +| unsafe-jquery-plugin.js:127:6:127:12 | options | unsafe-jquery-plugin.js:127:6:127:19 | options.target | provenance | | +| unsafe-jquery-plugin.js:131:34:131:40 | options | unsafe-jquery-plugin.js:132:5:132:11 | options | provenance | | +| unsafe-jquery-plugin.js:132:5:132:11 | options | unsafe-jquery-plugin.js:132:5:132:18 | options.target | provenance | | +| unsafe-jquery-plugin.js:135:36:135:42 | options | unsafe-jquery-plugin.js:136:5:136:11 | options | provenance | | +| unsafe-jquery-plugin.js:136:5:136:11 | options | unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | provenance | | +| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:154:16:154:22 | options | provenance | | +| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:156:3:156:9 | options | provenance | | +| unsafe-jquery-plugin.js:153:38:153:44 | options | unsafe-jquery-plugin.js:157:44:157:50 | options | provenance | | +| unsafe-jquery-plugin.js:154:16:154:22 | options | unsafe-jquery-plugin.js:154:16:154:29 | options.target | provenance | | +| unsafe-jquery-plugin.js:154:16:154:29 | options.target | unsafe-jquery-plugin.js:156:3:156:16 | options.target | provenance | Config | +| unsafe-jquery-plugin.js:154:16:154:29 | options.target | unsafe-jquery-plugin.js:157:44:157:57 | options.target | provenance | Config | +| unsafe-jquery-plugin.js:156:3:156:9 | options | unsafe-jquery-plugin.js:156:3:156:16 | options.target | provenance | | +| unsafe-jquery-plugin.js:156:3:156:16 | options.target | unsafe-jquery-plugin.js:157:44:157:57 | options.target | provenance | Config | +| unsafe-jquery-plugin.js:157:44:157:50 | options | unsafe-jquery-plugin.js:157:44:157:57 | options.target | provenance | | +| unsafe-jquery-plugin.js:157:44:157:57 | options.target | unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | provenance | | +| unsafe-jquery-plugin.js:160:38:160:44 | options | unsafe-jquery-plugin.js:165:16:165:22 | options | provenance | | +| unsafe-jquery-plugin.js:165:7:165:29 | target | unsafe-jquery-plugin.js:170:6:170:11 | target | provenance | | +| unsafe-jquery-plugin.js:165:16:165:22 | options | unsafe-jquery-plugin.js:165:7:165:29 | target | provenance | | +| unsafe-jquery-plugin.js:178:27:178:33 | options | unsafe-jquery-plugin.js:179:5:179:11 | options | provenance | | +| unsafe-jquery-plugin.js:179:5:179:11 | options | unsafe-jquery-plugin.js:179:5:179:18 | options.target | provenance | | +| unsafe-jquery-plugin.js:185:28:185:34 | options | unsafe-jquery-plugin.js:186:21:186:27 | options | provenance | | +| unsafe-jquery-plugin.js:186:21:186:27 | options | unsafe-jquery-plugin.js:186:21:186:30 | options.of | provenance | | +| unsafe-jquery-plugin.js:186:21:186:30 | options.of | unsafe-jquery-plugin.js:192:19:192:28 | options.of | provenance | Config | +nodes +| unsafe-jquery-plugin.js:2:38:2:44 | options | semmle.label | options | +| unsafe-jquery-plugin.js:3:5:3:11 | options | semmle.label | options | +| unsafe-jquery-plugin.js:5:5:5:11 | options | semmle.label | options | +| unsafe-jquery-plugin.js:5:5:5:18 | options.target | semmle.label | options.target | +| unsafe-jquery-plugin.js:5:5:5:18 | options.target | semmle.label | options.target | +| unsafe-jquery-plugin.js:7:17:7:23 | options | semmle.label | options | +| unsafe-jquery-plugin.js:7:17:7:30 | options.target | semmle.label | options.target | +| unsafe-jquery-plugin.js:11:7:11:29 | target | semmle.label | target | +| unsafe-jquery-plugin.js:11:16:11:22 | options | semmle.label | options | +| unsafe-jquery-plugin.js:11:16:11:29 | options.target | semmle.label | options.target | +| unsafe-jquery-plugin.js:22:6:22:11 | target | semmle.label | target | +| unsafe-jquery-plugin.js:30:6:30:11 | target | semmle.label | target | +| unsafe-jquery-plugin.js:36:6:36:11 | target | semmle.label | target | +| unsafe-jquery-plugin.js:40:6:40:11 | target | semmle.label | target | +| unsafe-jquery-plugin.js:48:6:48:11 | target | semmle.label | target | +| unsafe-jquery-plugin.js:52:6:52:11 | target | semmle.label | target | +| unsafe-jquery-plugin.js:60:6:60:11 | target | semmle.label | target | +| unsafe-jquery-plugin.js:71:38:71:44 | options | semmle.label | options | +| unsafe-jquery-plugin.js:72:5:72:11 | options | semmle.label | options | +| unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | semmle.label | options.foo.bar.baz | +| unsafe-jquery-plugin.js:76:38:76:44 | options | semmle.label | options | +| unsafe-jquery-plugin.js:77:17:77:23 | options | semmle.label | options | +| unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | semmle.label | options.foo.bar.baz | +| unsafe-jquery-plugin.js:101:38:101:44 | options | semmle.label | options | +| unsafe-jquery-plugin.js:102:3:105:13 | options | semmle.label | options | +| unsafe-jquery-plugin.js:102:13:105:13 | $.exten ... ptions) | semmle.label | $.exten ... ptions) | +| unsafe-jquery-plugin.js:105:6:105:12 | options | semmle.label | options | +| unsafe-jquery-plugin.js:107:5:107:11 | options | semmle.label | options | +| unsafe-jquery-plugin.js:107:5:107:18 | options.target | semmle.label | options.target | +| unsafe-jquery-plugin.js:114:38:114:44 | options | semmle.label | options | +| unsafe-jquery-plugin.js:115:3:115:58 | options | semmle.label | options | +| unsafe-jquery-plugin.js:115:13:115:58 | $.exten ... ptions) | semmle.label | $.exten ... ptions) | +| unsafe-jquery-plugin.js:115:51:115:57 | options | semmle.label | options | +| unsafe-jquery-plugin.js:117:5:117:11 | options | semmle.label | options | +| unsafe-jquery-plugin.js:117:5:117:18 | options.target | semmle.label | options.target | +| unsafe-jquery-plugin.js:121:40:121:46 | options | semmle.label | options | +| unsafe-jquery-plugin.js:122:5:122:11 | options | semmle.label | options | +| unsafe-jquery-plugin.js:122:5:122:18 | options.target | semmle.label | options.target | +| unsafe-jquery-plugin.js:126:33:126:39 | options | semmle.label | options | +| unsafe-jquery-plugin.js:127:6:127:12 | options | semmle.label | options | +| unsafe-jquery-plugin.js:127:6:127:19 | options.target | semmle.label | options.target | +| unsafe-jquery-plugin.js:131:34:131:40 | options | semmle.label | options | +| unsafe-jquery-plugin.js:132:5:132:11 | options | semmle.label | options | +| unsafe-jquery-plugin.js:132:5:132:18 | options.target | semmle.label | options.target | +| unsafe-jquery-plugin.js:135:36:135:42 | options | semmle.label | options | +| unsafe-jquery-plugin.js:136:5:136:11 | options | semmle.label | options | +| unsafe-jquery-plugin.js:136:5:136:29 | options ... elector | semmle.label | options ... elector | +| unsafe-jquery-plugin.js:153:38:153:44 | options | semmle.label | options | +| unsafe-jquery-plugin.js:154:16:154:22 | options | semmle.label | options | +| unsafe-jquery-plugin.js:154:16:154:29 | options.target | semmle.label | options.target | +| unsafe-jquery-plugin.js:156:3:156:9 | options | semmle.label | options | +| unsafe-jquery-plugin.js:156:3:156:16 | options.target | semmle.label | options.target | +| unsafe-jquery-plugin.js:157:44:157:50 | options | semmle.label | options | +| unsafe-jquery-plugin.js:157:44:157:57 | options.target | semmle.label | options.target | +| unsafe-jquery-plugin.js:157:44:157:59 | options.target.a | semmle.label | options.target.a | +| unsafe-jquery-plugin.js:160:38:160:44 | options | semmle.label | options | +| unsafe-jquery-plugin.js:165:7:165:29 | target | semmle.label | target | +| unsafe-jquery-plugin.js:165:16:165:22 | options | semmle.label | options | +| unsafe-jquery-plugin.js:170:6:170:11 | target | semmle.label | target | +| unsafe-jquery-plugin.js:178:27:178:33 | options | semmle.label | options | +| unsafe-jquery-plugin.js:179:5:179:11 | options | semmle.label | options | +| unsafe-jquery-plugin.js:179:5:179:18 | options.target | semmle.label | options.target | +| unsafe-jquery-plugin.js:185:28:185:34 | options | semmle.label | options | +| unsafe-jquery-plugin.js:186:21:186:27 | options | semmle.label | options | +| unsafe-jquery-plugin.js:186:21:186:30 | options.of | semmle.label | options.of | +| unsafe-jquery-plugin.js:192:19:192:28 | options.of | semmle.label | options.of | +subpaths #select | unsafe-jquery-plugin.js:3:5:3:11 | options | unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:3:5:3:11 | options | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:2:19:63:2 | functio ... \\t\\t}\\n\\n\\t} | '$.fn.my_plugin' plugin | | unsafe-jquery-plugin.js:5:5:5:18 | options.target | unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:5:5:5:18 | options.target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:2:19:63:2 | functio ... \\t\\t}\\n\\n\\t} | '$.fn.my_plugin' plugin | @@ -266,10 +135,8 @@ edges | unsafe-jquery-plugin.js:48:6:48:11 | target | unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:48:6:48:11 | target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:2:19:63:2 | functio ... \\t\\t}\\n\\n\\t} | '$.fn.my_plugin' plugin | | unsafe-jquery-plugin.js:52:6:52:11 | target | unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:52:6:52:11 | target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:2:19:63:2 | functio ... \\t\\t}\\n\\n\\t} | '$.fn.my_plugin' plugin | | unsafe-jquery-plugin.js:60:6:60:11 | target | unsafe-jquery-plugin.js:2:38:2:44 | options | unsafe-jquery-plugin.js:60:6:60:11 | target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:2:19:63:2 | functio ... \\t\\t}\\n\\n\\t} | '$.fn.my_plugin' plugin | -| unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | unsafe-jquery-plugin.js:65:47:65:53 | options | unsafe-jquery-plugin.js:68:45:68:63 | this.options.parent | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:65:19:69:2 | functio ... T OK\\n\\t} | '$.fn.my_plugin' plugin | | unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | unsafe-jquery-plugin.js:71:38:71:44 | options | unsafe-jquery-plugin.js:72:5:72:23 | options.foo.bar.baz | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:71:19:74:2 | functio ... / OK\\n\\t} | '$.fn.my_plugin' plugin | | unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | unsafe-jquery-plugin.js:76:38:76:44 | options | unsafe-jquery-plugin.js:77:17:77:35 | options.foo.bar.baz | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:76:19:78:2 | functio ... T OK\\n\\t} | '$.fn.my_plugin' plugin | -| unsafe-jquery-plugin.js:90:6:90:6 | t | unsafe-jquery-plugin.js:84:38:84:44 | options | unsafe-jquery-plugin.js:90:6:90:6 | t | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:84:19:93:2 | functio ... ns);\\n\\t} | '$.fn.my_plugin' plugin | | unsafe-jquery-plugin.js:107:5:107:18 | options.target | unsafe-jquery-plugin.js:101:38:101:44 | options | unsafe-jquery-plugin.js:107:5:107:18 | options.target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:101:19:108:2 | functio ... T OK\\n\\t} | '$.fn.my_plugin' plugin | | unsafe-jquery-plugin.js:117:5:117:18 | options.target | unsafe-jquery-plugin.js:114:38:114:44 | options | unsafe-jquery-plugin.js:117:5:117:18 | options.target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:114:19:118:2 | functio ... T OK\\n\\t} | '$.fn.my_plugin' plugin | | unsafe-jquery-plugin.js:122:5:122:18 | options.target | unsafe-jquery-plugin.js:121:40:121:46 | options | unsafe-jquery-plugin.js:122:5:122:18 | options.target | Potential XSS vulnerability in the $@. | unsafe-jquery-plugin.js:121:21:123:2 | functio ... T OK\\n\\t} | '$.fn.my_plugin' plugin | diff --git a/javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom/ConsistencyXssThroughDom.ql b/javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom/ConsistencyXssThroughDom.ql index 75416d5a0dc2..08eb6eda7fbf 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom/ConsistencyXssThroughDom.ql +++ b/javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom/ConsistencyXssThroughDom.ql @@ -1,3 +1,14 @@ import javascript import testUtilities.ConsistencyChecking -import semmle.javascript.security.dataflow.XssThroughDomQuery as ThroughDomXss +import semmle.javascript.security.dataflow.XssThroughDomQuery + +class ConsistencyConfig extends ConsistencyConfiguration { + ConsistencyConfig() { this = "ConsistencyConfig" } + + override DataFlow::Node getAnAlert() { + exists(DataFlow::Node source | + XssThroughDomFlow::flow(source, result) and + not isIgnoredSourceSinkPair(source, result) + ) + } +} diff --git a/javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom/XssThroughDom.expected b/javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom/XssThroughDom.expected index 83147705499c..5880071e4e0f 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom/XssThroughDom.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom/XssThroughDom.expected @@ -1,277 +1,128 @@ -nodes -| forms.js:8:23:8:28 | values | -| forms.js:8:23:8:28 | values | -| forms.js:9:31:9:36 | values | -| forms.js:9:31:9:40 | values.foo | -| forms.js:9:31:9:40 | values.foo | -| forms.js:11:24:11:29 | values | -| forms.js:11:24:11:29 | values | -| forms.js:12:31:12:36 | values | -| forms.js:12:31:12:40 | values.bar | -| forms.js:12:31:12:40 | values.bar | -| forms.js:24:15:24:20 | values | -| forms.js:24:15:24:20 | values | -| forms.js:25:23:25:28 | values | -| forms.js:25:23:25:34 | values.email | -| forms.js:25:23:25:34 | values.email | -| forms.js:28:20:28:25 | values | -| forms.js:28:20:28:25 | values | -| forms.js:29:23:29:28 | values | -| forms.js:29:23:29:34 | values.email | -| forms.js:29:23:29:34 | values.email | -| forms.js:34:11:34:53 | values | -| forms.js:34:13:34:18 | values | -| forms.js:34:13:34:18 | values | -| forms.js:35:19:35:24 | values | -| forms.js:35:19:35:30 | values.email | -| forms.js:35:19:35:30 | values.email | -| forms.js:44:21:44:26 | values | -| forms.js:44:21:44:26 | values | -| forms.js:45:21:45:26 | values | -| forms.js:45:21:45:33 | values.stooge | -| forms.js:45:21:45:33 | values.stooge | -| forms.js:57:19:57:32 | e.target.value | -| forms.js:57:19:57:32 | e.target.value | -| forms.js:57:19:57:32 | e.target.value | -| forms.js:71:21:71:24 | data | -| forms.js:71:21:71:24 | data | -| forms.js:72:19:72:22 | data | -| forms.js:72:19:72:27 | data.name | -| forms.js:72:19:72:27 | data.name | -| forms.js:92:17:92:36 | values | -| forms.js:92:26:92:36 | getValues() | -| forms.js:92:26:92:36 | getValues() | -| forms.js:93:25:93:30 | values | -| forms.js:93:25:93:35 | values.name | -| forms.js:93:25:93:35 | values.name | -| forms.js:103:23:103:36 | e.target.value | -| forms.js:103:23:103:36 | e.target.value | -| forms.js:103:23:103:36 | e.target.value | -| forms.js:107:23:107:36 | e.target.value | -| forms.js:107:23:107:36 | e.target.value | -| forms.js:107:23:107:36 | e.target.value | -| xss-through-dom.js:2:16:2:34 | $("textarea").val() | -| xss-through-dom.js:2:16:2:34 | $("textarea").val() | -| xss-through-dom.js:2:16:2:34 | $("textarea").val() | -| xss-through-dom.js:4:16:4:40 | $(".som ... .text() | -| xss-through-dom.js:4:16:4:40 | $(".som ... .text() | -| xss-through-dom.js:4:16:4:40 | $(".som ... .text() | -| xss-through-dom.js:8:16:8:53 | $(".som ... arget") | -| xss-through-dom.js:8:16:8:53 | $(".som ... arget") | -| xss-through-dom.js:8:16:8:53 | $(".som ... arget") | -| xss-through-dom.js:11:3:11:42 | documen ... nerText | -| xss-through-dom.js:11:3:11:42 | documen ... nerText | -| xss-through-dom.js:11:3:11:42 | documen ... nerText | -| xss-through-dom.js:19:3:19:44 | documen ... Content | -| xss-through-dom.js:19:3:19:44 | documen ... Content | -| xss-through-dom.js:19:3:19:44 | documen ... Content | -| xss-through-dom.js:23:3:23:48 | documen ... ].value | -| xss-through-dom.js:23:3:23:48 | documen ... ].value | -| xss-through-dom.js:23:3:23:48 | documen ... ].value | -| xss-through-dom.js:27:3:27:61 | documen ... arget') | -| xss-through-dom.js:27:3:27:61 | documen ... arget') | -| xss-through-dom.js:27:3:27:61 | documen ... arget') | -| xss-through-dom.js:51:30:51:48 | $("textarea").val() | -| xss-through-dom.js:51:30:51:48 | $("textarea").val() | -| xss-through-dom.js:51:30:51:48 | $("textarea").val() | -| xss-through-dom.js:54:31:54:49 | $("textarea").val() | -| xss-through-dom.js:54:31:54:49 | $("textarea").val() | -| xss-through-dom.js:54:31:54:49 | $("textarea").val() | -| xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | -| xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | -| xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | -| xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | -| xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | -| xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | -| xss-through-dom.js:61:30:61:69 | $(docum ... value") | -| xss-through-dom.js:61:30:61:69 | $(docum ... value") | -| xss-through-dom.js:61:30:61:69 | $(docum ... value") | -| xss-through-dom.js:64:30:64:40 | valMethod() | -| xss-through-dom.js:64:30:64:40 | valMethod() | -| xss-through-dom.js:64:30:64:40 | valMethod() | -| xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | -| xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | -| xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | -| xss-through-dom.js:73:9:73:41 | selector | -| xss-through-dom.js:73:20:73:41 | $("inpu ... 0).name | -| xss-through-dom.js:73:20:73:41 | $("inpu ... 0).name | -| xss-through-dom.js:77:4:77:11 | selector | -| xss-through-dom.js:77:4:77:11 | selector | -| xss-through-dom.js:79:4:79:34 | documen ... t.value | -| xss-through-dom.js:79:4:79:34 | documen ... t.value | -| xss-through-dom.js:79:4:79:34 | documen ... t.value | -| xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | -| xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | -| xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | -| xss-through-dom.js:84:8:84:30 | text | -| xss-through-dom.js:84:15:84:30 | $("text").text() | -| xss-through-dom.js:84:15:84:30 | $("text").text() | -| xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | -| xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | -| xss-through-dom.js:86:33:86:36 | text | -| xss-through-dom.js:87:16:87:40 | new ans ... s(text) | -| xss-through-dom.js:87:16:87:40 | new ans ... s(text) | -| xss-through-dom.js:87:36:87:39 | text | -| xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | -| xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | -| xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | -| xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | -| xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | -| xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | -| xss-through-dom.js:109:31:109:70 | "" | -| xss-through-dom.js:109:31:109:70 | "" | -| xss-through-dom.js:109:45:109:55 | this.el.src | -| xss-through-dom.js:109:45:109:55 | this.el.src | -| xss-through-dom.js:114:11:114:52 | src | -| xss-through-dom.js:114:17:114:52 | documen ... k").src | -| xss-through-dom.js:114:17:114:52 | documen ... k").src | -| xss-through-dom.js:115:16:115:18 | src | -| xss-through-dom.js:115:16:115:18 | src | -| xss-through-dom.js:117:26:117:28 | src | -| xss-through-dom.js:117:26:117:28 | src | -| xss-through-dom.js:120:23:120:37 | ev.target.files | -| xss-through-dom.js:120:23:120:37 | ev.target.files | -| xss-through-dom.js:120:23:120:40 | ev.target.files[0] | -| xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | -| xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | -| xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | -| xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | -| xss-through-dom.js:122:53:122:67 | ev.target.files | -| xss-through-dom.js:122:53:122:67 | ev.target.files | -| xss-through-dom.js:122:53:122:70 | ev.target.files[0] | -| xss-through-dom.js:130:6:130:68 | linkText | -| xss-through-dom.js:130:17:130:37 | wSelect ... tring() | -| xss-through-dom.js:130:17:130:37 | wSelect ... tring() | -| xss-through-dom.js:130:17:130:62 | wSelect ... tring() | -| xss-through-dom.js:130:17:130:68 | wSelect ... ) \|\| '' | -| xss-through-dom.js:130:42:130:62 | dSelect ... tring() | -| xss-through-dom.js:130:42:130:62 | dSelect ... tring() | -| xss-through-dom.js:131:19:131:26 | linkText | -| xss-through-dom.js:131:19:131:26 | linkText | -| xss-through-dom.js:132:16:132:23 | linkText | -| xss-through-dom.js:132:16:132:23 | linkText | -| xss-through-dom.js:139:11:139:52 | src | -| xss-through-dom.js:139:17:139:52 | documen ... k").src | -| xss-through-dom.js:139:17:139:52 | documen ... k").src | -| xss-through-dom.js:140:19:140:21 | src | -| xss-through-dom.js:140:19:140:21 | src | -| xss-through-dom.js:141:25:141:27 | src | -| xss-through-dom.js:141:25:141:27 | src | -| xss-through-dom.js:150:24:150:26 | src | -| xss-through-dom.js:150:24:150:26 | src | -| xss-through-dom.js:154:25:154:27 | msg | -| xss-through-dom.js:155:27:155:29 | msg | -| xss-through-dom.js:155:27:155:29 | msg | -| xss-through-dom.js:159:34:159:52 | $("textarea").val() | -| xss-through-dom.js:159:34:159:52 | $("textarea").val() | edges -| forms.js:8:23:8:28 | values | forms.js:9:31:9:36 | values | -| forms.js:8:23:8:28 | values | forms.js:9:31:9:36 | values | -| forms.js:9:31:9:36 | values | forms.js:9:31:9:40 | values.foo | -| forms.js:9:31:9:36 | values | forms.js:9:31:9:40 | values.foo | -| forms.js:11:24:11:29 | values | forms.js:12:31:12:36 | values | -| forms.js:11:24:11:29 | values | forms.js:12:31:12:36 | values | -| forms.js:12:31:12:36 | values | forms.js:12:31:12:40 | values.bar | -| forms.js:12:31:12:36 | values | forms.js:12:31:12:40 | values.bar | -| forms.js:24:15:24:20 | values | forms.js:25:23:25:28 | values | -| forms.js:24:15:24:20 | values | forms.js:25:23:25:28 | values | -| forms.js:25:23:25:28 | values | forms.js:25:23:25:34 | values.email | -| forms.js:25:23:25:28 | values | forms.js:25:23:25:34 | values.email | -| forms.js:28:20:28:25 | values | forms.js:29:23:29:28 | values | -| forms.js:28:20:28:25 | values | forms.js:29:23:29:28 | values | -| forms.js:29:23:29:28 | values | forms.js:29:23:29:34 | values.email | -| forms.js:29:23:29:28 | values | forms.js:29:23:29:34 | values.email | -| forms.js:34:11:34:53 | values | forms.js:35:19:35:24 | values | -| forms.js:34:13:34:18 | values | forms.js:34:11:34:53 | values | -| forms.js:34:13:34:18 | values | forms.js:34:11:34:53 | values | -| forms.js:35:19:35:24 | values | forms.js:35:19:35:30 | values.email | -| forms.js:35:19:35:24 | values | forms.js:35:19:35:30 | values.email | -| forms.js:44:21:44:26 | values | forms.js:45:21:45:26 | values | -| forms.js:44:21:44:26 | values | forms.js:45:21:45:26 | values | -| forms.js:45:21:45:26 | values | forms.js:45:21:45:33 | values.stooge | -| forms.js:45:21:45:26 | values | forms.js:45:21:45:33 | values.stooge | -| forms.js:57:19:57:32 | e.target.value | forms.js:57:19:57:32 | e.target.value | -| forms.js:71:21:71:24 | data | forms.js:72:19:72:22 | data | -| forms.js:71:21:71:24 | data | forms.js:72:19:72:22 | data | -| forms.js:72:19:72:22 | data | forms.js:72:19:72:27 | data.name | -| forms.js:72:19:72:22 | data | forms.js:72:19:72:27 | data.name | -| forms.js:92:17:92:36 | values | forms.js:93:25:93:30 | values | -| forms.js:92:26:92:36 | getValues() | forms.js:92:17:92:36 | values | -| forms.js:92:26:92:36 | getValues() | forms.js:92:17:92:36 | values | -| forms.js:93:25:93:30 | values | forms.js:93:25:93:35 | values.name | -| forms.js:93:25:93:30 | values | forms.js:93:25:93:35 | values.name | -| forms.js:103:23:103:36 | e.target.value | forms.js:103:23:103:36 | e.target.value | -| forms.js:107:23:107:36 | e.target.value | forms.js:107:23:107:36 | e.target.value | -| xss-through-dom.js:2:16:2:34 | $("textarea").val() | xss-through-dom.js:2:16:2:34 | $("textarea").val() | -| xss-through-dom.js:4:16:4:40 | $(".som ... .text() | xss-through-dom.js:4:16:4:40 | $(".som ... .text() | -| xss-through-dom.js:8:16:8:53 | $(".som ... arget") | xss-through-dom.js:8:16:8:53 | $(".som ... arget") | -| xss-through-dom.js:11:3:11:42 | documen ... nerText | xss-through-dom.js:11:3:11:42 | documen ... nerText | -| xss-through-dom.js:19:3:19:44 | documen ... Content | xss-through-dom.js:19:3:19:44 | documen ... Content | -| xss-through-dom.js:23:3:23:48 | documen ... ].value | xss-through-dom.js:23:3:23:48 | documen ... ].value | -| xss-through-dom.js:27:3:27:61 | documen ... arget') | xss-through-dom.js:27:3:27:61 | documen ... arget') | -| xss-through-dom.js:51:30:51:48 | $("textarea").val() | xss-through-dom.js:51:30:51:48 | $("textarea").val() | -| xss-through-dom.js:54:31:54:49 | $("textarea").val() | xss-through-dom.js:54:31:54:49 | $("textarea").val() | -| xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | -| xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | -| xss-through-dom.js:61:30:61:69 | $(docum ... value") | xss-through-dom.js:61:30:61:69 | $(docum ... value") | -| xss-through-dom.js:64:30:64:40 | valMethod() | xss-through-dom.js:64:30:64:40 | valMethod() | -| xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | -| xss-through-dom.js:73:9:73:41 | selector | xss-through-dom.js:77:4:77:11 | selector | -| xss-through-dom.js:73:9:73:41 | selector | xss-through-dom.js:77:4:77:11 | selector | -| xss-through-dom.js:73:20:73:41 | $("inpu ... 0).name | xss-through-dom.js:73:9:73:41 | selector | -| xss-through-dom.js:73:20:73:41 | $("inpu ... 0).name | xss-through-dom.js:73:9:73:41 | selector | -| xss-through-dom.js:79:4:79:34 | documen ... t.value | xss-through-dom.js:79:4:79:34 | documen ... t.value | -| xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | -| xss-through-dom.js:84:8:84:30 | text | xss-through-dom.js:86:33:86:36 | text | -| xss-through-dom.js:84:8:84:30 | text | xss-through-dom.js:87:36:87:39 | text | -| xss-through-dom.js:84:15:84:30 | $("text").text() | xss-through-dom.js:84:8:84:30 | text | -| xss-through-dom.js:84:15:84:30 | $("text").text() | xss-through-dom.js:84:8:84:30 | text | -| xss-through-dom.js:86:33:86:36 | text | xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | -| xss-through-dom.js:86:33:86:36 | text | xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | -| xss-through-dom.js:87:36:87:39 | text | xss-through-dom.js:87:16:87:40 | new ans ... s(text) | -| xss-through-dom.js:87:36:87:39 | text | xss-through-dom.js:87:16:87:40 | new ans ... s(text) | -| xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | -| xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | -| xss-through-dom.js:109:45:109:55 | this.el.src | xss-through-dom.js:109:31:109:70 | "" | -| xss-through-dom.js:109:45:109:55 | this.el.src | xss-through-dom.js:109:31:109:70 | "" | -| xss-through-dom.js:109:45:109:55 | this.el.src | xss-through-dom.js:109:31:109:70 | "" | -| xss-through-dom.js:109:45:109:55 | this.el.src | xss-through-dom.js:109:31:109:70 | "" | -| xss-through-dom.js:114:11:114:52 | src | xss-through-dom.js:115:16:115:18 | src | -| xss-through-dom.js:114:11:114:52 | src | xss-through-dom.js:115:16:115:18 | src | -| xss-through-dom.js:114:11:114:52 | src | xss-through-dom.js:117:26:117:28 | src | -| xss-through-dom.js:114:11:114:52 | src | xss-through-dom.js:117:26:117:28 | src | -| xss-through-dom.js:114:17:114:52 | documen ... k").src | xss-through-dom.js:114:11:114:52 | src | -| xss-through-dom.js:114:17:114:52 | documen ... k").src | xss-through-dom.js:114:11:114:52 | src | -| xss-through-dom.js:120:23:120:37 | ev.target.files | xss-through-dom.js:120:23:120:40 | ev.target.files[0] | -| xss-through-dom.js:120:23:120:37 | ev.target.files | xss-through-dom.js:120:23:120:40 | ev.target.files[0] | -| xss-through-dom.js:120:23:120:40 | ev.target.files[0] | xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | -| xss-through-dom.js:120:23:120:40 | ev.target.files[0] | xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | -| xss-through-dom.js:122:53:122:67 | ev.target.files | xss-through-dom.js:122:53:122:70 | ev.target.files[0] | -| xss-through-dom.js:122:53:122:67 | ev.target.files | xss-through-dom.js:122:53:122:70 | ev.target.files[0] | -| xss-through-dom.js:122:53:122:70 | ev.target.files[0] | xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | -| xss-through-dom.js:122:53:122:70 | ev.target.files[0] | xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | -| xss-through-dom.js:130:6:130:68 | linkText | xss-through-dom.js:131:19:131:26 | linkText | -| xss-through-dom.js:130:6:130:68 | linkText | xss-through-dom.js:131:19:131:26 | linkText | -| xss-through-dom.js:130:6:130:68 | linkText | xss-through-dom.js:132:16:132:23 | linkText | -| xss-through-dom.js:130:6:130:68 | linkText | xss-through-dom.js:132:16:132:23 | linkText | -| xss-through-dom.js:130:17:130:37 | wSelect ... tring() | xss-through-dom.js:130:17:130:62 | wSelect ... tring() | -| xss-through-dom.js:130:17:130:37 | wSelect ... tring() | xss-through-dom.js:130:17:130:62 | wSelect ... tring() | -| xss-through-dom.js:130:17:130:62 | wSelect ... tring() | xss-through-dom.js:130:17:130:68 | wSelect ... ) \|\| '' | -| xss-through-dom.js:130:17:130:68 | wSelect ... ) \|\| '' | xss-through-dom.js:130:6:130:68 | linkText | -| xss-through-dom.js:130:42:130:62 | dSelect ... tring() | xss-through-dom.js:130:17:130:62 | wSelect ... tring() | -| xss-through-dom.js:130:42:130:62 | dSelect ... tring() | xss-through-dom.js:130:17:130:62 | wSelect ... tring() | -| xss-through-dom.js:139:11:139:52 | src | xss-through-dom.js:140:19:140:21 | src | -| xss-through-dom.js:139:11:139:52 | src | xss-through-dom.js:140:19:140:21 | src | -| xss-through-dom.js:139:11:139:52 | src | xss-through-dom.js:141:25:141:27 | src | -| xss-through-dom.js:139:11:139:52 | src | xss-through-dom.js:141:25:141:27 | src | -| xss-through-dom.js:139:11:139:52 | src | xss-through-dom.js:150:24:150:26 | src | -| xss-through-dom.js:139:11:139:52 | src | xss-through-dom.js:150:24:150:26 | src | -| xss-through-dom.js:139:17:139:52 | documen ... k").src | xss-through-dom.js:139:11:139:52 | src | -| xss-through-dom.js:139:17:139:52 | documen ... k").src | xss-through-dom.js:139:11:139:52 | src | -| xss-through-dom.js:154:25:154:27 | msg | xss-through-dom.js:155:27:155:29 | msg | -| xss-through-dom.js:154:25:154:27 | msg | xss-through-dom.js:155:27:155:29 | msg | -| xss-through-dom.js:159:34:159:52 | $("textarea").val() | xss-through-dom.js:154:25:154:27 | msg | -| xss-through-dom.js:159:34:159:52 | $("textarea").val() | xss-through-dom.js:154:25:154:27 | msg | +| forms.js:8:23:8:28 | values | forms.js:9:31:9:36 | values | provenance | | +| forms.js:9:31:9:36 | values | forms.js:9:31:9:40 | values.foo | provenance | | +| forms.js:11:24:11:29 | values | forms.js:12:31:12:36 | values | provenance | | +| forms.js:12:31:12:36 | values | forms.js:12:31:12:40 | values.bar | provenance | | +| forms.js:24:15:24:20 | values | forms.js:25:23:25:28 | values | provenance | | +| forms.js:25:23:25:28 | values | forms.js:25:23:25:34 | values.email | provenance | | +| forms.js:28:20:28:25 | values | forms.js:29:23:29:28 | values | provenance | | +| forms.js:29:23:29:28 | values | forms.js:29:23:29:34 | values.email | provenance | | +| forms.js:34:11:34:53 | values | forms.js:35:19:35:24 | values | provenance | | +| forms.js:34:13:34:18 | values | forms.js:34:11:34:53 | values | provenance | | +| forms.js:35:19:35:24 | values | forms.js:35:19:35:30 | values.email | provenance | | +| forms.js:44:21:44:26 | values | forms.js:45:21:45:26 | values | provenance | | +| forms.js:45:21:45:26 | values | forms.js:45:21:45:33 | values.stooge | provenance | | +| forms.js:71:21:71:24 | data | forms.js:72:19:72:22 | data | provenance | | +| forms.js:72:19:72:22 | data | forms.js:72:19:72:27 | data.name | provenance | | +| forms.js:92:17:92:36 | values | forms.js:93:25:93:30 | values | provenance | | +| forms.js:92:26:92:36 | getValues() | forms.js:92:17:92:36 | values | provenance | | +| forms.js:93:25:93:30 | values | forms.js:93:25:93:35 | values.name | provenance | | +| xss-through-dom.js:73:9:73:41 | selector | xss-through-dom.js:77:4:77:11 | selector | provenance | | +| xss-through-dom.js:73:20:73:41 | $("inpu ... 0).name | xss-through-dom.js:73:9:73:41 | selector | provenance | | +| xss-through-dom.js:84:8:84:30 | text | xss-through-dom.js:86:33:86:36 | text | provenance | | +| xss-through-dom.js:84:8:84:30 | text | xss-through-dom.js:87:36:87:39 | text | provenance | | +| xss-through-dom.js:84:15:84:30 | $("text").text() | xss-through-dom.js:84:8:84:30 | text | provenance | | +| xss-through-dom.js:86:33:86:36 | text | xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | provenance | | +| xss-through-dom.js:87:36:87:39 | text | xss-through-dom.js:87:16:87:40 | new ans ... s(text) | provenance | | +| xss-through-dom.js:109:45:109:55 | this.el.src | xss-through-dom.js:109:31:109:70 | "" | provenance | | +| xss-through-dom.js:114:11:114:52 | src | xss-through-dom.js:115:16:115:18 | src | provenance | | +| xss-through-dom.js:114:11:114:52 | src | xss-through-dom.js:117:26:117:28 | src | provenance | | +| xss-through-dom.js:114:17:114:52 | documen ... k").src | xss-through-dom.js:114:11:114:52 | src | provenance | | +| xss-through-dom.js:120:23:120:37 | ev.target.files | xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | provenance | | +| xss-through-dom.js:122:53:122:67 | ev.target.files | xss-through-dom.js:122:53:122:70 | ev.target.files[0] | provenance | | +| xss-through-dom.js:122:53:122:70 | ev.target.files[0] | xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | provenance | Config | +| xss-through-dom.js:130:6:130:68 | linkText | xss-through-dom.js:131:19:131:26 | linkText | provenance | | +| xss-through-dom.js:130:6:130:68 | linkText | xss-through-dom.js:132:16:132:23 | linkText | provenance | | +| xss-through-dom.js:130:17:130:37 | wSelect ... tring() | xss-through-dom.js:130:6:130:68 | linkText | provenance | | +| xss-through-dom.js:130:42:130:62 | dSelect ... tring() | xss-through-dom.js:130:6:130:68 | linkText | provenance | | +| xss-through-dom.js:139:11:139:52 | src | xss-through-dom.js:140:19:140:21 | src | provenance | | +| xss-through-dom.js:139:11:139:52 | src | xss-through-dom.js:141:25:141:27 | src | provenance | | +| xss-through-dom.js:139:11:139:52 | src | xss-through-dom.js:150:24:150:26 | src | provenance | | +| xss-through-dom.js:139:17:139:52 | documen ... k").src | xss-through-dom.js:139:11:139:52 | src | provenance | | +| xss-through-dom.js:154:25:154:27 | msg | xss-through-dom.js:155:27:155:29 | msg | provenance | | +| xss-through-dom.js:159:34:159:52 | $("textarea").val() | xss-through-dom.js:154:25:154:27 | msg | provenance | | +nodes +| forms.js:8:23:8:28 | values | semmle.label | values | +| forms.js:9:31:9:36 | values | semmle.label | values | +| forms.js:9:31:9:40 | values.foo | semmle.label | values.foo | +| forms.js:11:24:11:29 | values | semmle.label | values | +| forms.js:12:31:12:36 | values | semmle.label | values | +| forms.js:12:31:12:40 | values.bar | semmle.label | values.bar | +| forms.js:24:15:24:20 | values | semmle.label | values | +| forms.js:25:23:25:28 | values | semmle.label | values | +| forms.js:25:23:25:34 | values.email | semmle.label | values.email | +| forms.js:28:20:28:25 | values | semmle.label | values | +| forms.js:29:23:29:28 | values | semmle.label | values | +| forms.js:29:23:29:34 | values.email | semmle.label | values.email | +| forms.js:34:11:34:53 | values | semmle.label | values | +| forms.js:34:13:34:18 | values | semmle.label | values | +| forms.js:35:19:35:24 | values | semmle.label | values | +| forms.js:35:19:35:30 | values.email | semmle.label | values.email | +| forms.js:44:21:44:26 | values | semmle.label | values | +| forms.js:45:21:45:26 | values | semmle.label | values | +| forms.js:45:21:45:33 | values.stooge | semmle.label | values.stooge | +| forms.js:57:19:57:32 | e.target.value | semmle.label | e.target.value | +| forms.js:71:21:71:24 | data | semmle.label | data | +| forms.js:72:19:72:22 | data | semmle.label | data | +| forms.js:72:19:72:27 | data.name | semmle.label | data.name | +| forms.js:92:17:92:36 | values | semmle.label | values | +| forms.js:92:26:92:36 | getValues() | semmle.label | getValues() | +| forms.js:93:25:93:30 | values | semmle.label | values | +| forms.js:93:25:93:35 | values.name | semmle.label | values.name | +| forms.js:103:23:103:36 | e.target.value | semmle.label | e.target.value | +| forms.js:107:23:107:36 | e.target.value | semmle.label | e.target.value | +| xss-through-dom.js:2:16:2:34 | $("textarea").val() | semmle.label | $("textarea").val() | +| xss-through-dom.js:4:16:4:40 | $(".som ... .text() | semmle.label | $(".som ... .text() | +| xss-through-dom.js:8:16:8:53 | $(".som ... arget") | semmle.label | $(".som ... arget") | +| xss-through-dom.js:11:3:11:42 | documen ... nerText | semmle.label | documen ... nerText | +| xss-through-dom.js:19:3:19:44 | documen ... Content | semmle.label | documen ... Content | +| xss-through-dom.js:23:3:23:48 | documen ... ].value | semmle.label | documen ... ].value | +| xss-through-dom.js:27:3:27:61 | documen ... arget') | semmle.label | documen ... arget') | +| xss-through-dom.js:51:30:51:48 | $("textarea").val() | semmle.label | $("textarea").val() | +| xss-through-dom.js:54:31:54:49 | $("textarea").val() | semmle.label | $("textarea").val() | +| xss-through-dom.js:56:30:56:51 | $("inpu ... 0).name | semmle.label | $("inpu ... 0).name | +| xss-through-dom.js:57:30:57:67 | $("inpu ... "name") | semmle.label | $("inpu ... "name") | +| xss-through-dom.js:61:30:61:69 | $(docum ... value") | semmle.label | $(docum ... value") | +| xss-through-dom.js:64:30:64:40 | valMethod() | semmle.label | valMethod() | +| xss-through-dom.js:71:11:71:32 | $("inpu ... 0).name | semmle.label | $("inpu ... 0).name | +| xss-through-dom.js:73:9:73:41 | selector | semmle.label | selector | +| xss-through-dom.js:73:20:73:41 | $("inpu ... 0).name | semmle.label | $("inpu ... 0).name | +| xss-through-dom.js:77:4:77:11 | selector | semmle.label | selector | +| xss-through-dom.js:79:4:79:34 | documen ... t.value | semmle.label | documen ... t.value | +| xss-through-dom.js:81:17:81:43 | $('#foo ... rText') | semmle.label | $('#foo ... rText') | +| xss-through-dom.js:84:8:84:30 | text | semmle.label | text | +| xss-through-dom.js:84:15:84:30 | $("text").text() | semmle.label | $("text").text() | +| xss-through-dom.js:86:16:86:37 | anser.a ... l(text) | semmle.label | anser.a ... l(text) | +| xss-through-dom.js:86:33:86:36 | text | semmle.label | text | +| xss-through-dom.js:87:16:87:40 | new ans ... s(text) | semmle.label | new ans ... s(text) | +| xss-through-dom.js:87:36:87:39 | text | semmle.label | text | +| xss-through-dom.js:93:16:93:46 | $("#foo ... ].value | semmle.label | $("#foo ... ].value | +| xss-through-dom.js:96:17:96:47 | $("#foo ... ].value | semmle.label | $("#foo ... ].value | +| xss-through-dom.js:109:31:109:70 | "" | semmle.label | "" | +| xss-through-dom.js:109:45:109:55 | this.el.src | semmle.label | this.el.src | +| xss-through-dom.js:114:11:114:52 | src | semmle.label | src | +| xss-through-dom.js:114:17:114:52 | documen ... k").src | semmle.label | documen ... k").src | +| xss-through-dom.js:115:16:115:18 | src | semmle.label | src | +| xss-through-dom.js:117:26:117:28 | src | semmle.label | src | +| xss-through-dom.js:120:23:120:37 | ev.target.files | semmle.label | ev.target.files | +| xss-through-dom.js:120:23:120:45 | ev.targ ... 0].name | semmle.label | ev.targ ... 0].name | +| xss-through-dom.js:122:33:122:71 | URL.cre ... les[0]) | semmle.label | URL.cre ... les[0]) | +| xss-through-dom.js:122:53:122:67 | ev.target.files | semmle.label | ev.target.files | +| xss-through-dom.js:122:53:122:70 | ev.target.files[0] | semmle.label | ev.target.files[0] | +| xss-through-dom.js:130:6:130:68 | linkText | semmle.label | linkText | +| xss-through-dom.js:130:17:130:37 | wSelect ... tring() | semmle.label | wSelect ... tring() | +| xss-through-dom.js:130:42:130:62 | dSelect ... tring() | semmle.label | dSelect ... tring() | +| xss-through-dom.js:131:19:131:26 | linkText | semmle.label | linkText | +| xss-through-dom.js:132:16:132:23 | linkText | semmle.label | linkText | +| xss-through-dom.js:139:11:139:52 | src | semmle.label | src | +| xss-through-dom.js:139:17:139:52 | documen ... k").src | semmle.label | documen ... k").src | +| xss-through-dom.js:140:19:140:21 | src | semmle.label | src | +| xss-through-dom.js:141:25:141:27 | src | semmle.label | src | +| xss-through-dom.js:150:24:150:26 | src | semmle.label | src | +| xss-through-dom.js:154:25:154:27 | msg | semmle.label | msg | +| xss-through-dom.js:155:27:155:29 | msg | semmle.label | msg | +| xss-through-dom.js:159:34:159:52 | $("textarea").val() | semmle.label | $("textarea").val() | +subpaths #select | forms.js:9:31:9:40 | values.foo | forms.js:8:23:8:28 | values | forms.js:9:31:9:40 | values.foo | $@ is reinterpreted as HTML without escaping meta-characters. | forms.js:8:23:8:28 | values | DOM text | | forms.js:12:31:12:40 | values.bar | forms.js:11:24:11:29 | values | forms.js:12:31:12:40 | values.bar | $@ is reinterpreted as HTML without escaping meta-characters. | forms.js:11:24:11:29 | values | DOM text | diff --git a/javascript/ql/test/query-tests/Security/CWE-089/typed/SqlInjection.expected b/javascript/ql/test/query-tests/Security/CWE-089/typed/SqlInjection.expected index acf7e712ee21..5446a4da85a5 100644 --- a/javascript/ql/test/query-tests/Security/CWE-089/typed/SqlInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-089/typed/SqlInjection.expected @@ -1,41 +1,32 @@ nodes -| typedClient.ts:13:7:13:32 | v | -| typedClient.ts:13:11:13:32 | JSON.pa ... body.x) | -| typedClient.ts:13:22:13:29 | req.body | -| typedClient.ts:13:22:13:29 | req.body | -| typedClient.ts:13:22:13:31 | req.body.x | -| typedClient.ts:14:24:14:32 | { id: v } | -| typedClient.ts:14:24:14:32 | { id: v } | -| typedClient.ts:14:30:14:30 | v | -| typedClient.ts:21:7:21:32 | v | -| typedClient.ts:21:11:21:32 | JSON.pa ... body.x) | -| typedClient.ts:21:22:21:29 | req.body | -| typedClient.ts:21:22:21:29 | req.body | -| typedClient.ts:21:22:21:31 | req.body.x | -| typedClient.ts:22:27:22:35 | { id: v } | -| typedClient.ts:22:27:22:35 | { id: v } | -| typedClient.ts:22:33:22:33 | v | -| typedClient.ts:23:27:23:35 | { id: v } | -| typedClient.ts:23:27:23:35 | { id: v } | -| typedClient.ts:23:33:23:33 | v | +| typedClient.ts:13:7:13:32 | v | semmle.label | v | +| typedClient.ts:13:11:13:32 | JSON.pa ... body.x) | semmle.label | JSON.pa ... body.x) | +| typedClient.ts:13:22:13:29 | req.body | semmle.label | req.body | +| typedClient.ts:13:22:13:31 | req.body.x | semmle.label | req.body.x | +| typedClient.ts:14:24:14:32 | { id: v } | semmle.label | { id: v } | +| typedClient.ts:14:30:14:30 | v | semmle.label | v | +| typedClient.ts:21:7:21:32 | v | semmle.label | v | +| typedClient.ts:21:11:21:32 | JSON.pa ... body.x) | semmle.label | JSON.pa ... body.x) | +| typedClient.ts:21:22:21:29 | req.body | semmle.label | req.body | +| typedClient.ts:21:22:21:31 | req.body.x | semmle.label | req.body.x | +| typedClient.ts:22:27:22:35 | { id: v } | semmle.label | { id: v } | +| typedClient.ts:22:33:22:33 | v | semmle.label | v | +| typedClient.ts:23:27:23:35 | { id: v } | semmle.label | { id: v } | +| typedClient.ts:23:33:23:33 | v | semmle.label | v | edges -| typedClient.ts:13:7:13:32 | v | typedClient.ts:14:30:14:30 | v | -| typedClient.ts:13:11:13:32 | JSON.pa ... body.x) | typedClient.ts:13:7:13:32 | v | -| typedClient.ts:13:22:13:29 | req.body | typedClient.ts:13:22:13:31 | req.body.x | -| typedClient.ts:13:22:13:29 | req.body | typedClient.ts:13:22:13:31 | req.body.x | -| typedClient.ts:13:22:13:31 | req.body.x | typedClient.ts:13:11:13:32 | JSON.pa ... body.x) | -| typedClient.ts:14:30:14:30 | v | typedClient.ts:14:24:14:32 | { id: v } | -| typedClient.ts:14:30:14:30 | v | typedClient.ts:14:24:14:32 | { id: v } | -| typedClient.ts:21:7:21:32 | v | typedClient.ts:22:33:22:33 | v | -| typedClient.ts:21:7:21:32 | v | typedClient.ts:23:33:23:33 | v | -| typedClient.ts:21:11:21:32 | JSON.pa ... body.x) | typedClient.ts:21:7:21:32 | v | -| typedClient.ts:21:22:21:29 | req.body | typedClient.ts:21:22:21:31 | req.body.x | -| typedClient.ts:21:22:21:29 | req.body | typedClient.ts:21:22:21:31 | req.body.x | -| typedClient.ts:21:22:21:31 | req.body.x | typedClient.ts:21:11:21:32 | JSON.pa ... body.x) | -| typedClient.ts:22:33:22:33 | v | typedClient.ts:22:27:22:35 | { id: v } | -| typedClient.ts:22:33:22:33 | v | typedClient.ts:22:27:22:35 | { id: v } | -| typedClient.ts:23:33:23:33 | v | typedClient.ts:23:27:23:35 | { id: v } | -| typedClient.ts:23:33:23:33 | v | typedClient.ts:23:27:23:35 | { id: v } | +| typedClient.ts:13:7:13:32 | v | typedClient.ts:14:30:14:30 | v | provenance | | +| typedClient.ts:13:11:13:32 | JSON.pa ... body.x) | typedClient.ts:13:7:13:32 | v | provenance | | +| typedClient.ts:13:22:13:29 | req.body | typedClient.ts:13:22:13:31 | req.body.x | provenance | Config | +| typedClient.ts:13:22:13:31 | req.body.x | typedClient.ts:13:11:13:32 | JSON.pa ... body.x) | provenance | Config | +| typedClient.ts:14:30:14:30 | v | typedClient.ts:14:24:14:32 | { id: v } | provenance | Config | +| typedClient.ts:21:7:21:32 | v | typedClient.ts:22:33:22:33 | v | provenance | | +| typedClient.ts:21:7:21:32 | v | typedClient.ts:23:33:23:33 | v | provenance | | +| typedClient.ts:21:11:21:32 | JSON.pa ... body.x) | typedClient.ts:21:7:21:32 | v | provenance | | +| typedClient.ts:21:22:21:29 | req.body | typedClient.ts:21:22:21:31 | req.body.x | provenance | Config | +| typedClient.ts:21:22:21:31 | req.body.x | typedClient.ts:21:11:21:32 | JSON.pa ... body.x) | provenance | Config | +| typedClient.ts:22:33:22:33 | v | typedClient.ts:22:27:22:35 | { id: v } | provenance | Config | +| typedClient.ts:23:33:23:33 | v | typedClient.ts:23:27:23:35 | { id: v } | provenance | Config | +subpaths #select | typedClient.ts:14:24:14:32 | { id: v } | typedClient.ts:13:22:13:29 | req.body | typedClient.ts:14:24:14:32 | { id: v } | This query object depends on a $@. | typedClient.ts:13:22:13:29 | req.body | user-provided value | | typedClient.ts:22:27:22:35 | { id: v } | typedClient.ts:21:22:21:29 | req.body | typedClient.ts:22:27:22:35 | { id: v } | This query object depends on a $@. | typedClient.ts:21:22:21:29 | req.body | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-089/untyped/SqlInjection.expected b/javascript/ql/test/query-tests/Security/CWE-089/untyped/SqlInjection.expected index c241751da3ef..b70b13b4c1bd 100644 --- a/javascript/ql/test/query-tests/Security/CWE-089/untyped/SqlInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-089/untyped/SqlInjection.expected @@ -1,938 +1,638 @@ nodes -| graphql.js:8:11:8:28 | id | -| graphql.js:8:16:8:28 | req.params.id | -| graphql.js:8:16:8:28 | req.params.id | -| graphql.js:10:34:20:5 | `\\n ... }\\n ` | -| graphql.js:10:34:20:5 | `\\n ... }\\n ` | -| graphql.js:12:46:12:47 | id | -| graphql.js:26:11:26:28 | id | -| graphql.js:26:16:26:28 | req.params.id | -| graphql.js:26:16:26:28 | req.params.id | -| graphql.js:27:30:27:40 | `foo ${id}` | -| graphql.js:27:30:27:40 | `foo ${id}` | -| graphql.js:27:37:27:38 | id | -| graphql.js:30:32:30:42 | `foo ${id}` | -| graphql.js:30:32:30:42 | `foo ${id}` | -| graphql.js:30:39:30:40 | id | -| graphql.js:33:18:33:28 | `foo ${id}` | -| graphql.js:33:18:33:28 | `foo ${id}` | -| graphql.js:33:25:33:26 | id | -| graphql.js:39:11:39:28 | id | -| graphql.js:39:16:39:28 | req.params.id | -| graphql.js:39:16:39:28 | req.params.id | -| graphql.js:44:14:44:24 | `foo ${id}` | -| graphql.js:44:14:44:24 | `foo ${id}` | -| graphql.js:44:21:44:22 | id | -| graphql.js:48:44:48:54 | `foo ${id}` | -| graphql.js:48:44:48:54 | `foo ${id}` | -| graphql.js:48:51:48:52 | id | -| graphql.js:55:11:55:28 | id | -| graphql.js:55:16:55:28 | req.params.id | -| graphql.js:55:16:55:28 | req.params.id | -| graphql.js:56:39:56:49 | `foo ${id}` | -| graphql.js:56:39:56:49 | `foo ${id}` | -| graphql.js:56:46:56:47 | id | -| graphql.js:58:66:58:76 | `foo ${id}` | -| graphql.js:58:66:58:76 | `foo ${id}` | -| graphql.js:58:73:58:74 | id | -| graphql.js:74:9:74:25 | id | -| graphql.js:74:14:74:25 | req.query.id | -| graphql.js:74:14:74:25 | req.query.id | -| graphql.js:75:46:75:64 | "{ foo" + id + " }" | -| graphql.js:75:46:75:64 | "{ foo" + id + " }" | -| graphql.js:75:56:75:57 | id | -| graphql.js:84:14:90:8 | `{\\n ... }` | -| graphql.js:84:14:90:8 | `{\\n ... }` | -| graphql.js:88:13:88:14 | id | -| graphql.js:119:11:119:28 | id | -| graphql.js:119:16:119:28 | req.params.id | -| graphql.js:119:16:119:28 | req.params.id | -| graphql.js:120:38:120:48 | `foo ${id}` | -| graphql.js:120:38:120:48 | `foo ${id}` | -| graphql.js:120:45:120:46 | id | -| html-sanitizer.js:13:39:13:44 | param1 | -| html-sanitizer.js:13:39:13:44 | param1 | -| html-sanitizer.js:14:5:14:24 | param1 | -| html-sanitizer.js:14:14:14:24 | xss(param1) | -| html-sanitizer.js:14:18:14:23 | param1 | -| html-sanitizer.js:16:9:16:59 | `SELECT ... param1 | -| html-sanitizer.js:16:9:16:59 | `SELECT ... param1 | -| html-sanitizer.js:16:54:16:59 | param1 | -| json-schema-validator.js:25:15:25:48 | query | -| json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | -| json-schema-validator.js:25:34:25:47 | req.query.data | -| json-schema-validator.js:25:34:25:47 | req.query.data | -| json-schema-validator.js:33:22:33:26 | query | -| json-schema-validator.js:33:22:33:26 | query | -| json-schema-validator.js:35:18:35:22 | query | -| json-schema-validator.js:35:18:35:22 | query | -| json-schema-validator.js:50:15:50:48 | query | -| json-schema-validator.js:50:23:50:48 | JSON.pa ... y.data) | -| json-schema-validator.js:50:34:50:47 | req.query.data | -| json-schema-validator.js:50:34:50:47 | req.query.data | -| json-schema-validator.js:55:22:55:26 | query | -| json-schema-validator.js:55:22:55:26 | query | -| json-schema-validator.js:59:22:59:26 | query | -| json-schema-validator.js:59:22:59:26 | query | -| json-schema-validator.js:61:22:61:26 | query | -| json-schema-validator.js:61:22:61:26 | query | -| ldap.js:20:7:20:34 | q | -| ldap.js:20:11:20:34 | url.par ... , true) | -| ldap.js:20:21:20:27 | req.url | -| ldap.js:20:21:20:27 | req.url | -| ldap.js:22:7:22:33 | username | -| ldap.js:22:18:22:18 | q | -| ldap.js:22:18:22:24 | q.query | -| ldap.js:22:18:22:33 | q.query.username | -| ldap.js:25:13:25:57 | `(\|(nam ... ame}))` | -| ldap.js:25:24:25:31 | username | -| ldap.js:25:46:25:53 | username | -| ldap.js:28:30:28:34 | opts1 | -| ldap.js:28:30:28:34 | opts1 | -| ldap.js:32:5:32:61 | { filte ... e}))` } | -| ldap.js:32:5:32:61 | { filte ... e}))` } | -| ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | -| ldap.js:32:26:32:33 | username | -| ldap.js:32:48:32:55 | username | -| ldap.js:63:9:65:3 | parsedFilter | -| ldap.js:63:24:65:3 | ldap.pa ... ))`\\n ) | -| ldap.js:64:5:64:49 | `(\|(nam ... ame}))` | -| ldap.js:64:16:64:23 | username | -| ldap.js:64:38:64:45 | username | -| ldap.js:66:30:66:53 | { filte ... ilter } | -| ldap.js:66:30:66:53 | { filte ... ilter } | -| ldap.js:66:40:66:51 | parsedFilter | -| ldap.js:68:27:68:42 | `cn=${username}` | -| ldap.js:68:27:68:42 | `cn=${username}` | -| ldap.js:68:33:68:40 | username | -| marsdb-flow-to.js:10:9:10:18 | query | -| marsdb-flow-to.js:10:17:10:18 | {} | -| marsdb-flow-to.js:11:17:11:24 | req.body | -| marsdb-flow-to.js:11:17:11:24 | req.body | -| marsdb-flow-to.js:11:17:11:30 | req.body.title | -| marsdb-flow-to.js:14:17:14:21 | query | -| marsdb-flow-to.js:14:17:14:21 | query | -| marsdb.js:12:9:12:18 | query | -| marsdb.js:12:17:12:18 | {} | -| marsdb.js:13:17:13:24 | req.body | -| marsdb.js:13:17:13:24 | req.body | -| marsdb.js:13:17:13:30 | req.body.title | -| marsdb.js:16:12:16:16 | query | -| marsdb.js:16:12:16:16 | query | -| minimongo.js:14:9:14:18 | query | -| minimongo.js:14:17:14:18 | {} | -| minimongo.js:15:17:15:24 | req.body | -| minimongo.js:15:17:15:24 | req.body | -| minimongo.js:15:17:15:30 | req.body.title | -| minimongo.js:18:12:18:16 | query | -| minimongo.js:18:12:18:16 | query | -| mongodb.js:12:11:12:20 | query | -| mongodb.js:12:19:12:20 | {} | -| mongodb.js:13:19:13:26 | req.body | -| mongodb.js:13:19:13:26 | req.body | -| mongodb.js:13:19:13:32 | req.body.title | -| mongodb.js:18:16:18:20 | query | -| mongodb.js:18:16:18:20 | query | -| mongodb.js:26:11:26:32 | title | -| mongodb.js:26:19:26:26 | req.body | -| mongodb.js:26:19:26:26 | req.body | -| mongodb.js:26:19:26:32 | req.body.title | -| mongodb.js:32:18:32:45 | { title ... itle) } | -| mongodb.js:32:18:32:45 | { title ... itle) } | -| mongodb.js:32:27:32:43 | JSON.parse(title) | -| mongodb.js:32:38:32:42 | title | -| mongodb.js:48:11:48:20 | query | -| mongodb.js:48:19:48:20 | {} | -| mongodb.js:49:19:49:33 | req.query.title | -| mongodb.js:49:19:49:33 | req.query.title | -| mongodb.js:54:16:54:20 | query | -| mongodb.js:54:16:54:20 | query | -| mongodb.js:59:8:59:17 | query | -| mongodb.js:59:16:59:17 | {} | -| mongodb.js:60:16:60:30 | req.query.title | -| mongodb.js:60:16:60:30 | req.query.title | -| mongodb.js:65:12:65:16 | query | -| mongodb.js:65:12:65:16 | query | -| mongodb.js:70:7:70:25 | tag | -| mongodb.js:70:13:70:25 | req.query.tag | -| mongodb.js:70:13:70:25 | req.query.tag | -| mongodb.js:77:14:77:26 | { tags: tag } | -| mongodb.js:77:14:77:26 | { tags: tag } | -| mongodb.js:77:22:77:24 | tag | -| mongodb.js:85:12:85:24 | { tags: tag } | -| mongodb.js:85:12:85:24 | { tags: tag } | -| mongodb.js:85:20:85:22 | tag | -| mongodb.js:106:9:106:18 | query | -| mongodb.js:106:17:106:18 | {} | -| mongodb.js:107:17:107:29 | queries.title | -| mongodb.js:107:17:107:29 | queries.title | -| mongodb.js:112:14:112:18 | query | -| mongodb.js:112:14:112:18 | query | -| mongodb_bodySafe.js:23:11:23:20 | query | -| mongodb_bodySafe.js:23:19:23:20 | {} | -| mongodb_bodySafe.js:24:19:24:33 | req.query.title | -| mongodb_bodySafe.js:24:19:24:33 | req.query.title | -| mongodb_bodySafe.js:29:16:29:20 | query | -| mongodb_bodySafe.js:29:16:29:20 | query | -| mongoose.js:20:8:20:17 | query | -| mongoose.js:20:16:20:17 | {} | -| mongoose.js:21:16:21:23 | req.body | -| mongoose.js:21:16:21:23 | req.body | -| mongoose.js:21:16:21:29 | req.body.title | -| mongoose.js:24:21:24:27 | [query] | -| mongoose.js:24:21:24:27 | [query] | -| mongoose.js:24:22:24:26 | query | -| mongoose.js:27:17:27:21 | query | -| mongoose.js:27:17:27:21 | query | -| mongoose.js:30:22:30:26 | query | -| mongoose.js:30:22:30:26 | query | -| mongoose.js:33:21:33:25 | query | -| mongoose.js:33:21:33:25 | query | -| mongoose.js:36:28:36:32 | query | -| mongoose.js:36:28:36:32 | query | -| mongoose.js:39:16:39:20 | query | -| mongoose.js:39:16:39:20 | query | -| mongoose.js:42:19:42:23 | query | -| mongoose.js:42:19:42:23 | query | -| mongoose.js:45:28:45:32 | query | -| mongoose.js:45:28:45:32 | query | -| mongoose.js:48:28:48:32 | query | -| mongoose.js:48:28:48:32 | query | -| mongoose.js:51:28:51:32 | query | -| mongoose.js:51:28:51:32 | query | -| mongoose.js:54:22:54:26 | query | -| mongoose.js:54:22:54:26 | query | -| mongoose.js:57:18:57:22 | query | -| mongoose.js:57:18:57:22 | query | -| mongoose.js:60:22:60:26 | query | -| mongoose.js:60:22:60:26 | query | -| mongoose.js:63:21:63:25 | query | -| mongoose.js:63:21:63:25 | query | -| mongoose.js:65:32:65:36 | query | -| mongoose.js:65:32:65:36 | query | -| mongoose.js:67:27:67:31 | query | -| mongoose.js:67:27:67:31 | query | -| mongoose.js:68:8:68:12 | query | -| mongoose.js:68:8:68:12 | query | -| mongoose.js:71:17:71:21 | query | -| mongoose.js:71:17:71:21 | query | -| mongoose.js:72:10:72:14 | query | -| mongoose.js:72:10:72:14 | query | -| mongoose.js:73:8:73:12 | query | -| mongoose.js:73:8:73:12 | query | -| mongoose.js:74:7:74:11 | query | -| mongoose.js:74:7:74:11 | query | -| mongoose.js:75:16:75:20 | query | -| mongoose.js:75:16:75:20 | query | -| mongoose.js:77:10:77:14 | query | -| mongoose.js:77:10:77:14 | query | -| mongoose.js:82:46:82:50 | query | -| mongoose.js:82:46:82:50 | query | -| mongoose.js:83:47:83:51 | query | -| mongoose.js:83:47:83:51 | query | -| mongoose.js:85:46:85:50 | query | -| mongoose.js:85:46:85:50 | query | -| mongoose.js:87:51:87:55 | query | -| mongoose.js:87:51:87:55 | query | -| mongoose.js:89:46:89:50 | query | -| mongoose.js:89:46:89:50 | query | -| mongoose.js:92:46:92:50 | query | -| mongoose.js:92:46:92:50 | query | -| mongoose.js:94:51:94:55 | query | -| mongoose.js:94:51:94:55 | query | -| mongoose.js:96:46:96:50 | query | -| mongoose.js:96:46:96:50 | query | -| mongoose.js:111:14:111:18 | query | -| mongoose.js:111:14:111:18 | query | -| mongoose.js:113:31:113:35 | query | -| mongoose.js:113:31:113:35 | query | -| mongoose.js:115:6:115:22 | id | -| mongoose.js:115:11:115:22 | req.query.id | -| mongoose.js:115:11:115:22 | req.query.id | -| mongoose.js:115:25:115:45 | cond | -| mongoose.js:115:32:115:45 | req.query.cond | -| mongoose.js:115:32:115:45 | req.query.cond | -| mongoose.js:116:22:116:25 | cond | -| mongoose.js:116:22:116:25 | cond | -| mongoose.js:117:21:117:24 | cond | -| mongoose.js:117:21:117:24 | cond | -| mongoose.js:118:21:118:24 | cond | -| mongoose.js:118:21:118:24 | cond | -| mongoose.js:119:18:119:21 | cond | -| mongoose.js:119:18:119:21 | cond | -| mongoose.js:120:22:120:25 | cond | -| mongoose.js:120:22:120:25 | cond | -| mongoose.js:121:16:121:19 | cond | -| mongoose.js:121:16:121:19 | cond | -| mongoose.js:122:19:122:22 | cond | -| mongoose.js:122:19:122:22 | cond | -| mongoose.js:123:20:123:21 | id | -| mongoose.js:123:20:123:21 | id | -| mongoose.js:124:28:124:31 | cond | -| mongoose.js:124:28:124:31 | cond | -| mongoose.js:125:28:125:31 | cond | -| mongoose.js:125:28:125:31 | cond | -| mongoose.js:126:28:126:31 | cond | -| mongoose.js:126:28:126:31 | cond | -| mongoose.js:127:18:127:21 | cond | -| mongoose.js:127:18:127:21 | cond | -| mongoose.js:128:22:128:25 | cond | -| mongoose.js:128:22:128:25 | cond | -| mongoose.js:129:21:129:24 | cond | -| mongoose.js:129:21:129:24 | cond | -| mongoose.js:130:16:130:26 | { _id: id } | -| mongoose.js:130:16:130:26 | { _id: id } | -| mongoose.js:130:23:130:24 | id | -| mongoose.js:136:30:136:34 | query | -| mongoose.js:136:30:136:34 | query | -| mongooseJsonParse.js:19:11:19:20 | query | -| mongooseJsonParse.js:19:19:19:20 | {} | -| mongooseJsonParse.js:20:19:20:44 | JSON.pa ... y.data) | -| mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | -| mongooseJsonParse.js:20:30:20:43 | req.query.data | -| mongooseJsonParse.js:20:30:20:43 | req.query.data | -| mongooseJsonParse.js:23:19:23:23 | query | -| mongooseJsonParse.js:23:19:23:23 | query | -| mongooseModelClient.js:10:7:10:32 | v | -| mongooseModelClient.js:10:11:10:32 | JSON.pa ... body.x) | -| mongooseModelClient.js:10:22:10:29 | req.body | -| mongooseModelClient.js:10:22:10:29 | req.body | -| mongooseModelClient.js:10:22:10:31 | req.body.x | -| mongooseModelClient.js:11:16:11:24 | { id: v } | -| mongooseModelClient.js:11:16:11:24 | { id: v } | -| mongooseModelClient.js:11:22:11:22 | v | -| mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | -| mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | -| mongooseModelClient.js:12:22:12:29 | req.body | -| mongooseModelClient.js:12:22:12:29 | req.body | -| mongooseModelClient.js:12:22:12:32 | req.body.id | -| mysql.js:6:9:6:31 | temp | -| mysql.js:6:16:6:31 | req.params.value | -| mysql.js:6:16:6:31 | req.params.value | -| mysql.js:15:18:15:65 | 'SELECT ... + temp | -| mysql.js:15:18:15:65 | 'SELECT ... + temp | -| mysql.js:15:62:15:65 | temp | -| mysql.js:19:26:19:73 | 'SELECT ... + temp | -| mysql.js:19:26:19:73 | 'SELECT ... + temp | -| mysql.js:19:70:19:73 | temp | -| pg-promise-types.ts:7:9:7:28 | taint | -| pg-promise-types.ts:7:17:7:28 | req.params.x | -| pg-promise-types.ts:7:17:7:28 | req.params.x | -| pg-promise-types.ts:8:17:8:21 | taint | -| pg-promise-types.ts:8:17:8:21 | taint | -| pg-promise.js:6:7:7:55 | query | -| pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | -| pg-promise.js:7:16:7:34 | req.params.category | -| pg-promise.js:7:16:7:34 | req.params.category | -| pg-promise.js:9:10:9:14 | query | -| pg-promise.js:9:10:9:14 | query | -| pg-promise.js:10:11:10:15 | query | -| pg-promise.js:10:11:10:15 | query | -| pg-promise.js:11:17:11:21 | query | -| pg-promise.js:11:17:11:21 | query | -| pg-promise.js:12:10:12:14 | query | -| pg-promise.js:12:10:12:14 | query | -| pg-promise.js:13:12:13:16 | query | -| pg-promise.js:13:12:13:16 | query | -| pg-promise.js:14:18:14:22 | query | -| pg-promise.js:14:18:14:22 | query | -| pg-promise.js:15:11:15:15 | query | -| pg-promise.js:15:11:15:15 | query | -| pg-promise.js:16:10:16:14 | query | -| pg-promise.js:16:10:16:14 | query | -| pg-promise.js:17:16:17:20 | query | -| pg-promise.js:17:16:17:20 | query | -| pg-promise.js:18:12:18:16 | query | -| pg-promise.js:18:12:18:16 | query | -| pg-promise.js:19:13:19:17 | query | -| pg-promise.js:19:13:19:17 | query | -| pg-promise.js:22:11:22:15 | query | -| pg-promise.js:22:11:22:15 | query | -| pg-promise.js:30:13:30:25 | req.params.id | -| pg-promise.js:30:13:30:25 | req.params.id | -| pg-promise.js:30:13:30:25 | req.params.id | -| pg-promise.js:34:13:34:25 | req.params.id | -| pg-promise.js:34:13:34:25 | req.params.id | -| pg-promise.js:34:13:34:25 | req.params.id | -| pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | -| pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | -| pg-promise.js:39:7:39:19 | req.params.id | -| pg-promise.js:39:7:39:19 | req.params.id | -| pg-promise.js:39:7:39:19 | req.params.id | -| pg-promise.js:40:7:40:21 | req.params.name | -| pg-promise.js:40:7:40:21 | req.params.name | -| pg-promise.js:40:7:40:21 | req.params.name | -| pg-promise.js:41:7:41:20 | req.params.foo | -| pg-promise.js:41:7:41:20 | req.params.foo | -| pg-promise.js:47:11:47:23 | req.params.id | -| pg-promise.js:47:11:47:23 | req.params.id | -| pg-promise.js:47:11:47:23 | req.params.id | -| pg-promise.js:54:11:54:23 | req.params.id | -| pg-promise.js:54:11:54:23 | req.params.id | -| pg-promise.js:54:11:54:23 | req.params.id | -| pg-promise.js:56:14:56:29 | req.params.title | -| pg-promise.js:56:14:56:29 | req.params.title | -| pg-promise.js:56:14:56:29 | req.params.title | -| pg-promise.js:60:20:60:24 | query | -| pg-promise.js:60:20:60:24 | query | -| pg-promise.js:63:23:63:27 | query | -| pg-promise.js:63:23:63:27 | query | -| pg-promise.js:64:16:64:20 | query | -| pg-promise.js:64:16:64:20 | query | -| redis.js:10:16:10:23 | req.body | -| redis.js:10:16:10:23 | req.body | -| redis.js:10:16:10:27 | req.body.key | -| redis.js:10:16:10:27 | req.body.key | -| redis.js:12:9:12:26 | key | -| redis.js:12:15:12:22 | req.body | -| redis.js:12:15:12:22 | req.body | -| redis.js:12:15:12:26 | req.body.key | -| redis.js:18:16:18:18 | key | -| redis.js:18:16:18:18 | key | -| redis.js:19:43:19:45 | key | -| redis.js:19:43:19:45 | key | -| redis.js:25:14:25:16 | key | -| redis.js:25:14:25:16 | key | -| redis.js:30:23:30:25 | key | -| redis.js:30:23:30:25 | key | -| redis.js:32:28:32:30 | key | -| redis.js:32:28:32:30 | key | -| redis.js:38:11:38:28 | key | -| redis.js:38:17:38:24 | req.body | -| redis.js:38:17:38:24 | req.body | -| redis.js:38:17:38:28 | req.body.key | -| redis.js:39:16:39:18 | key | -| redis.js:39:16:39:18 | key | -| redis.js:43:27:43:29 | key | -| redis.js:43:27:43:29 | key | -| redis.js:46:34:46:36 | key | -| redis.js:46:34:46:36 | key | -| socketio.js:10:25:10:30 | handle | -| socketio.js:10:25:10:30 | handle | -| socketio.js:11:12:11:53 | `INSERT ... andle}` | -| socketio.js:11:12:11:53 | `INSERT ... andle}` | -| socketio.js:11:46:11:51 | handle | -| tst2.js:9:27:9:84 | "select ... d + "'" | -| tst2.js:9:27:9:84 | "select ... d + "'" | -| tst2.js:9:66:9:78 | req.params.id | -| tst2.js:9:66:9:78 | req.params.id | -| tst3.js:7:7:8:55 | query1 | -| tst3.js:7:16:8:55 | "SELECT ... PRICE" | -| tst3.js:8:16:8:34 | req.params.category | -| tst3.js:8:16:8:34 | req.params.category | -| tst3.js:9:14:9:19 | query1 | -| tst3.js:9:14:9:19 | query1 | -| tst4.js:8:10:8:66 | 'SELECT ... d + '"' | -| tst4.js:8:10:8:66 | 'SELECT ... d + '"' | -| tst4.js:8:46:8:60 | $routeParams.id | -| tst4.js:8:46:8:60 | $routeParams.id | -| tst.js:10:10:10:64 | 'SELECT ... d + '"' | -| tst.js:10:10:10:64 | 'SELECT ... d + '"' | -| tst.js:10:46:10:58 | req.params.id | -| tst.js:10:46:10:58 | req.params.id | +| graphql.js:8:11:8:28 | id | semmle.label | id | +| graphql.js:8:16:8:28 | req.params.id | semmle.label | req.params.id | +| graphql.js:10:34:20:5 | `\\n ... }\\n ` | semmle.label | `\\n ... }\\n ` | +| graphql.js:12:46:12:47 | id | semmle.label | id | +| graphql.js:26:11:26:28 | id | semmle.label | id | +| graphql.js:26:16:26:28 | req.params.id | semmle.label | req.params.id | +| graphql.js:27:30:27:40 | `foo ${id}` | semmle.label | `foo ${id}` | +| graphql.js:27:37:27:38 | id | semmle.label | id | +| graphql.js:30:32:30:42 | `foo ${id}` | semmle.label | `foo ${id}` | +| graphql.js:30:39:30:40 | id | semmle.label | id | +| graphql.js:33:18:33:28 | `foo ${id}` | semmle.label | `foo ${id}` | +| graphql.js:33:25:33:26 | id | semmle.label | id | +| graphql.js:39:11:39:28 | id | semmle.label | id | +| graphql.js:39:16:39:28 | req.params.id | semmle.label | req.params.id | +| graphql.js:44:14:44:24 | `foo ${id}` | semmle.label | `foo ${id}` | +| graphql.js:44:21:44:22 | id | semmle.label | id | +| graphql.js:48:44:48:54 | `foo ${id}` | semmle.label | `foo ${id}` | +| graphql.js:48:51:48:52 | id | semmle.label | id | +| graphql.js:55:11:55:28 | id | semmle.label | id | +| graphql.js:55:16:55:28 | req.params.id | semmle.label | req.params.id | +| graphql.js:56:39:56:49 | `foo ${id}` | semmle.label | `foo ${id}` | +| graphql.js:56:46:56:47 | id | semmle.label | id | +| graphql.js:58:66:58:76 | `foo ${id}` | semmle.label | `foo ${id}` | +| graphql.js:58:73:58:74 | id | semmle.label | id | +| graphql.js:74:9:74:25 | id | semmle.label | id | +| graphql.js:74:14:74:25 | req.query.id | semmle.label | req.query.id | +| graphql.js:75:46:75:64 | "{ foo" + id + " }" | semmle.label | "{ foo" + id + " }" | +| graphql.js:75:56:75:57 | id | semmle.label | id | +| graphql.js:84:14:90:8 | `{\\n ... }` | semmle.label | `{\\n ... }` | +| graphql.js:88:13:88:14 | id | semmle.label | id | +| graphql.js:119:11:119:28 | id | semmle.label | id | +| graphql.js:119:16:119:28 | req.params.id | semmle.label | req.params.id | +| graphql.js:120:38:120:48 | `foo ${id}` | semmle.label | `foo ${id}` | +| graphql.js:120:45:120:46 | id | semmle.label | id | +| html-sanitizer.js:13:39:13:44 | param1 | semmle.label | param1 | +| html-sanitizer.js:14:5:14:24 | param1 | semmle.label | param1 | +| html-sanitizer.js:14:14:14:24 | xss(param1) | semmle.label | xss(param1) | +| html-sanitizer.js:14:18:14:23 | param1 | semmle.label | param1 | +| html-sanitizer.js:16:9:16:59 | `SELECT ... param1 | semmle.label | `SELECT ... param1 | +| html-sanitizer.js:16:54:16:59 | param1 | semmle.label | param1 | +| json-schema-validator.js:25:15:25:48 | query | semmle.label | query | +| json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | semmle.label | JSON.pa ... y.data) | +| json-schema-validator.js:25:34:25:47 | req.query.data | semmle.label | req.query.data | +| json-schema-validator.js:33:22:33:26 | query | semmle.label | query | +| json-schema-validator.js:35:18:35:22 | query | semmle.label | query | +| json-schema-validator.js:50:15:50:48 | query | semmle.label | query | +| json-schema-validator.js:50:23:50:48 | JSON.pa ... y.data) | semmle.label | JSON.pa ... y.data) | +| json-schema-validator.js:50:34:50:47 | req.query.data | semmle.label | req.query.data | +| json-schema-validator.js:55:22:55:26 | query | semmle.label | query | +| json-schema-validator.js:59:22:59:26 | query | semmle.label | query | +| json-schema-validator.js:61:22:61:26 | query | semmle.label | query | +| koarouter.js:5:11:5:33 | version | semmle.label | version | +| koarouter.js:5:13:5:19 | version | semmle.label | version | +| koarouter.js:11:11:11:28 | conditions | semmle.label | conditions | +| koarouter.js:14:9:14:18 | [post update] conditions | semmle.label | [post update] conditions | +| koarouter.js:14:25:14:46 | `versio ... rsion}` | semmle.label | `versio ... rsion}` | +| koarouter.js:14:38:14:44 | version | semmle.label | version | +| koarouter.js:17:27:17:77 | `SELECT ... nd ')}` | semmle.label | `SELECT ... nd ')}` | +| koarouter.js:17:52:17:61 | conditions | semmle.label | conditions | +| koarouter.js:17:52:17:75 | conditi ... and ') | semmle.label | conditi ... and ') | +| ldap.js:20:7:20:34 | q | semmle.label | q | +| ldap.js:20:11:20:34 | url.par ... , true) | semmle.label | url.par ... , true) | +| ldap.js:20:21:20:27 | req.url | semmle.label | req.url | +| ldap.js:22:7:22:33 | username | semmle.label | username | +| ldap.js:22:18:22:18 | q | semmle.label | q | +| ldap.js:25:13:25:57 | `(\|(nam ... ame}))` | semmle.label | `(\|(nam ... ame}))` | +| ldap.js:25:24:25:31 | username | semmle.label | username | +| ldap.js:25:46:25:53 | username | semmle.label | username | +| ldap.js:28:30:28:34 | opts1 | semmle.label | opts1 | +| ldap.js:32:5:32:61 | { filte ... e}))` } | semmle.label | { filte ... e}))` } | +| ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | semmle.label | `(\|(nam ... ame}))` | +| ldap.js:32:26:32:33 | username | semmle.label | username | +| ldap.js:32:48:32:55 | username | semmle.label | username | +| ldap.js:63:9:65:3 | parsedFilter | semmle.label | parsedFilter | +| ldap.js:63:24:65:3 | ldap.pa ... ))`\\n ) | semmle.label | ldap.pa ... ))`\\n ) | +| ldap.js:64:5:64:49 | `(\|(nam ... ame}))` | semmle.label | `(\|(nam ... ame}))` | +| ldap.js:64:16:64:23 | username | semmle.label | username | +| ldap.js:64:38:64:45 | username | semmle.label | username | +| ldap.js:66:30:66:53 | { filte ... ilter } | semmle.label | { filte ... ilter } | +| ldap.js:66:40:66:51 | parsedFilter | semmle.label | parsedFilter | +| ldap.js:68:27:68:42 | `cn=${username}` | semmle.label | `cn=${username}` | +| ldap.js:68:33:68:40 | username | semmle.label | username | +| marsdb-flow-to.js:10:9:10:18 | query | semmle.label | query | +| marsdb-flow-to.js:10:17:10:18 | {} | semmle.label | {} | +| marsdb-flow-to.js:11:17:11:24 | req.body | semmle.label | req.body | +| marsdb-flow-to.js:11:17:11:30 | req.body.title | semmle.label | req.body.title | +| marsdb-flow-to.js:14:17:14:21 | query | semmle.label | query | +| marsdb.js:12:9:12:18 | query | semmle.label | query | +| marsdb.js:12:17:12:18 | {} | semmle.label | {} | +| marsdb.js:13:17:13:24 | req.body | semmle.label | req.body | +| marsdb.js:13:17:13:30 | req.body.title | semmle.label | req.body.title | +| marsdb.js:16:12:16:16 | query | semmle.label | query | +| minimongo.js:14:9:14:18 | query | semmle.label | query | +| minimongo.js:14:17:14:18 | {} | semmle.label | {} | +| minimongo.js:15:17:15:24 | req.body | semmle.label | req.body | +| minimongo.js:15:17:15:30 | req.body.title | semmle.label | req.body.title | +| minimongo.js:18:12:18:16 | query | semmle.label | query | +| mongodb.js:12:11:12:20 | query | semmle.label | query | +| mongodb.js:12:19:12:20 | {} | semmle.label | {} | +| mongodb.js:13:5:13:9 | query | semmle.label | query | +| mongodb.js:13:19:13:26 | req.body | semmle.label | req.body | +| mongodb.js:13:19:13:32 | req.body.title | semmle.label | req.body.title | +| mongodb.js:18:16:18:20 | query | semmle.label | query | +| mongodb.js:26:11:26:32 | title | semmle.label | title | +| mongodb.js:26:19:26:26 | req.body | semmle.label | req.body | +| mongodb.js:26:19:26:32 | req.body.title | semmle.label | req.body.title | +| mongodb.js:32:18:32:45 | { title ... itle) } | semmle.label | { title ... itle) } | +| mongodb.js:32:27:32:43 | JSON.parse(title) | semmle.label | JSON.parse(title) | +| mongodb.js:32:38:32:42 | title | semmle.label | title | +| mongodb.js:48:11:48:20 | query | semmle.label | query | +| mongodb.js:48:19:48:20 | {} | semmle.label | {} | +| mongodb.js:49:5:49:9 | query | semmle.label | query | +| mongodb.js:49:19:49:33 | req.query.title | semmle.label | req.query.title | +| mongodb.js:54:16:54:20 | query | semmle.label | query | +| mongodb.js:59:8:59:17 | query | semmle.label | query | +| mongodb.js:59:16:59:17 | {} | semmle.label | {} | +| mongodb.js:60:2:60:6 | query | semmle.label | query | +| mongodb.js:60:16:60:30 | req.query.title | semmle.label | req.query.title | +| mongodb.js:65:12:65:16 | query | semmle.label | query | +| mongodb.js:70:7:70:25 | tag | semmle.label | tag | +| mongodb.js:70:13:70:25 | req.query.tag | semmle.label | req.query.tag | +| mongodb.js:77:14:77:26 | { tags: tag } | semmle.label | { tags: tag } | +| mongodb.js:77:22:77:24 | tag | semmle.label | tag | +| mongodb.js:85:12:85:24 | { tags: tag } | semmle.label | { tags: tag } | +| mongodb.js:85:20:85:22 | tag | semmle.label | tag | +| mongodb.js:106:9:106:18 | query | semmle.label | query | +| mongodb.js:106:17:106:18 | {} | semmle.label | {} | +| mongodb.js:107:3:107:7 | query | semmle.label | query | +| mongodb.js:107:17:107:29 | queries.title | semmle.label | queries.title | +| mongodb.js:112:14:112:18 | query | semmle.label | query | +| mongodb_bodySafe.js:23:11:23:20 | query | semmle.label | query | +| mongodb_bodySafe.js:23:19:23:20 | {} | semmle.label | {} | +| mongodb_bodySafe.js:24:5:24:9 | query | semmle.label | query | +| mongodb_bodySafe.js:24:19:24:33 | req.query.title | semmle.label | req.query.title | +| mongodb_bodySafe.js:29:16:29:20 | query | semmle.label | query | +| mongoose.js:20:8:20:17 | query | semmle.label | query | +| mongoose.js:20:16:20:17 | {} | semmle.label | {} | +| mongoose.js:21:2:21:6 | query | semmle.label | query | +| mongoose.js:21:16:21:23 | req.body | semmle.label | req.body | +| mongoose.js:21:16:21:29 | req.body.title | semmle.label | req.body.title | +| mongoose.js:24:21:24:27 | [query] | semmle.label | [query] | +| mongoose.js:24:22:24:26 | query | semmle.label | query | +| mongoose.js:27:17:27:21 | query | semmle.label | query | +| mongoose.js:30:22:30:26 | query | semmle.label | query | +| mongoose.js:33:21:33:25 | query | semmle.label | query | +| mongoose.js:36:28:36:32 | query | semmle.label | query | +| mongoose.js:39:16:39:20 | query | semmle.label | query | +| mongoose.js:42:19:42:23 | query | semmle.label | query | +| mongoose.js:45:28:45:32 | query | semmle.label | query | +| mongoose.js:48:28:48:32 | query | semmle.label | query | +| mongoose.js:51:28:51:32 | query | semmle.label | query | +| mongoose.js:54:22:54:26 | query | semmle.label | query | +| mongoose.js:57:18:57:22 | query | semmle.label | query | +| mongoose.js:60:22:60:26 | query | semmle.label | query | +| mongoose.js:63:21:63:25 | query | semmle.label | query | +| mongoose.js:65:32:65:36 | query | semmle.label | query | +| mongoose.js:67:27:67:31 | query | semmle.label | query | +| mongoose.js:68:8:68:12 | query | semmle.label | query | +| mongoose.js:71:17:71:21 | query | semmle.label | query | +| mongoose.js:72:10:72:14 | query | semmle.label | query | +| mongoose.js:73:8:73:12 | query | semmle.label | query | +| mongoose.js:74:7:74:11 | query | semmle.label | query | +| mongoose.js:75:16:75:20 | query | semmle.label | query | +| mongoose.js:76:12:76:16 | query | semmle.label | query | +| mongoose.js:77:10:77:14 | query | semmle.label | query | +| mongoose.js:81:37:81:41 | query | semmle.label | query | +| mongoose.js:82:46:82:50 | query | semmle.label | query | +| mongoose.js:83:47:83:51 | query | semmle.label | query | +| mongoose.js:85:46:85:50 | query | semmle.label | query | +| mongoose.js:87:51:87:55 | query | semmle.label | query | +| mongoose.js:89:46:89:50 | query | semmle.label | query | +| mongoose.js:92:46:92:50 | query | semmle.label | query | +| mongoose.js:94:51:94:55 | query | semmle.label | query | +| mongoose.js:96:46:96:50 | query | semmle.label | query | +| mongoose.js:104:21:104:25 | query | semmle.label | query | +| mongoose.js:111:14:111:18 | query | semmle.label | query | +| mongoose.js:113:31:113:35 | query | semmle.label | query | +| mongoose.js:115:6:115:22 | id | semmle.label | id | +| mongoose.js:115:11:115:22 | req.query.id | semmle.label | req.query.id | +| mongoose.js:115:25:115:45 | cond | semmle.label | cond | +| mongoose.js:115:32:115:45 | req.query.cond | semmle.label | req.query.cond | +| mongoose.js:116:22:116:25 | cond | semmle.label | cond | +| mongoose.js:117:21:117:24 | cond | semmle.label | cond | +| mongoose.js:118:21:118:24 | cond | semmle.label | cond | +| mongoose.js:119:18:119:21 | cond | semmle.label | cond | +| mongoose.js:120:22:120:25 | cond | semmle.label | cond | +| mongoose.js:121:16:121:19 | cond | semmle.label | cond | +| mongoose.js:122:19:122:22 | cond | semmle.label | cond | +| mongoose.js:123:20:123:21 | id | semmle.label | id | +| mongoose.js:124:28:124:31 | cond | semmle.label | cond | +| mongoose.js:125:28:125:31 | cond | semmle.label | cond | +| mongoose.js:126:28:126:31 | cond | semmle.label | cond | +| mongoose.js:127:18:127:21 | cond | semmle.label | cond | +| mongoose.js:128:22:128:25 | cond | semmle.label | cond | +| mongoose.js:129:21:129:24 | cond | semmle.label | cond | +| mongoose.js:130:16:130:26 | { _id: id } | semmle.label | { _id: id } | +| mongoose.js:130:23:130:24 | id | semmle.label | id | +| mongoose.js:133:38:133:42 | query | semmle.label | query | +| mongoose.js:134:30:134:34 | query | semmle.label | query | +| mongoose.js:136:30:136:34 | query | semmle.label | query | +| mongooseJsonParse.js:19:11:19:20 | query | semmle.label | query | +| mongooseJsonParse.js:19:19:19:20 | {} | semmle.label | {} | +| mongooseJsonParse.js:20:19:20:44 | JSON.pa ... y.data) | semmle.label | JSON.pa ... y.data) | +| mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | semmle.label | JSON.pa ... ).title | +| mongooseJsonParse.js:20:30:20:43 | req.query.data | semmle.label | req.query.data | +| mongooseJsonParse.js:23:19:23:23 | query | semmle.label | query | +| mongooseModelClient.js:10:7:10:32 | v | semmle.label | v | +| mongooseModelClient.js:10:11:10:32 | JSON.pa ... body.x) | semmle.label | JSON.pa ... body.x) | +| mongooseModelClient.js:10:22:10:29 | req.body | semmle.label | req.body | +| mongooseModelClient.js:10:22:10:31 | req.body.x | semmle.label | req.body.x | +| mongooseModelClient.js:11:16:11:24 | { id: v } | semmle.label | { id: v } | +| mongooseModelClient.js:11:22:11:22 | v | semmle.label | v | +| mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | semmle.label | { id: req.body.id } | +| mongooseModelClient.js:12:22:12:29 | req.body | semmle.label | req.body | +| mongooseModelClient.js:12:22:12:32 | req.body.id | semmle.label | req.body.id | +| mysql.js:6:9:6:31 | temp | semmle.label | temp | +| mysql.js:6:16:6:31 | req.params.value | semmle.label | req.params.value | +| mysql.js:15:18:15:65 | 'SELECT ... + temp | semmle.label | 'SELECT ... + temp | +| mysql.js:15:62:15:65 | temp | semmle.label | temp | +| mysql.js:19:26:19:73 | 'SELECT ... + temp | semmle.label | 'SELECT ... + temp | +| mysql.js:19:70:19:73 | temp | semmle.label | temp | +| pg-promise-types.ts:7:9:7:28 | taint | semmle.label | taint | +| pg-promise-types.ts:7:17:7:28 | req.params.x | semmle.label | req.params.x | +| pg-promise-types.ts:8:17:8:21 | taint | semmle.label | taint | +| pg-promise.js:6:7:7:55 | query | semmle.label | query | +| pg-promise.js:7:16:7:34 | req.params.category | semmle.label | req.params.category | +| pg-promise.js:9:10:9:14 | query | semmle.label | query | +| pg-promise.js:10:11:10:15 | query | semmle.label | query | +| pg-promise.js:11:17:11:21 | query | semmle.label | query | +| pg-promise.js:12:10:12:14 | query | semmle.label | query | +| pg-promise.js:13:12:13:16 | query | semmle.label | query | +| pg-promise.js:14:18:14:22 | query | semmle.label | query | +| pg-promise.js:15:11:15:15 | query | semmle.label | query | +| pg-promise.js:16:10:16:14 | query | semmle.label | query | +| pg-promise.js:17:16:17:20 | query | semmle.label | query | +| pg-promise.js:18:12:18:16 | query | semmle.label | query | +| pg-promise.js:19:13:19:17 | query | semmle.label | query | +| pg-promise.js:22:11:22:15 | query | semmle.label | query | +| pg-promise.js:30:13:30:25 | req.params.id | semmle.label | req.params.id | +| pg-promise.js:34:13:34:25 | req.params.id | semmle.label | req.params.id | +| pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | semmle.label | [\\n ... n\\n ] | +| pg-promise.js:39:7:39:19 | req.params.id | semmle.label | req.params.id | +| pg-promise.js:40:7:40:21 | req.params.name | semmle.label | req.params.name | +| pg-promise.js:41:7:41:20 | req.params.foo | semmle.label | req.params.foo | +| pg-promise.js:47:11:47:23 | req.params.id | semmle.label | req.params.id | +| pg-promise.js:54:11:54:23 | req.params.id | semmle.label | req.params.id | +| pg-promise.js:56:14:56:29 | req.params.title | semmle.label | req.params.title | +| pg-promise.js:60:20:60:24 | query | semmle.label | query | +| pg-promise.js:63:23:63:27 | query | semmle.label | query | +| pg-promise.js:64:16:64:20 | query | semmle.label | query | +| redis.js:10:16:10:23 | req.body | semmle.label | req.body | +| redis.js:10:16:10:27 | req.body.key | semmle.label | req.body.key | +| redis.js:12:9:12:26 | key | semmle.label | key | +| redis.js:12:15:12:22 | req.body | semmle.label | req.body | +| redis.js:12:15:12:26 | req.body.key | semmle.label | req.body.key | +| redis.js:13:16:13:18 | key | semmle.label | key | +| redis.js:18:16:18:18 | key | semmle.label | key | +| redis.js:19:43:19:45 | key | semmle.label | key | +| redis.js:25:14:25:16 | key | semmle.label | key | +| redis.js:26:14:26:16 | key | semmle.label | key | +| redis.js:30:23:30:25 | key | semmle.label | key | +| redis.js:32:28:32:30 | key | semmle.label | key | +| redis.js:38:11:38:28 | key | semmle.label | key | +| redis.js:38:17:38:24 | req.body | semmle.label | req.body | +| redis.js:38:17:38:28 | req.body.key | semmle.label | req.body.key | +| redis.js:39:16:39:18 | key | semmle.label | key | +| redis.js:43:27:43:29 | key | semmle.label | key | +| redis.js:46:34:46:36 | key | semmle.label | key | +| socketio.js:10:25:10:30 | handle | semmle.label | handle | +| socketio.js:11:12:11:53 | `INSERT ... andle}` | semmle.label | `INSERT ... andle}` | +| socketio.js:11:46:11:51 | handle | semmle.label | handle | +| tst2.js:9:27:9:84 | "select ... d + "'" | semmle.label | "select ... d + "'" | +| tst2.js:9:66:9:78 | req.params.id | semmle.label | req.params.id | +| tst3.js:7:7:8:55 | query1 | semmle.label | query1 | +| tst3.js:8:16:8:34 | req.params.category | semmle.label | req.params.category | +| tst3.js:9:14:9:19 | query1 | semmle.label | query1 | +| tst4.js:8:10:8:66 | 'SELECT ... d + '"' | semmle.label | 'SELECT ... d + '"' | +| tst4.js:8:46:8:60 | $routeParams.id | semmle.label | $routeParams.id | +| tst.js:10:10:10:64 | 'SELECT ... d + '"' | semmle.label | 'SELECT ... d + '"' | +| tst.js:10:46:10:58 | req.params.id | semmle.label | req.params.id | edges -| graphql.js:8:11:8:28 | id | graphql.js:12:46:12:47 | id | -| graphql.js:8:16:8:28 | req.params.id | graphql.js:8:11:8:28 | id | -| graphql.js:8:16:8:28 | req.params.id | graphql.js:8:11:8:28 | id | -| graphql.js:12:46:12:47 | id | graphql.js:10:34:20:5 | `\\n ... }\\n ` | -| graphql.js:12:46:12:47 | id | graphql.js:10:34:20:5 | `\\n ... }\\n ` | -| graphql.js:26:11:26:28 | id | graphql.js:27:37:27:38 | id | -| graphql.js:26:11:26:28 | id | graphql.js:30:39:30:40 | id | -| graphql.js:26:11:26:28 | id | graphql.js:33:25:33:26 | id | -| graphql.js:26:16:26:28 | req.params.id | graphql.js:26:11:26:28 | id | -| graphql.js:26:16:26:28 | req.params.id | graphql.js:26:11:26:28 | id | -| graphql.js:27:37:27:38 | id | graphql.js:27:30:27:40 | `foo ${id}` | -| graphql.js:27:37:27:38 | id | graphql.js:27:30:27:40 | `foo ${id}` | -| graphql.js:30:39:30:40 | id | graphql.js:30:32:30:42 | `foo ${id}` | -| graphql.js:30:39:30:40 | id | graphql.js:30:32:30:42 | `foo ${id}` | -| graphql.js:33:25:33:26 | id | graphql.js:33:18:33:28 | `foo ${id}` | -| graphql.js:33:25:33:26 | id | graphql.js:33:18:33:28 | `foo ${id}` | -| graphql.js:39:11:39:28 | id | graphql.js:44:21:44:22 | id | -| graphql.js:39:11:39:28 | id | graphql.js:48:51:48:52 | id | -| graphql.js:39:16:39:28 | req.params.id | graphql.js:39:11:39:28 | id | -| graphql.js:39:16:39:28 | req.params.id | graphql.js:39:11:39:28 | id | -| graphql.js:44:21:44:22 | id | graphql.js:44:14:44:24 | `foo ${id}` | -| graphql.js:44:21:44:22 | id | graphql.js:44:14:44:24 | `foo ${id}` | -| graphql.js:48:51:48:52 | id | graphql.js:48:44:48:54 | `foo ${id}` | -| graphql.js:48:51:48:52 | id | graphql.js:48:44:48:54 | `foo ${id}` | -| graphql.js:55:11:55:28 | id | graphql.js:56:46:56:47 | id | -| graphql.js:55:11:55:28 | id | graphql.js:58:73:58:74 | id | -| graphql.js:55:16:55:28 | req.params.id | graphql.js:55:11:55:28 | id | -| graphql.js:55:16:55:28 | req.params.id | graphql.js:55:11:55:28 | id | -| graphql.js:56:46:56:47 | id | graphql.js:56:39:56:49 | `foo ${id}` | -| graphql.js:56:46:56:47 | id | graphql.js:56:39:56:49 | `foo ${id}` | -| graphql.js:58:73:58:74 | id | graphql.js:58:66:58:76 | `foo ${id}` | -| graphql.js:58:73:58:74 | id | graphql.js:58:66:58:76 | `foo ${id}` | -| graphql.js:74:9:74:25 | id | graphql.js:75:56:75:57 | id | -| graphql.js:74:9:74:25 | id | graphql.js:88:13:88:14 | id | -| graphql.js:74:14:74:25 | req.query.id | graphql.js:74:9:74:25 | id | -| graphql.js:74:14:74:25 | req.query.id | graphql.js:74:9:74:25 | id | -| graphql.js:75:56:75:57 | id | graphql.js:75:46:75:64 | "{ foo" + id + " }" | -| graphql.js:75:56:75:57 | id | graphql.js:75:46:75:64 | "{ foo" + id + " }" | -| graphql.js:88:13:88:14 | id | graphql.js:84:14:90:8 | `{\\n ... }` | -| graphql.js:88:13:88:14 | id | graphql.js:84:14:90:8 | `{\\n ... }` | -| graphql.js:119:11:119:28 | id | graphql.js:120:45:120:46 | id | -| graphql.js:119:16:119:28 | req.params.id | graphql.js:119:11:119:28 | id | -| graphql.js:119:16:119:28 | req.params.id | graphql.js:119:11:119:28 | id | -| graphql.js:120:45:120:46 | id | graphql.js:120:38:120:48 | `foo ${id}` | -| graphql.js:120:45:120:46 | id | graphql.js:120:38:120:48 | `foo ${id}` | -| html-sanitizer.js:13:39:13:44 | param1 | html-sanitizer.js:14:18:14:23 | param1 | -| html-sanitizer.js:13:39:13:44 | param1 | html-sanitizer.js:14:18:14:23 | param1 | -| html-sanitizer.js:14:5:14:24 | param1 | html-sanitizer.js:16:54:16:59 | param1 | -| html-sanitizer.js:14:14:14:24 | xss(param1) | html-sanitizer.js:14:5:14:24 | param1 | -| html-sanitizer.js:14:18:14:23 | param1 | html-sanitizer.js:14:14:14:24 | xss(param1) | -| html-sanitizer.js:16:54:16:59 | param1 | html-sanitizer.js:16:9:16:59 | `SELECT ... param1 | -| html-sanitizer.js:16:54:16:59 | param1 | html-sanitizer.js:16:9:16:59 | `SELECT ... param1 | -| json-schema-validator.js:25:15:25:48 | query | json-schema-validator.js:33:22:33:26 | query | -| json-schema-validator.js:25:15:25:48 | query | json-schema-validator.js:33:22:33:26 | query | -| json-schema-validator.js:25:15:25:48 | query | json-schema-validator.js:35:18:35:22 | query | -| json-schema-validator.js:25:15:25:48 | query | json-schema-validator.js:35:18:35:22 | query | -| json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | json-schema-validator.js:25:15:25:48 | query | -| json-schema-validator.js:25:34:25:47 | req.query.data | json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | -| json-schema-validator.js:25:34:25:47 | req.query.data | json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | -| json-schema-validator.js:50:15:50:48 | query | json-schema-validator.js:55:22:55:26 | query | -| json-schema-validator.js:50:15:50:48 | query | json-schema-validator.js:55:22:55:26 | query | -| json-schema-validator.js:50:15:50:48 | query | json-schema-validator.js:59:22:59:26 | query | -| json-schema-validator.js:50:15:50:48 | query | json-schema-validator.js:59:22:59:26 | query | -| json-schema-validator.js:50:15:50:48 | query | json-schema-validator.js:61:22:61:26 | query | -| json-schema-validator.js:50:15:50:48 | query | json-schema-validator.js:61:22:61:26 | query | -| json-schema-validator.js:50:23:50:48 | JSON.pa ... y.data) | json-schema-validator.js:50:15:50:48 | query | -| json-schema-validator.js:50:34:50:47 | req.query.data | json-schema-validator.js:50:23:50:48 | JSON.pa ... y.data) | -| json-schema-validator.js:50:34:50:47 | req.query.data | json-schema-validator.js:50:23:50:48 | JSON.pa ... y.data) | -| ldap.js:20:7:20:34 | q | ldap.js:22:18:22:18 | q | -| ldap.js:20:11:20:34 | url.par ... , true) | ldap.js:20:7:20:34 | q | -| ldap.js:20:21:20:27 | req.url | ldap.js:20:11:20:34 | url.par ... , true) | -| ldap.js:20:21:20:27 | req.url | ldap.js:20:11:20:34 | url.par ... , true) | -| ldap.js:22:7:22:33 | username | ldap.js:25:24:25:31 | username | -| ldap.js:22:7:22:33 | username | ldap.js:25:46:25:53 | username | -| ldap.js:22:7:22:33 | username | ldap.js:32:26:32:33 | username | -| ldap.js:22:7:22:33 | username | ldap.js:32:48:32:55 | username | -| ldap.js:22:7:22:33 | username | ldap.js:64:16:64:23 | username | -| ldap.js:22:7:22:33 | username | ldap.js:64:38:64:45 | username | -| ldap.js:22:7:22:33 | username | ldap.js:68:33:68:40 | username | -| ldap.js:22:18:22:18 | q | ldap.js:22:18:22:24 | q.query | -| ldap.js:22:18:22:24 | q.query | ldap.js:22:18:22:33 | q.query.username | -| ldap.js:22:18:22:33 | q.query.username | ldap.js:22:7:22:33 | username | -| ldap.js:25:13:25:57 | `(\|(nam ... ame}))` | ldap.js:28:30:28:34 | opts1 | -| ldap.js:25:13:25:57 | `(\|(nam ... ame}))` | ldap.js:28:30:28:34 | opts1 | -| ldap.js:25:24:25:31 | username | ldap.js:25:13:25:57 | `(\|(nam ... ame}))` | -| ldap.js:25:46:25:53 | username | ldap.js:25:13:25:57 | `(\|(nam ... ame}))` | -| ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | ldap.js:32:5:32:61 | { filte ... e}))` } | -| ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | ldap.js:32:5:32:61 | { filte ... e}))` } | -| ldap.js:32:26:32:33 | username | ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | -| ldap.js:32:48:32:55 | username | ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | -| ldap.js:63:9:65:3 | parsedFilter | ldap.js:66:40:66:51 | parsedFilter | -| ldap.js:63:24:65:3 | ldap.pa ... ))`\\n ) | ldap.js:63:9:65:3 | parsedFilter | -| ldap.js:64:5:64:49 | `(\|(nam ... ame}))` | ldap.js:63:24:65:3 | ldap.pa ... ))`\\n ) | -| ldap.js:64:16:64:23 | username | ldap.js:64:5:64:49 | `(\|(nam ... ame}))` | -| ldap.js:64:38:64:45 | username | ldap.js:64:5:64:49 | `(\|(nam ... ame}))` | -| ldap.js:66:40:66:51 | parsedFilter | ldap.js:66:30:66:53 | { filte ... ilter } | -| ldap.js:66:40:66:51 | parsedFilter | ldap.js:66:30:66:53 | { filte ... ilter } | -| ldap.js:68:33:68:40 | username | ldap.js:68:27:68:42 | `cn=${username}` | -| ldap.js:68:33:68:40 | username | ldap.js:68:27:68:42 | `cn=${username}` | -| marsdb-flow-to.js:10:9:10:18 | query | marsdb-flow-to.js:14:17:14:21 | query | -| marsdb-flow-to.js:10:9:10:18 | query | marsdb-flow-to.js:14:17:14:21 | query | -| marsdb-flow-to.js:10:17:10:18 | {} | marsdb-flow-to.js:10:9:10:18 | query | -| marsdb-flow-to.js:11:17:11:24 | req.body | marsdb-flow-to.js:11:17:11:30 | req.body.title | -| marsdb-flow-to.js:11:17:11:24 | req.body | marsdb-flow-to.js:11:17:11:30 | req.body.title | -| marsdb-flow-to.js:11:17:11:30 | req.body.title | marsdb-flow-to.js:10:9:10:18 | query | -| marsdb-flow-to.js:11:17:11:30 | req.body.title | marsdb-flow-to.js:10:17:10:18 | {} | -| marsdb-flow-to.js:11:17:11:30 | req.body.title | marsdb-flow-to.js:14:17:14:21 | query | -| marsdb-flow-to.js:11:17:11:30 | req.body.title | marsdb-flow-to.js:14:17:14:21 | query | -| marsdb.js:12:9:12:18 | query | marsdb.js:16:12:16:16 | query | -| marsdb.js:12:9:12:18 | query | marsdb.js:16:12:16:16 | query | -| marsdb.js:12:17:12:18 | {} | marsdb.js:12:9:12:18 | query | -| marsdb.js:13:17:13:24 | req.body | marsdb.js:13:17:13:30 | req.body.title | -| marsdb.js:13:17:13:24 | req.body | marsdb.js:13:17:13:30 | req.body.title | -| marsdb.js:13:17:13:30 | req.body.title | marsdb.js:12:9:12:18 | query | -| marsdb.js:13:17:13:30 | req.body.title | marsdb.js:12:17:12:18 | {} | -| marsdb.js:13:17:13:30 | req.body.title | marsdb.js:16:12:16:16 | query | -| marsdb.js:13:17:13:30 | req.body.title | marsdb.js:16:12:16:16 | query | -| minimongo.js:14:9:14:18 | query | minimongo.js:18:12:18:16 | query | -| minimongo.js:14:9:14:18 | query | minimongo.js:18:12:18:16 | query | -| minimongo.js:14:17:14:18 | {} | minimongo.js:14:9:14:18 | query | -| minimongo.js:15:17:15:24 | req.body | minimongo.js:15:17:15:30 | req.body.title | -| minimongo.js:15:17:15:24 | req.body | minimongo.js:15:17:15:30 | req.body.title | -| minimongo.js:15:17:15:30 | req.body.title | minimongo.js:14:9:14:18 | query | -| minimongo.js:15:17:15:30 | req.body.title | minimongo.js:14:17:14:18 | {} | -| minimongo.js:15:17:15:30 | req.body.title | minimongo.js:18:12:18:16 | query | -| minimongo.js:15:17:15:30 | req.body.title | minimongo.js:18:12:18:16 | query | -| mongodb.js:12:11:12:20 | query | mongodb.js:18:16:18:20 | query | -| mongodb.js:12:11:12:20 | query | mongodb.js:18:16:18:20 | query | -| mongodb.js:12:19:12:20 | {} | mongodb.js:12:11:12:20 | query | -| mongodb.js:13:19:13:26 | req.body | mongodb.js:13:19:13:32 | req.body.title | -| mongodb.js:13:19:13:26 | req.body | mongodb.js:13:19:13:32 | req.body.title | -| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:12:11:12:20 | query | -| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:12:19:12:20 | {} | -| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:18:16:18:20 | query | -| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:18:16:18:20 | query | -| mongodb.js:26:11:26:32 | title | mongodb.js:32:38:32:42 | title | -| mongodb.js:26:19:26:26 | req.body | mongodb.js:26:19:26:32 | req.body.title | -| mongodb.js:26:19:26:26 | req.body | mongodb.js:26:19:26:32 | req.body.title | -| mongodb.js:26:19:26:32 | req.body.title | mongodb.js:26:11:26:32 | title | -| mongodb.js:32:27:32:43 | JSON.parse(title) | mongodb.js:32:18:32:45 | { title ... itle) } | -| mongodb.js:32:27:32:43 | JSON.parse(title) | mongodb.js:32:18:32:45 | { title ... itle) } | -| mongodb.js:32:38:32:42 | title | mongodb.js:32:27:32:43 | JSON.parse(title) | -| mongodb.js:48:11:48:20 | query | mongodb.js:54:16:54:20 | query | -| mongodb.js:48:11:48:20 | query | mongodb.js:54:16:54:20 | query | -| mongodb.js:48:19:48:20 | {} | mongodb.js:48:11:48:20 | query | -| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:48:11:48:20 | query | -| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:48:11:48:20 | query | -| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:48:19:48:20 | {} | -| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:48:19:48:20 | {} | -| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:54:16:54:20 | query | -| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:54:16:54:20 | query | -| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:54:16:54:20 | query | -| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:54:16:54:20 | query | -| mongodb.js:59:8:59:17 | query | mongodb.js:65:12:65:16 | query | -| mongodb.js:59:8:59:17 | query | mongodb.js:65:12:65:16 | query | -| mongodb.js:59:16:59:17 | {} | mongodb.js:59:8:59:17 | query | -| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:59:8:59:17 | query | -| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:59:8:59:17 | query | -| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:59:16:59:17 | {} | -| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:59:16:59:17 | {} | -| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:65:12:65:16 | query | -| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:65:12:65:16 | query | -| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:65:12:65:16 | query | -| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:65:12:65:16 | query | -| mongodb.js:70:7:70:25 | tag | mongodb.js:77:22:77:24 | tag | -| mongodb.js:70:7:70:25 | tag | mongodb.js:85:20:85:22 | tag | -| mongodb.js:70:13:70:25 | req.query.tag | mongodb.js:70:7:70:25 | tag | -| mongodb.js:70:13:70:25 | req.query.tag | mongodb.js:70:7:70:25 | tag | -| mongodb.js:77:22:77:24 | tag | mongodb.js:77:14:77:26 | { tags: tag } | -| mongodb.js:77:22:77:24 | tag | mongodb.js:77:14:77:26 | { tags: tag } | -| mongodb.js:85:20:85:22 | tag | mongodb.js:85:12:85:24 | { tags: tag } | -| mongodb.js:85:20:85:22 | tag | mongodb.js:85:12:85:24 | { tags: tag } | -| mongodb.js:106:9:106:18 | query | mongodb.js:112:14:112:18 | query | -| mongodb.js:106:9:106:18 | query | mongodb.js:112:14:112:18 | query | -| mongodb.js:106:17:106:18 | {} | mongodb.js:106:9:106:18 | query | -| mongodb.js:107:17:107:29 | queries.title | mongodb.js:106:9:106:18 | query | -| mongodb.js:107:17:107:29 | queries.title | mongodb.js:106:9:106:18 | query | -| mongodb.js:107:17:107:29 | queries.title | mongodb.js:106:17:106:18 | {} | -| mongodb.js:107:17:107:29 | queries.title | mongodb.js:106:17:106:18 | {} | -| mongodb.js:107:17:107:29 | queries.title | mongodb.js:112:14:112:18 | query | -| mongodb.js:107:17:107:29 | queries.title | mongodb.js:112:14:112:18 | query | -| mongodb.js:107:17:107:29 | queries.title | mongodb.js:112:14:112:18 | query | -| mongodb.js:107:17:107:29 | queries.title | mongodb.js:112:14:112:18 | query | -| mongodb_bodySafe.js:23:11:23:20 | query | mongodb_bodySafe.js:29:16:29:20 | query | -| mongodb_bodySafe.js:23:11:23:20 | query | mongodb_bodySafe.js:29:16:29:20 | query | -| mongodb_bodySafe.js:23:19:23:20 | {} | mongodb_bodySafe.js:23:11:23:20 | query | -| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:23:11:23:20 | query | -| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:23:11:23:20 | query | -| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:23:19:23:20 | {} | -| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:23:19:23:20 | {} | -| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:29:16:29:20 | query | -| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:29:16:29:20 | query | -| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:29:16:29:20 | query | -| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:29:16:29:20 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:24:22:24:26 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:27:17:27:21 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:27:17:27:21 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:30:22:30:26 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:30:22:30:26 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:33:21:33:25 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:33:21:33:25 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:36:28:36:32 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:36:28:36:32 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:39:16:39:20 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:39:16:39:20 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:42:19:42:23 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:42:19:42:23 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:45:28:45:32 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:45:28:45:32 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:48:28:48:32 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:48:28:48:32 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:51:28:51:32 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:51:28:51:32 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:54:22:54:26 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:54:22:54:26 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:57:18:57:22 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:57:18:57:22 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:60:22:60:26 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:60:22:60:26 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:63:21:63:25 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:63:21:63:25 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:65:32:65:36 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:65:32:65:36 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:67:27:67:31 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:67:27:67:31 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:68:8:68:12 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:68:8:68:12 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:71:17:71:21 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:71:17:71:21 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:72:10:72:14 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:72:10:72:14 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:73:8:73:12 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:73:8:73:12 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:74:7:74:11 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:74:7:74:11 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:75:16:75:20 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:75:16:75:20 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:77:10:77:14 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:77:10:77:14 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:82:46:82:50 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:82:46:82:50 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:83:47:83:51 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:83:47:83:51 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:85:46:85:50 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:85:46:85:50 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:87:51:87:55 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:87:51:87:55 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:89:46:89:50 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:89:46:89:50 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:92:46:92:50 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:92:46:92:50 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:94:51:94:55 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:94:51:94:55 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:96:46:96:50 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:96:46:96:50 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:111:14:111:18 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:111:14:111:18 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:113:31:113:35 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:113:31:113:35 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:136:30:136:34 | query | -| mongoose.js:20:8:20:17 | query | mongoose.js:136:30:136:34 | query | -| mongoose.js:20:16:20:17 | {} | mongoose.js:20:8:20:17 | query | -| mongoose.js:21:16:21:23 | req.body | mongoose.js:21:16:21:29 | req.body.title | -| mongoose.js:21:16:21:23 | req.body | mongoose.js:21:16:21:29 | req.body.title | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:20:8:20:17 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:20:16:20:17 | {} | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:24:22:24:26 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:27:17:27:21 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:27:17:27:21 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:30:22:30:26 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:30:22:30:26 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:33:21:33:25 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:33:21:33:25 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:36:28:36:32 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:36:28:36:32 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:39:16:39:20 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:39:16:39:20 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:42:19:42:23 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:42:19:42:23 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:45:28:45:32 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:45:28:45:32 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:48:28:48:32 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:48:28:48:32 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:51:28:51:32 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:51:28:51:32 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:54:22:54:26 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:54:22:54:26 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:57:18:57:22 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:57:18:57:22 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:60:22:60:26 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:60:22:60:26 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:63:21:63:25 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:63:21:63:25 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:65:32:65:36 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:65:32:65:36 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:67:27:67:31 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:67:27:67:31 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:68:8:68:12 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:68:8:68:12 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:71:17:71:21 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:71:17:71:21 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:72:10:72:14 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:72:10:72:14 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:73:8:73:12 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:73:8:73:12 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:74:7:74:11 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:74:7:74:11 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:75:16:75:20 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:75:16:75:20 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:77:10:77:14 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:77:10:77:14 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:82:46:82:50 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:82:46:82:50 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:83:47:83:51 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:83:47:83:51 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:85:46:85:50 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:85:46:85:50 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:87:51:87:55 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:87:51:87:55 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:89:46:89:50 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:89:46:89:50 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:92:46:92:50 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:92:46:92:50 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:94:51:94:55 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:94:51:94:55 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:96:46:96:50 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:96:46:96:50 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:111:14:111:18 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:111:14:111:18 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:113:31:113:35 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:113:31:113:35 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:136:30:136:34 | query | -| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:136:30:136:34 | query | -| mongoose.js:24:22:24:26 | query | mongoose.js:24:21:24:27 | [query] | -| mongoose.js:24:22:24:26 | query | mongoose.js:24:21:24:27 | [query] | -| mongoose.js:115:6:115:22 | id | mongoose.js:123:20:123:21 | id | -| mongoose.js:115:6:115:22 | id | mongoose.js:123:20:123:21 | id | -| mongoose.js:115:6:115:22 | id | mongoose.js:130:23:130:24 | id | -| mongoose.js:115:11:115:22 | req.query.id | mongoose.js:115:6:115:22 | id | -| mongoose.js:115:11:115:22 | req.query.id | mongoose.js:115:6:115:22 | id | -| mongoose.js:115:25:115:45 | cond | mongoose.js:116:22:116:25 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:116:22:116:25 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:117:21:117:24 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:117:21:117:24 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:118:21:118:24 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:118:21:118:24 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:119:18:119:21 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:119:18:119:21 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:120:22:120:25 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:120:22:120:25 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:121:16:121:19 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:121:16:121:19 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:122:19:122:22 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:122:19:122:22 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:124:28:124:31 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:124:28:124:31 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:125:28:125:31 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:125:28:125:31 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:126:28:126:31 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:126:28:126:31 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:127:18:127:21 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:127:18:127:21 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:128:22:128:25 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:128:22:128:25 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:129:21:129:24 | cond | -| mongoose.js:115:25:115:45 | cond | mongoose.js:129:21:129:24 | cond | -| mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:115:25:115:45 | cond | -| mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:115:25:115:45 | cond | -| mongoose.js:130:23:130:24 | id | mongoose.js:130:16:130:26 | { _id: id } | -| mongoose.js:130:23:130:24 | id | mongoose.js:130:16:130:26 | { _id: id } | -| mongooseJsonParse.js:19:11:19:20 | query | mongooseJsonParse.js:23:19:23:23 | query | -| mongooseJsonParse.js:19:11:19:20 | query | mongooseJsonParse.js:23:19:23:23 | query | -| mongooseJsonParse.js:19:19:19:20 | {} | mongooseJsonParse.js:19:11:19:20 | query | -| mongooseJsonParse.js:20:19:20:44 | JSON.pa ... y.data) | mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | -| mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | mongooseJsonParse.js:19:11:19:20 | query | -| mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | mongooseJsonParse.js:19:19:19:20 | {} | -| mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | mongooseJsonParse.js:23:19:23:23 | query | -| mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | mongooseJsonParse.js:23:19:23:23 | query | -| mongooseJsonParse.js:20:30:20:43 | req.query.data | mongooseJsonParse.js:20:19:20:44 | JSON.pa ... y.data) | -| mongooseJsonParse.js:20:30:20:43 | req.query.data | mongooseJsonParse.js:20:19:20:44 | JSON.pa ... y.data) | -| mongooseModelClient.js:10:7:10:32 | v | mongooseModelClient.js:11:22:11:22 | v | -| mongooseModelClient.js:10:11:10:32 | JSON.pa ... body.x) | mongooseModelClient.js:10:7:10:32 | v | -| mongooseModelClient.js:10:22:10:29 | req.body | mongooseModelClient.js:10:22:10:31 | req.body.x | -| mongooseModelClient.js:10:22:10:29 | req.body | mongooseModelClient.js:10:22:10:31 | req.body.x | -| mongooseModelClient.js:10:22:10:31 | req.body.x | mongooseModelClient.js:10:11:10:32 | JSON.pa ... body.x) | -| mongooseModelClient.js:11:22:11:22 | v | mongooseModelClient.js:11:16:11:24 | { id: v } | -| mongooseModelClient.js:11:22:11:22 | v | mongooseModelClient.js:11:16:11:24 | { id: v } | -| mongooseModelClient.js:12:22:12:29 | req.body | mongooseModelClient.js:12:22:12:32 | req.body.id | -| mongooseModelClient.js:12:22:12:29 | req.body | mongooseModelClient.js:12:22:12:32 | req.body.id | -| mongooseModelClient.js:12:22:12:32 | req.body.id | mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | -| mongooseModelClient.js:12:22:12:32 | req.body.id | mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | -| mysql.js:6:9:6:31 | temp | mysql.js:15:62:15:65 | temp | -| mysql.js:6:9:6:31 | temp | mysql.js:19:70:19:73 | temp | -| mysql.js:6:16:6:31 | req.params.value | mysql.js:6:9:6:31 | temp | -| mysql.js:6:16:6:31 | req.params.value | mysql.js:6:9:6:31 | temp | -| mysql.js:15:62:15:65 | temp | mysql.js:15:18:15:65 | 'SELECT ... + temp | -| mysql.js:15:62:15:65 | temp | mysql.js:15:18:15:65 | 'SELECT ... + temp | -| mysql.js:19:70:19:73 | temp | mysql.js:19:26:19:73 | 'SELECT ... + temp | -| mysql.js:19:70:19:73 | temp | mysql.js:19:26:19:73 | 'SELECT ... + temp | -| pg-promise-types.ts:7:9:7:28 | taint | pg-promise-types.ts:8:17:8:21 | taint | -| pg-promise-types.ts:7:9:7:28 | taint | pg-promise-types.ts:8:17:8:21 | taint | -| pg-promise-types.ts:7:17:7:28 | req.params.x | pg-promise-types.ts:7:9:7:28 | taint | -| pg-promise-types.ts:7:17:7:28 | req.params.x | pg-promise-types.ts:7:9:7:28 | taint | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:9:10:9:14 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:9:10:9:14 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:10:11:10:15 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:10:11:10:15 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:11:17:11:21 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:11:17:11:21 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:12:10:12:14 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:12:10:12:14 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:13:12:13:16 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:13:12:13:16 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:14:18:14:22 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:14:18:14:22 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:15:11:15:15 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:15:11:15:15 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:16:10:16:14 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:16:10:16:14 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:17:16:17:20 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:17:16:17:20 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:18:12:18:16 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:18:12:18:16 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:19:13:19:17 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:19:13:19:17 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:22:11:22:15 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:22:11:22:15 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:60:20:60:24 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:60:20:60:24 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:63:23:63:27 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:63:23:63:27 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:64:16:64:20 | query | -| pg-promise.js:6:7:7:55 | query | pg-promise.js:64:16:64:20 | query | -| pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | pg-promise.js:6:7:7:55 | query | -| pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | -| pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:6:15:7:55 | "SELECT ... PRICE" | -| pg-promise.js:30:13:30:25 | req.params.id | pg-promise.js:30:13:30:25 | req.params.id | -| pg-promise.js:34:13:34:25 | req.params.id | pg-promise.js:34:13:34:25 | req.params.id | -| pg-promise.js:39:7:39:19 | req.params.id | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | -| pg-promise.js:39:7:39:19 | req.params.id | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | -| pg-promise.js:39:7:39:19 | req.params.id | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | -| pg-promise.js:39:7:39:19 | req.params.id | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | -| pg-promise.js:39:7:39:19 | req.params.id | pg-promise.js:39:7:39:19 | req.params.id | -| pg-promise.js:40:7:40:21 | req.params.name | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | -| pg-promise.js:40:7:40:21 | req.params.name | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | -| pg-promise.js:40:7:40:21 | req.params.name | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | -| pg-promise.js:40:7:40:21 | req.params.name | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | -| pg-promise.js:40:7:40:21 | req.params.name | pg-promise.js:40:7:40:21 | req.params.name | -| pg-promise.js:41:7:41:20 | req.params.foo | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | -| pg-promise.js:41:7:41:20 | req.params.foo | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | -| pg-promise.js:41:7:41:20 | req.params.foo | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | -| pg-promise.js:41:7:41:20 | req.params.foo | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | -| pg-promise.js:47:11:47:23 | req.params.id | pg-promise.js:47:11:47:23 | req.params.id | -| pg-promise.js:54:11:54:23 | req.params.id | pg-promise.js:54:11:54:23 | req.params.id | -| pg-promise.js:56:14:56:29 | req.params.title | pg-promise.js:56:14:56:29 | req.params.title | -| redis.js:10:16:10:23 | req.body | redis.js:10:16:10:27 | req.body.key | -| redis.js:10:16:10:23 | req.body | redis.js:10:16:10:27 | req.body.key | -| redis.js:10:16:10:23 | req.body | redis.js:10:16:10:27 | req.body.key | -| redis.js:10:16:10:23 | req.body | redis.js:10:16:10:27 | req.body.key | -| redis.js:12:9:12:26 | key | redis.js:18:16:18:18 | key | -| redis.js:12:9:12:26 | key | redis.js:18:16:18:18 | key | -| redis.js:12:9:12:26 | key | redis.js:19:43:19:45 | key | -| redis.js:12:9:12:26 | key | redis.js:19:43:19:45 | key | -| redis.js:12:9:12:26 | key | redis.js:25:14:25:16 | key | -| redis.js:12:9:12:26 | key | redis.js:25:14:25:16 | key | -| redis.js:12:9:12:26 | key | redis.js:30:23:30:25 | key | -| redis.js:12:9:12:26 | key | redis.js:30:23:30:25 | key | -| redis.js:12:9:12:26 | key | redis.js:32:28:32:30 | key | -| redis.js:12:9:12:26 | key | redis.js:32:28:32:30 | key | -| redis.js:12:15:12:22 | req.body | redis.js:12:15:12:26 | req.body.key | -| redis.js:12:15:12:22 | req.body | redis.js:12:15:12:26 | req.body.key | -| redis.js:12:15:12:26 | req.body.key | redis.js:12:9:12:26 | key | -| redis.js:38:11:38:28 | key | redis.js:39:16:39:18 | key | -| redis.js:38:11:38:28 | key | redis.js:39:16:39:18 | key | -| redis.js:38:11:38:28 | key | redis.js:43:27:43:29 | key | -| redis.js:38:11:38:28 | key | redis.js:43:27:43:29 | key | -| redis.js:38:11:38:28 | key | redis.js:46:34:46:36 | key | -| redis.js:38:11:38:28 | key | redis.js:46:34:46:36 | key | -| redis.js:38:17:38:24 | req.body | redis.js:38:17:38:28 | req.body.key | -| redis.js:38:17:38:24 | req.body | redis.js:38:17:38:28 | req.body.key | -| redis.js:38:17:38:28 | req.body.key | redis.js:38:11:38:28 | key | -| socketio.js:10:25:10:30 | handle | socketio.js:11:46:11:51 | handle | -| socketio.js:10:25:10:30 | handle | socketio.js:11:46:11:51 | handle | -| socketio.js:11:46:11:51 | handle | socketio.js:11:12:11:53 | `INSERT ... andle}` | -| socketio.js:11:46:11:51 | handle | socketio.js:11:12:11:53 | `INSERT ... andle}` | -| tst2.js:9:66:9:78 | req.params.id | tst2.js:9:27:9:84 | "select ... d + "'" | -| tst2.js:9:66:9:78 | req.params.id | tst2.js:9:27:9:84 | "select ... d + "'" | -| tst2.js:9:66:9:78 | req.params.id | tst2.js:9:27:9:84 | "select ... d + "'" | -| tst2.js:9:66:9:78 | req.params.id | tst2.js:9:27:9:84 | "select ... d + "'" | -| tst3.js:7:7:8:55 | query1 | tst3.js:9:14:9:19 | query1 | -| tst3.js:7:7:8:55 | query1 | tst3.js:9:14:9:19 | query1 | -| tst3.js:7:16:8:55 | "SELECT ... PRICE" | tst3.js:7:7:8:55 | query1 | -| tst3.js:8:16:8:34 | req.params.category | tst3.js:7:16:8:55 | "SELECT ... PRICE" | -| tst3.js:8:16:8:34 | req.params.category | tst3.js:7:16:8:55 | "SELECT ... PRICE" | -| tst4.js:8:46:8:60 | $routeParams.id | tst4.js:8:10:8:66 | 'SELECT ... d + '"' | -| tst4.js:8:46:8:60 | $routeParams.id | tst4.js:8:10:8:66 | 'SELECT ... d + '"' | -| tst4.js:8:46:8:60 | $routeParams.id | tst4.js:8:10:8:66 | 'SELECT ... d + '"' | -| tst4.js:8:46:8:60 | $routeParams.id | tst4.js:8:10:8:66 | 'SELECT ... d + '"' | -| tst.js:10:46:10:58 | req.params.id | tst.js:10:10:10:64 | 'SELECT ... d + '"' | -| tst.js:10:46:10:58 | req.params.id | tst.js:10:10:10:64 | 'SELECT ... d + '"' | -| tst.js:10:46:10:58 | req.params.id | tst.js:10:10:10:64 | 'SELECT ... d + '"' | -| tst.js:10:46:10:58 | req.params.id | tst.js:10:10:10:64 | 'SELECT ... d + '"' | +| graphql.js:8:11:8:28 | id | graphql.js:12:46:12:47 | id | provenance | | +| graphql.js:8:16:8:28 | req.params.id | graphql.js:8:11:8:28 | id | provenance | | +| graphql.js:12:46:12:47 | id | graphql.js:10:34:20:5 | `\\n ... }\\n ` | provenance | | +| graphql.js:26:11:26:28 | id | graphql.js:27:37:27:38 | id | provenance | | +| graphql.js:26:11:26:28 | id | graphql.js:30:39:30:40 | id | provenance | | +| graphql.js:26:11:26:28 | id | graphql.js:33:25:33:26 | id | provenance | | +| graphql.js:26:16:26:28 | req.params.id | graphql.js:26:11:26:28 | id | provenance | | +| graphql.js:27:37:27:38 | id | graphql.js:27:30:27:40 | `foo ${id}` | provenance | | +| graphql.js:30:39:30:40 | id | graphql.js:30:32:30:42 | `foo ${id}` | provenance | | +| graphql.js:33:25:33:26 | id | graphql.js:33:18:33:28 | `foo ${id}` | provenance | | +| graphql.js:39:11:39:28 | id | graphql.js:44:21:44:22 | id | provenance | | +| graphql.js:39:11:39:28 | id | graphql.js:48:51:48:52 | id | provenance | | +| graphql.js:39:16:39:28 | req.params.id | graphql.js:39:11:39:28 | id | provenance | | +| graphql.js:44:21:44:22 | id | graphql.js:44:14:44:24 | `foo ${id}` | provenance | | +| graphql.js:48:51:48:52 | id | graphql.js:48:44:48:54 | `foo ${id}` | provenance | | +| graphql.js:55:11:55:28 | id | graphql.js:56:46:56:47 | id | provenance | | +| graphql.js:55:11:55:28 | id | graphql.js:58:73:58:74 | id | provenance | | +| graphql.js:55:16:55:28 | req.params.id | graphql.js:55:11:55:28 | id | provenance | | +| graphql.js:56:46:56:47 | id | graphql.js:56:39:56:49 | `foo ${id}` | provenance | | +| graphql.js:58:73:58:74 | id | graphql.js:58:66:58:76 | `foo ${id}` | provenance | | +| graphql.js:74:9:74:25 | id | graphql.js:75:56:75:57 | id | provenance | | +| graphql.js:74:9:74:25 | id | graphql.js:88:13:88:14 | id | provenance | | +| graphql.js:74:14:74:25 | req.query.id | graphql.js:74:9:74:25 | id | provenance | | +| graphql.js:75:56:75:57 | id | graphql.js:75:46:75:64 | "{ foo" + id + " }" | provenance | | +| graphql.js:88:13:88:14 | id | graphql.js:84:14:90:8 | `{\\n ... }` | provenance | | +| graphql.js:119:11:119:28 | id | graphql.js:120:45:120:46 | id | provenance | | +| graphql.js:119:16:119:28 | req.params.id | graphql.js:119:11:119:28 | id | provenance | | +| graphql.js:120:45:120:46 | id | graphql.js:120:38:120:48 | `foo ${id}` | provenance | | +| html-sanitizer.js:13:39:13:44 | param1 | html-sanitizer.js:14:18:14:23 | param1 | provenance | | +| html-sanitizer.js:14:5:14:24 | param1 | html-sanitizer.js:16:54:16:59 | param1 | provenance | | +| html-sanitizer.js:14:14:14:24 | xss(param1) | html-sanitizer.js:14:5:14:24 | param1 | provenance | | +| html-sanitizer.js:14:18:14:23 | param1 | html-sanitizer.js:14:14:14:24 | xss(param1) | provenance | Config | +| html-sanitizer.js:16:54:16:59 | param1 | html-sanitizer.js:16:9:16:59 | `SELECT ... param1 | provenance | | +| json-schema-validator.js:25:15:25:48 | query | json-schema-validator.js:33:22:33:26 | query | provenance | | +| json-schema-validator.js:25:15:25:48 | query | json-schema-validator.js:35:18:35:22 | query | provenance | | +| json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | json-schema-validator.js:25:15:25:48 | query | provenance | | +| json-schema-validator.js:25:34:25:47 | req.query.data | json-schema-validator.js:25:23:25:48 | JSON.pa ... y.data) | provenance | Config | +| json-schema-validator.js:50:15:50:48 | query | json-schema-validator.js:55:22:55:26 | query | provenance | | +| json-schema-validator.js:50:15:50:48 | query | json-schema-validator.js:59:22:59:26 | query | provenance | | +| json-schema-validator.js:50:15:50:48 | query | json-schema-validator.js:61:22:61:26 | query | provenance | | +| json-schema-validator.js:50:23:50:48 | JSON.pa ... y.data) | json-schema-validator.js:50:15:50:48 | query | provenance | | +| json-schema-validator.js:50:34:50:47 | req.query.data | json-schema-validator.js:50:23:50:48 | JSON.pa ... y.data) | provenance | Config | +| koarouter.js:5:11:5:33 | version | koarouter.js:14:38:14:44 | version | provenance | | +| koarouter.js:5:13:5:19 | version | koarouter.js:5:11:5:33 | version | provenance | | +| koarouter.js:11:11:11:28 | conditions | koarouter.js:17:52:17:61 | conditions | provenance | | +| koarouter.js:14:9:14:18 | [post update] conditions | koarouter.js:11:11:11:28 | conditions | provenance | | +| koarouter.js:14:25:14:46 | `versio ... rsion}` | koarouter.js:14:9:14:18 | [post update] conditions | provenance | | +| koarouter.js:14:38:14:44 | version | koarouter.js:14:25:14:46 | `versio ... rsion}` | provenance | | +| koarouter.js:17:52:17:61 | conditions | koarouter.js:17:52:17:75 | conditi ... and ') | provenance | | +| koarouter.js:17:52:17:75 | conditi ... and ') | koarouter.js:17:27:17:77 | `SELECT ... nd ')}` | provenance | | +| ldap.js:20:7:20:34 | q | ldap.js:22:18:22:18 | q | provenance | | +| ldap.js:20:11:20:34 | url.par ... , true) | ldap.js:20:7:20:34 | q | provenance | | +| ldap.js:20:21:20:27 | req.url | ldap.js:20:11:20:34 | url.par ... , true) | provenance | | +| ldap.js:22:7:22:33 | username | ldap.js:25:24:25:31 | username | provenance | | +| ldap.js:22:7:22:33 | username | ldap.js:25:46:25:53 | username | provenance | | +| ldap.js:22:7:22:33 | username | ldap.js:32:26:32:33 | username | provenance | | +| ldap.js:22:7:22:33 | username | ldap.js:32:48:32:55 | username | provenance | | +| ldap.js:22:7:22:33 | username | ldap.js:64:16:64:23 | username | provenance | | +| ldap.js:22:7:22:33 | username | ldap.js:64:38:64:45 | username | provenance | | +| ldap.js:22:7:22:33 | username | ldap.js:68:33:68:40 | username | provenance | | +| ldap.js:22:18:22:18 | q | ldap.js:22:7:22:33 | username | provenance | | +| ldap.js:25:13:25:57 | `(\|(nam ... ame}))` | ldap.js:28:30:28:34 | opts1 | provenance | Config | +| ldap.js:25:24:25:31 | username | ldap.js:25:13:25:57 | `(\|(nam ... ame}))` | provenance | | +| ldap.js:25:46:25:53 | username | ldap.js:25:13:25:57 | `(\|(nam ... ame}))` | provenance | | +| ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | ldap.js:32:5:32:61 | { filte ... e}))` } | provenance | Config | +| ldap.js:32:26:32:33 | username | ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | provenance | | +| ldap.js:32:48:32:55 | username | ldap.js:32:15:32:59 | `(\|(nam ... ame}))` | provenance | | +| ldap.js:63:9:65:3 | parsedFilter | ldap.js:66:40:66:51 | parsedFilter | provenance | | +| ldap.js:63:24:65:3 | ldap.pa ... ))`\\n ) | ldap.js:63:9:65:3 | parsedFilter | provenance | | +| ldap.js:64:5:64:49 | `(\|(nam ... ame}))` | ldap.js:63:24:65:3 | ldap.pa ... ))`\\n ) | provenance | Config | +| ldap.js:64:16:64:23 | username | ldap.js:64:5:64:49 | `(\|(nam ... ame}))` | provenance | | +| ldap.js:64:38:64:45 | username | ldap.js:64:5:64:49 | `(\|(nam ... ame}))` | provenance | | +| ldap.js:66:40:66:51 | parsedFilter | ldap.js:66:30:66:53 | { filte ... ilter } | provenance | Config | +| ldap.js:68:33:68:40 | username | ldap.js:68:27:68:42 | `cn=${username}` | provenance | | +| marsdb-flow-to.js:10:9:10:18 | query | marsdb-flow-to.js:14:17:14:21 | query | provenance | | +| marsdb-flow-to.js:10:17:10:18 | {} | marsdb-flow-to.js:10:9:10:18 | query | provenance | | +| marsdb-flow-to.js:11:17:11:24 | req.body | marsdb-flow-to.js:11:17:11:30 | req.body.title | provenance | Config | +| marsdb-flow-to.js:11:17:11:30 | req.body.title | marsdb-flow-to.js:10:9:10:18 | query | provenance | Config | +| marsdb-flow-to.js:11:17:11:30 | req.body.title | marsdb-flow-to.js:10:17:10:18 | {} | provenance | Config | +| marsdb-flow-to.js:11:17:11:30 | req.body.title | marsdb-flow-to.js:14:17:14:21 | query | provenance | Config | +| marsdb.js:12:9:12:18 | query | marsdb.js:16:12:16:16 | query | provenance | | +| marsdb.js:12:17:12:18 | {} | marsdb.js:12:9:12:18 | query | provenance | | +| marsdb.js:13:17:13:24 | req.body | marsdb.js:13:17:13:30 | req.body.title | provenance | Config | +| marsdb.js:13:17:13:30 | req.body.title | marsdb.js:12:9:12:18 | query | provenance | Config | +| marsdb.js:13:17:13:30 | req.body.title | marsdb.js:12:17:12:18 | {} | provenance | Config | +| marsdb.js:13:17:13:30 | req.body.title | marsdb.js:16:12:16:16 | query | provenance | Config | +| minimongo.js:14:9:14:18 | query | minimongo.js:18:12:18:16 | query | provenance | | +| minimongo.js:14:17:14:18 | {} | minimongo.js:14:9:14:18 | query | provenance | | +| minimongo.js:15:17:15:24 | req.body | minimongo.js:15:17:15:30 | req.body.title | provenance | Config | +| minimongo.js:15:17:15:30 | req.body.title | minimongo.js:14:9:14:18 | query | provenance | Config | +| minimongo.js:15:17:15:30 | req.body.title | minimongo.js:14:17:14:18 | {} | provenance | Config | +| minimongo.js:15:17:15:30 | req.body.title | minimongo.js:18:12:18:16 | query | provenance | Config | +| mongodb.js:12:11:12:20 | query | mongodb.js:13:5:13:9 | query | provenance | | +| mongodb.js:12:19:12:20 | {} | mongodb.js:12:11:12:20 | query | provenance | | +| mongodb.js:13:5:13:9 | query | mongodb.js:18:16:18:20 | query | provenance | | +| mongodb.js:13:19:13:26 | req.body | mongodb.js:13:19:13:32 | req.body.title | provenance | Config | +| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:12:11:12:20 | query | provenance | Config | +| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:12:19:12:20 | {} | provenance | Config | +| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:13:5:13:9 | query | provenance | Config | +| mongodb.js:13:19:13:32 | req.body.title | mongodb.js:18:16:18:20 | query | provenance | Config | +| mongodb.js:26:11:26:32 | title | mongodb.js:32:38:32:42 | title | provenance | | +| mongodb.js:26:19:26:26 | req.body | mongodb.js:26:19:26:32 | req.body.title | provenance | Config | +| mongodb.js:26:19:26:32 | req.body.title | mongodb.js:26:11:26:32 | title | provenance | | +| mongodb.js:32:27:32:43 | JSON.parse(title) | mongodb.js:32:18:32:45 | { title ... itle) } | provenance | Config | +| mongodb.js:32:38:32:42 | title | mongodb.js:32:27:32:43 | JSON.parse(title) | provenance | Config | +| mongodb.js:48:11:48:20 | query | mongodb.js:49:5:49:9 | query | provenance | | +| mongodb.js:48:19:48:20 | {} | mongodb.js:48:11:48:20 | query | provenance | | +| mongodb.js:49:5:49:9 | query | mongodb.js:54:16:54:20 | query | provenance | | +| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:48:11:48:20 | query | provenance | Config | +| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:48:19:48:20 | {} | provenance | Config | +| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:49:5:49:9 | query | provenance | Config | +| mongodb.js:49:19:49:33 | req.query.title | mongodb.js:54:16:54:20 | query | provenance | Config | +| mongodb.js:59:8:59:17 | query | mongodb.js:60:2:60:6 | query | provenance | | +| mongodb.js:59:16:59:17 | {} | mongodb.js:59:8:59:17 | query | provenance | | +| mongodb.js:60:2:60:6 | query | mongodb.js:65:12:65:16 | query | provenance | | +| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:59:8:59:17 | query | provenance | Config | +| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:59:16:59:17 | {} | provenance | Config | +| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:60:2:60:6 | query | provenance | Config | +| mongodb.js:60:16:60:30 | req.query.title | mongodb.js:65:12:65:16 | query | provenance | Config | +| mongodb.js:70:7:70:25 | tag | mongodb.js:77:22:77:24 | tag | provenance | | +| mongodb.js:70:7:70:25 | tag | mongodb.js:85:20:85:22 | tag | provenance | | +| mongodb.js:70:13:70:25 | req.query.tag | mongodb.js:70:7:70:25 | tag | provenance | | +| mongodb.js:77:22:77:24 | tag | mongodb.js:77:14:77:26 | { tags: tag } | provenance | Config | +| mongodb.js:85:20:85:22 | tag | mongodb.js:85:12:85:24 | { tags: tag } | provenance | Config | +| mongodb.js:106:9:106:18 | query | mongodb.js:107:3:107:7 | query | provenance | | +| mongodb.js:106:17:106:18 | {} | mongodb.js:106:9:106:18 | query | provenance | | +| mongodb.js:107:3:107:7 | query | mongodb.js:112:14:112:18 | query | provenance | | +| mongodb.js:107:17:107:29 | queries.title | mongodb.js:106:9:106:18 | query | provenance | Config | +| mongodb.js:107:17:107:29 | queries.title | mongodb.js:106:17:106:18 | {} | provenance | Config | +| mongodb.js:107:17:107:29 | queries.title | mongodb.js:107:3:107:7 | query | provenance | Config | +| mongodb.js:107:17:107:29 | queries.title | mongodb.js:112:14:112:18 | query | provenance | Config | +| mongodb_bodySafe.js:23:11:23:20 | query | mongodb_bodySafe.js:24:5:24:9 | query | provenance | | +| mongodb_bodySafe.js:23:19:23:20 | {} | mongodb_bodySafe.js:23:11:23:20 | query | provenance | | +| mongodb_bodySafe.js:24:5:24:9 | query | mongodb_bodySafe.js:29:16:29:20 | query | provenance | | +| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:23:11:23:20 | query | provenance | Config | +| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:23:19:23:20 | {} | provenance | Config | +| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:24:5:24:9 | query | provenance | Config | +| mongodb_bodySafe.js:24:19:24:33 | req.query.title | mongodb_bodySafe.js:29:16:29:20 | query | provenance | Config | +| mongoose.js:20:8:20:17 | query | mongoose.js:21:2:21:6 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:24:22:24:26 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:27:17:27:21 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:30:22:30:26 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:33:21:33:25 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:36:28:36:32 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:39:16:39:20 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:42:19:42:23 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:45:28:45:32 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:48:28:48:32 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:51:28:51:32 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:54:22:54:26 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:57:18:57:22 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:60:22:60:26 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:63:21:63:25 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:65:32:65:36 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:67:27:67:31 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:68:8:68:12 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:71:17:71:21 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:72:10:72:14 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:73:8:73:12 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:74:7:74:11 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:75:16:75:20 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:76:12:76:16 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:77:10:77:14 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:81:37:81:41 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:82:46:82:50 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:83:47:83:51 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:104:21:104:25 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:111:14:111:18 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:113:31:113:35 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:133:38:133:42 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:134:30:134:34 | query | provenance | | +| mongoose.js:20:8:20:17 | query | mongoose.js:136:30:136:34 | query | provenance | | +| mongoose.js:20:16:20:17 | {} | mongoose.js:20:8:20:17 | query | provenance | | +| mongoose.js:21:2:21:6 | query | mongoose.js:24:22:24:26 | query | provenance | | +| mongoose.js:21:16:21:23 | req.body | mongoose.js:21:16:21:29 | req.body.title | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:20:8:20:17 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:20:16:20:17 | {} | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:21:2:21:6 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:24:22:24:26 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:27:17:27:21 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:30:22:30:26 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:33:21:33:25 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:36:28:36:32 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:39:16:39:20 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:42:19:42:23 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:45:28:45:32 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:48:28:48:32 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:51:28:51:32 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:54:22:54:26 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:57:18:57:22 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:60:22:60:26 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:63:21:63:25 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:65:32:65:36 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:67:27:67:31 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:68:8:68:12 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:71:17:71:21 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:72:10:72:14 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:73:8:73:12 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:74:7:74:11 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:75:16:75:20 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:76:12:76:16 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:77:10:77:14 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:81:37:81:41 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:82:46:82:50 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:83:47:83:51 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:85:46:85:50 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:87:51:87:55 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:89:46:89:50 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:92:46:92:50 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:94:51:94:55 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:96:46:96:50 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:104:21:104:25 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:111:14:111:18 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:113:31:113:35 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:133:38:133:42 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:134:30:134:34 | query | provenance | Config | +| mongoose.js:21:16:21:29 | req.body.title | mongoose.js:136:30:136:34 | query | provenance | Config | +| mongoose.js:24:22:24:26 | query | mongoose.js:24:21:24:27 | [query] | provenance | Config | +| mongoose.js:24:22:24:26 | query | mongoose.js:27:17:27:21 | query | provenance | | +| mongoose.js:27:17:27:21 | query | mongoose.js:30:22:30:26 | query | provenance | | +| mongoose.js:30:22:30:26 | query | mongoose.js:33:21:33:25 | query | provenance | | +| mongoose.js:33:21:33:25 | query | mongoose.js:36:28:36:32 | query | provenance | | +| mongoose.js:36:28:36:32 | query | mongoose.js:39:16:39:20 | query | provenance | | +| mongoose.js:39:16:39:20 | query | mongoose.js:42:19:42:23 | query | provenance | | +| mongoose.js:42:19:42:23 | query | mongoose.js:45:28:45:32 | query | provenance | | +| mongoose.js:45:28:45:32 | query | mongoose.js:48:28:48:32 | query | provenance | | +| mongoose.js:48:28:48:32 | query | mongoose.js:51:28:51:32 | query | provenance | | +| mongoose.js:51:28:51:32 | query | mongoose.js:54:22:54:26 | query | provenance | | +| mongoose.js:54:22:54:26 | query | mongoose.js:57:18:57:22 | query | provenance | | +| mongoose.js:57:18:57:22 | query | mongoose.js:60:22:60:26 | query | provenance | | +| mongoose.js:60:22:60:26 | query | mongoose.js:63:21:63:25 | query | provenance | | +| mongoose.js:63:21:63:25 | query | mongoose.js:65:32:65:36 | query | provenance | | +| mongoose.js:65:32:65:36 | query | mongoose.js:67:27:67:31 | query | provenance | | +| mongoose.js:67:27:67:31 | query | mongoose.js:68:8:68:12 | query | provenance | | +| mongoose.js:68:8:68:12 | query | mongoose.js:71:17:71:21 | query | provenance | | +| mongoose.js:71:17:71:21 | query | mongoose.js:72:10:72:14 | query | provenance | | +| mongoose.js:72:10:72:14 | query | mongoose.js:73:8:73:12 | query | provenance | | +| mongoose.js:73:8:73:12 | query | mongoose.js:74:7:74:11 | query | provenance | | +| mongoose.js:74:7:74:11 | query | mongoose.js:75:16:75:20 | query | provenance | | +| mongoose.js:75:16:75:20 | query | mongoose.js:76:12:76:16 | query | provenance | | +| mongoose.js:76:12:76:16 | query | mongoose.js:77:10:77:14 | query | provenance | | +| mongoose.js:77:10:77:14 | query | mongoose.js:81:37:81:41 | query | provenance | | +| mongoose.js:81:37:81:41 | query | mongoose.js:82:46:82:50 | query | provenance | | +| mongoose.js:82:46:82:50 | query | mongoose.js:83:47:83:51 | query | provenance | | +| mongoose.js:83:47:83:51 | query | mongoose.js:85:46:85:50 | query | provenance | | +| mongoose.js:83:47:83:51 | query | mongoose.js:87:51:87:55 | query | provenance | | +| mongoose.js:83:47:83:51 | query | mongoose.js:89:46:89:50 | query | provenance | | +| mongoose.js:83:47:83:51 | query | mongoose.js:92:46:92:50 | query | provenance | | +| mongoose.js:83:47:83:51 | query | mongoose.js:94:51:94:55 | query | provenance | | +| mongoose.js:83:47:83:51 | query | mongoose.js:96:46:96:50 | query | provenance | | +| mongoose.js:83:47:83:51 | query | mongoose.js:104:21:104:25 | query | provenance | | +| mongoose.js:104:21:104:25 | query | mongoose.js:111:14:111:18 | query | provenance | | +| mongoose.js:111:14:111:18 | query | mongoose.js:113:31:113:35 | query | provenance | | +| mongoose.js:113:31:113:35 | query | mongoose.js:133:38:133:42 | query | provenance | | +| mongoose.js:115:6:115:22 | id | mongoose.js:123:20:123:21 | id | provenance | | +| mongoose.js:115:6:115:22 | id | mongoose.js:130:23:130:24 | id | provenance | | +| mongoose.js:115:11:115:22 | req.query.id | mongoose.js:115:6:115:22 | id | provenance | | +| mongoose.js:115:25:115:45 | cond | mongoose.js:116:22:116:25 | cond | provenance | | +| mongoose.js:115:25:115:45 | cond | mongoose.js:117:21:117:24 | cond | provenance | | +| mongoose.js:115:25:115:45 | cond | mongoose.js:118:21:118:24 | cond | provenance | | +| mongoose.js:115:25:115:45 | cond | mongoose.js:119:18:119:21 | cond | provenance | | +| mongoose.js:115:25:115:45 | cond | mongoose.js:120:22:120:25 | cond | provenance | | +| mongoose.js:115:25:115:45 | cond | mongoose.js:121:16:121:19 | cond | provenance | | +| mongoose.js:115:25:115:45 | cond | mongoose.js:122:19:122:22 | cond | provenance | | +| mongoose.js:115:25:115:45 | cond | mongoose.js:124:28:124:31 | cond | provenance | | +| mongoose.js:115:25:115:45 | cond | mongoose.js:125:28:125:31 | cond | provenance | | +| mongoose.js:115:25:115:45 | cond | mongoose.js:126:28:126:31 | cond | provenance | | +| mongoose.js:115:25:115:45 | cond | mongoose.js:127:18:127:21 | cond | provenance | | +| mongoose.js:115:25:115:45 | cond | mongoose.js:128:22:128:25 | cond | provenance | | +| mongoose.js:115:25:115:45 | cond | mongoose.js:129:21:129:24 | cond | provenance | | +| mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:115:25:115:45 | cond | provenance | | +| mongoose.js:130:23:130:24 | id | mongoose.js:130:16:130:26 | { _id: id } | provenance | Config | +| mongoose.js:133:38:133:42 | query | mongoose.js:134:30:134:34 | query | provenance | | +| mongoose.js:133:38:133:42 | query | mongoose.js:136:30:136:34 | query | provenance | | +| mongooseJsonParse.js:19:11:19:20 | query | mongooseJsonParse.js:23:19:23:23 | query | provenance | | +| mongooseJsonParse.js:19:19:19:20 | {} | mongooseJsonParse.js:19:11:19:20 | query | provenance | | +| mongooseJsonParse.js:20:19:20:44 | JSON.pa ... y.data) | mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | provenance | Config | +| mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | mongooseJsonParse.js:19:11:19:20 | query | provenance | Config | +| mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | mongooseJsonParse.js:19:19:19:20 | {} | provenance | Config | +| mongooseJsonParse.js:20:19:20:50 | JSON.pa ... ).title | mongooseJsonParse.js:23:19:23:23 | query | provenance | Config | +| mongooseJsonParse.js:20:30:20:43 | req.query.data | mongooseJsonParse.js:20:19:20:44 | JSON.pa ... y.data) | provenance | Config | +| mongooseModelClient.js:10:7:10:32 | v | mongooseModelClient.js:11:22:11:22 | v | provenance | | +| mongooseModelClient.js:10:11:10:32 | JSON.pa ... body.x) | mongooseModelClient.js:10:7:10:32 | v | provenance | | +| mongooseModelClient.js:10:22:10:29 | req.body | mongooseModelClient.js:10:22:10:31 | req.body.x | provenance | Config | +| mongooseModelClient.js:10:22:10:31 | req.body.x | mongooseModelClient.js:10:11:10:32 | JSON.pa ... body.x) | provenance | Config | +| mongooseModelClient.js:11:22:11:22 | v | mongooseModelClient.js:11:16:11:24 | { id: v } | provenance | Config | +| mongooseModelClient.js:12:22:12:29 | req.body | mongooseModelClient.js:12:22:12:32 | req.body.id | provenance | Config | +| mongooseModelClient.js:12:22:12:32 | req.body.id | mongooseModelClient.js:12:16:12:34 | { id: req.body.id } | provenance | Config | +| mysql.js:6:9:6:31 | temp | mysql.js:15:62:15:65 | temp | provenance | | +| mysql.js:6:9:6:31 | temp | mysql.js:19:70:19:73 | temp | provenance | | +| mysql.js:6:16:6:31 | req.params.value | mysql.js:6:9:6:31 | temp | provenance | | +| mysql.js:15:62:15:65 | temp | mysql.js:15:18:15:65 | 'SELECT ... + temp | provenance | | +| mysql.js:19:70:19:73 | temp | mysql.js:19:26:19:73 | 'SELECT ... + temp | provenance | | +| pg-promise-types.ts:7:9:7:28 | taint | pg-promise-types.ts:8:17:8:21 | taint | provenance | | +| pg-promise-types.ts:7:17:7:28 | req.params.x | pg-promise-types.ts:7:9:7:28 | taint | provenance | | +| pg-promise.js:6:7:7:55 | query | pg-promise.js:9:10:9:14 | query | provenance | | +| pg-promise.js:6:7:7:55 | query | pg-promise.js:10:11:10:15 | query | provenance | | +| pg-promise.js:6:7:7:55 | query | pg-promise.js:11:17:11:21 | query | provenance | | +| pg-promise.js:6:7:7:55 | query | pg-promise.js:12:10:12:14 | query | provenance | | +| pg-promise.js:6:7:7:55 | query | pg-promise.js:13:12:13:16 | query | provenance | | +| pg-promise.js:6:7:7:55 | query | pg-promise.js:14:18:14:22 | query | provenance | | +| pg-promise.js:6:7:7:55 | query | pg-promise.js:15:11:15:15 | query | provenance | | +| pg-promise.js:6:7:7:55 | query | pg-promise.js:16:10:16:14 | query | provenance | | +| pg-promise.js:6:7:7:55 | query | pg-promise.js:17:16:17:20 | query | provenance | | +| pg-promise.js:6:7:7:55 | query | pg-promise.js:18:12:18:16 | query | provenance | | +| pg-promise.js:6:7:7:55 | query | pg-promise.js:19:13:19:17 | query | provenance | | +| pg-promise.js:6:7:7:55 | query | pg-promise.js:22:11:22:15 | query | provenance | | +| pg-promise.js:7:16:7:34 | req.params.category | pg-promise.js:6:7:7:55 | query | provenance | | +| pg-promise.js:9:10:9:14 | query | pg-promise.js:10:11:10:15 | query | provenance | | +| pg-promise.js:10:11:10:15 | query | pg-promise.js:11:17:11:21 | query | provenance | | +| pg-promise.js:11:17:11:21 | query | pg-promise.js:12:10:12:14 | query | provenance | | +| pg-promise.js:12:10:12:14 | query | pg-promise.js:13:12:13:16 | query | provenance | | +| pg-promise.js:13:12:13:16 | query | pg-promise.js:14:18:14:22 | query | provenance | | +| pg-promise.js:14:18:14:22 | query | pg-promise.js:15:11:15:15 | query | provenance | | +| pg-promise.js:15:11:15:15 | query | pg-promise.js:16:10:16:14 | query | provenance | | +| pg-promise.js:16:10:16:14 | query | pg-promise.js:17:16:17:20 | query | provenance | | +| pg-promise.js:17:16:17:20 | query | pg-promise.js:18:12:18:16 | query | provenance | | +| pg-promise.js:18:12:18:16 | query | pg-promise.js:19:13:19:17 | query | provenance | | +| pg-promise.js:19:13:19:17 | query | pg-promise.js:22:11:22:15 | query | provenance | | +| pg-promise.js:22:11:22:15 | query | pg-promise.js:60:20:60:24 | query | provenance | | +| pg-promise.js:22:11:22:15 | query | pg-promise.js:63:23:63:27 | query | provenance | | +| pg-promise.js:22:11:22:15 | query | pg-promise.js:64:16:64:20 | query | provenance | | +| pg-promise.js:39:7:39:19 | req.params.id | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | provenance | | +| pg-promise.js:40:7:40:21 | req.params.name | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | provenance | | +| pg-promise.js:41:7:41:20 | req.params.foo | pg-promise.js:38:13:42:5 | [\\n ... n\\n ] | provenance | | +| redis.js:10:16:10:23 | req.body | redis.js:10:16:10:27 | req.body.key | provenance | Config | +| redis.js:12:9:12:26 | key | redis.js:13:16:13:18 | key | provenance | | +| redis.js:12:9:12:26 | key | redis.js:18:16:18:18 | key | provenance | | +| redis.js:12:9:12:26 | key | redis.js:19:43:19:45 | key | provenance | | +| redis.js:12:9:12:26 | key | redis.js:25:14:25:16 | key | provenance | | +| redis.js:12:9:12:26 | key | redis.js:26:14:26:16 | key | provenance | | +| redis.js:12:9:12:26 | key | redis.js:32:28:32:30 | key | provenance | | +| redis.js:12:15:12:22 | req.body | redis.js:12:15:12:26 | req.body.key | provenance | Config | +| redis.js:12:15:12:26 | req.body.key | redis.js:12:9:12:26 | key | provenance | | +| redis.js:13:16:13:18 | key | redis.js:18:16:18:18 | key | provenance | | +| redis.js:18:16:18:18 | key | redis.js:19:43:19:45 | key | provenance | | +| redis.js:19:43:19:45 | key | redis.js:25:14:25:16 | key | provenance | | +| redis.js:25:14:25:16 | key | redis.js:26:14:26:16 | key | provenance | | +| redis.js:26:14:26:16 | key | redis.js:30:23:30:25 | key | provenance | | +| redis.js:26:14:26:16 | key | redis.js:32:28:32:30 | key | provenance | | +| redis.js:38:11:38:28 | key | redis.js:39:16:39:18 | key | provenance | | +| redis.js:38:11:38:28 | key | redis.js:43:27:43:29 | key | provenance | | +| redis.js:38:11:38:28 | key | redis.js:46:34:46:36 | key | provenance | | +| redis.js:38:17:38:24 | req.body | redis.js:38:17:38:28 | req.body.key | provenance | Config | +| redis.js:38:17:38:28 | req.body.key | redis.js:38:11:38:28 | key | provenance | | +| socketio.js:10:25:10:30 | handle | socketio.js:11:46:11:51 | handle | provenance | | +| socketio.js:11:46:11:51 | handle | socketio.js:11:12:11:53 | `INSERT ... andle}` | provenance | | +| tst2.js:9:66:9:78 | req.params.id | tst2.js:9:27:9:84 | "select ... d + "'" | provenance | | +| tst3.js:7:7:8:55 | query1 | tst3.js:9:14:9:19 | query1 | provenance | | +| tst3.js:8:16:8:34 | req.params.category | tst3.js:7:7:8:55 | query1 | provenance | | +| tst4.js:8:46:8:60 | $routeParams.id | tst4.js:8:10:8:66 | 'SELECT ... d + '"' | provenance | | +| tst.js:10:46:10:58 | req.params.id | tst.js:10:10:10:64 | 'SELECT ... d + '"' | provenance | | +subpaths #select | graphql.js:10:34:20:5 | `\\n ... }\\n ` | graphql.js:8:16:8:28 | req.params.id | graphql.js:10:34:20:5 | `\\n ... }\\n ` | This query string depends on a $@. | graphql.js:8:16:8:28 | req.params.id | user-provided value | | graphql.js:27:30:27:40 | `foo ${id}` | graphql.js:26:16:26:28 | req.params.id | graphql.js:27:30:27:40 | `foo ${id}` | This query string depends on a $@. | graphql.js:26:16:26:28 | req.params.id | user-provided value | @@ -951,6 +651,7 @@ edges | json-schema-validator.js:55:22:55:26 | query | json-schema-validator.js:50:34:50:47 | req.query.data | json-schema-validator.js:55:22:55:26 | query | This query object depends on a $@. | json-schema-validator.js:50:34:50:47 | req.query.data | user-provided value | | json-schema-validator.js:59:22:59:26 | query | json-schema-validator.js:50:34:50:47 | req.query.data | json-schema-validator.js:59:22:59:26 | query | This query object depends on a $@. | json-schema-validator.js:50:34:50:47 | req.query.data | user-provided value | | json-schema-validator.js:61:22:61:26 | query | json-schema-validator.js:50:34:50:47 | req.query.data | json-schema-validator.js:61:22:61:26 | query | This query object depends on a $@. | json-schema-validator.js:50:34:50:47 | req.query.data | user-provided value | +| koarouter.js:17:27:17:77 | `SELECT ... nd ')}` | koarouter.js:5:13:5:19 | version | koarouter.js:17:27:17:77 | `SELECT ... nd ')}` | This query string depends on a $@. | koarouter.js:5:13:5:19 | version | user-provided value | | ldap.js:28:30:28:34 | opts1 | ldap.js:20:21:20:27 | req.url | ldap.js:28:30:28:34 | opts1 | This query string depends on a $@. | ldap.js:20:21:20:27 | req.url | user-provided value | | ldap.js:32:5:32:61 | { filte ... e}))` } | ldap.js:20:21:20:27 | req.url | ldap.js:32:5:32:61 | { filte ... e}))` } | This query string depends on a $@. | ldap.js:20:21:20:27 | req.url | user-provided value | | ldap.js:66:30:66:53 | { filte ... ilter } | ldap.js:20:21:20:27 | req.url | ldap.js:66:30:66:53 | { filte ... ilter } | This query string depends on a $@. | ldap.js:20:21:20:27 | req.url | user-provided value | @@ -1014,6 +715,7 @@ edges | mongoose.js:128:22:128:25 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:128:22:128:25 | cond | This query object depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value | | mongoose.js:129:21:129:24 | cond | mongoose.js:115:32:115:45 | req.query.cond | mongoose.js:129:21:129:24 | cond | This query object depends on a $@. | mongoose.js:115:32:115:45 | req.query.cond | user-provided value | | mongoose.js:130:16:130:26 | { _id: id } | mongoose.js:115:11:115:22 | req.query.id | mongoose.js:130:16:130:26 | { _id: id } | This query object depends on a $@. | mongoose.js:115:11:115:22 | req.query.id | user-provided value | +| mongoose.js:134:30:134:34 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:134:30:134:34 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value | | mongoose.js:136:30:136:34 | query | mongoose.js:21:16:21:23 | req.body | mongoose.js:136:30:136:34 | query | This query object depends on a $@. | mongoose.js:21:16:21:23 | req.body | user-provided value | | mongooseJsonParse.js:23:19:23:23 | query | mongooseJsonParse.js:20:30:20:43 | req.query.data | mongooseJsonParse.js:23:19:23:23 | query | This query object depends on a $@. | mongooseJsonParse.js:20:30:20:43 | req.query.data | user-provided value | | mongooseModelClient.js:11:16:11:24 | { id: v } | mongooseModelClient.js:10:22:10:29 | req.body | mongooseModelClient.js:11:16:11:24 | { id: v } | This query object depends on a $@. | mongooseModelClient.js:10:22:10:29 | req.body | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/CodeInjection.expected b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/CodeInjection.expected index 1193c5e33bce..e536c54dbd2f 100644 --- a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/CodeInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/CodeInjection.expected @@ -1,335 +1,133 @@ -nodes -| NoSQLCodeInjection.js:18:24:18:31 | req.body | -| NoSQLCodeInjection.js:18:24:18:31 | req.body | -| NoSQLCodeInjection.js:18:24:18:37 | req.body.query | -| NoSQLCodeInjection.js:18:24:18:37 | req.body.query | -| NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | -| NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | -| NoSQLCodeInjection.js:19:36:19:43 | req.body | -| NoSQLCodeInjection.js:19:36:19:43 | req.body | -| NoSQLCodeInjection.js:19:36:19:48 | req.body.name | -| NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | -| NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | -| NoSQLCodeInjection.js:22:36:22:43 | req.body | -| NoSQLCodeInjection.js:22:36:22:43 | req.body | -| NoSQLCodeInjection.js:22:36:22:48 | req.body.name | -| actions.js:4:10:4:50 | github. ... message | -| actions.js:4:10:4:50 | github. ... message | -| actions.js:4:10:4:50 | github. ... message | -| angularjs.js:10:22:10:36 | location.search | -| angularjs.js:10:22:10:36 | location.search | -| angularjs.js:10:22:10:36 | location.search | -| angularjs.js:13:23:13:37 | location.search | -| angularjs.js:13:23:13:37 | location.search | -| angularjs.js:13:23:13:37 | location.search | -| angularjs.js:16:28:16:42 | location.search | -| angularjs.js:16:28:16:42 | location.search | -| angularjs.js:16:28:16:42 | location.search | -| angularjs.js:19:22:19:36 | location.search | -| angularjs.js:19:22:19:36 | location.search | -| angularjs.js:19:22:19:36 | location.search | -| angularjs.js:22:27:22:41 | location.search | -| angularjs.js:22:27:22:41 | location.search | -| angularjs.js:22:27:22:41 | location.search | -| angularjs.js:25:23:25:37 | location.search | -| angularjs.js:25:23:25:37 | location.search | -| angularjs.js:25:23:25:37 | location.search | -| angularjs.js:28:33:28:47 | location.search | -| angularjs.js:28:33:28:47 | location.search | -| angularjs.js:28:33:28:47 | location.search | -| angularjs.js:31:28:31:42 | location.search | -| angularjs.js:31:28:31:42 | location.search | -| angularjs.js:31:28:31:42 | location.search | -| angularjs.js:34:18:34:32 | location.search | -| angularjs.js:34:18:34:32 | location.search | -| angularjs.js:34:18:34:32 | location.search | -| angularjs.js:40:18:40:32 | location.search | -| angularjs.js:40:18:40:32 | location.search | -| angularjs.js:40:18:40:32 | location.search | -| angularjs.js:44:17:44:31 | location.search | -| angularjs.js:44:17:44:31 | location.search | -| angularjs.js:44:17:44:31 | location.search | -| angularjs.js:47:16:47:30 | location.search | -| angularjs.js:47:16:47:30 | location.search | -| angularjs.js:47:16:47:30 | location.search | -| angularjs.js:50:22:50:36 | location.search | -| angularjs.js:50:22:50:36 | location.search | -| angularjs.js:50:22:50:36 | location.search | -| angularjs.js:53:32:53:46 | location.search | -| angularjs.js:53:32:53:46 | location.search | -| angularjs.js:53:32:53:46 | location.search | -| express.js:7:24:7:69 | "return ... + "];" | -| express.js:7:24:7:69 | "return ... + "];" | -| express.js:7:44:7:62 | req.param("wobble") | -| express.js:7:44:7:62 | req.param("wobble") | -| express.js:9:34:9:79 | "return ... + "];" | -| express.js:9:34:9:79 | "return ... + "];" | -| express.js:9:54:9:72 | req.param("wobble") | -| express.js:9:54:9:72 | req.param("wobble") | -| express.js:12:8:12:53 | "return ... + "];" | -| express.js:12:8:12:53 | "return ... + "];" | -| express.js:12:28:12:46 | req.param("wobble") | -| express.js:12:28:12:46 | req.param("wobble") | -| express.js:15:22:15:54 | req.par ... ction") | -| express.js:15:22:15:54 | req.par ... ction") | -| express.js:15:22:15:54 | req.par ... ction") | -| express.js:17:30:17:53 | req.par ... cript") | -| express.js:17:30:17:53 | req.par ... cript") | -| express.js:17:30:17:53 | req.par ... cript") | -| express.js:19:37:19:70 | req.par ... odule") | -| express.js:19:37:19:70 | req.par ... odule") | -| express.js:19:37:19:70 | req.par ... odule") | -| express.js:21:19:21:48 | req.par ... ntext") | -| express.js:21:19:21:48 | req.par ... ntext") | -| express.js:21:19:21:48 | req.par ... ntext") | -| express.js:26:9:26:35 | taint | -| express.js:26:17:26:35 | req.param("wobble") | -| express.js:26:17:26:35 | req.param("wobble") | -| express.js:27:34:27:38 | taint | -| express.js:27:34:27:38 | taint | -| express.js:34:9:34:35 | taint | -| express.js:34:17:34:35 | req.param("wobble") | -| express.js:34:17:34:35 | req.param("wobble") | -| express.js:43:15:43:19 | taint | -| express.js:43:15:43:19 | taint | -| express.js:49:30:49:32 | msg | -| express.js:49:30:49:32 | msg | -| express.js:50:10:50:12 | msg | -| express.js:50:10:50:12 | msg | -| module.js:9:16:9:29 | req.query.code | -| module.js:9:16:9:29 | req.query.code | -| module.js:9:16:9:29 | req.query.code | -| module.js:11:17:11:30 | req.query.code | -| module.js:11:17:11:30 | req.query.code | -| module.js:11:17:11:30 | req.query.code | -| react-native.js:7:7:7:33 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | -| react-native.js:7:17:7:33 | req.param("code") | -| react-native.js:8:32:8:38 | tainted | -| react-native.js:8:32:8:38 | tainted | -| react-native.js:10:23:10:29 | tainted | -| react-native.js:10:23:10:29 | tainted | -| react.js:10:56:10:77 | documen ... on.hash | -| react.js:10:56:10:77 | documen ... on.hash | -| react.js:10:56:10:77 | documen ... on.hash | -| template-sinks.js:18:9:18:31 | tainted | -| template-sinks.js:18:19:18:31 | req.query.foo | -| template-sinks.js:18:19:18:31 | req.query.foo | -| template-sinks.js:20:17:20:23 | tainted | -| template-sinks.js:20:17:20:23 | tainted | -| template-sinks.js:21:16:21:22 | tainted | -| template-sinks.js:21:16:21:22 | tainted | -| template-sinks.js:22:18:22:24 | tainted | -| template-sinks.js:22:18:22:24 | tainted | -| template-sinks.js:23:17:23:23 | tainted | -| template-sinks.js:23:17:23:23 | tainted | -| template-sinks.js:24:18:24:24 | tainted | -| template-sinks.js:24:18:24:24 | tainted | -| template-sinks.js:25:16:25:22 | tainted | -| template-sinks.js:25:16:25:22 | tainted | -| template-sinks.js:26:27:26:33 | tainted | -| template-sinks.js:26:27:26:33 | tainted | -| template-sinks.js:27:21:27:27 | tainted | -| template-sinks.js:27:21:27:27 | tainted | -| template-sinks.js:28:17:28:23 | tainted | -| template-sinks.js:28:17:28:23 | tainted | -| template-sinks.js:29:24:29:30 | tainted | -| template-sinks.js:29:24:29:30 | tainted | -| template-sinks.js:30:21:30:27 | tainted | -| template-sinks.js:30:21:30:27 | tainted | -| template-sinks.js:31:19:31:25 | tainted | -| template-sinks.js:31:19:31:25 | tainted | -| template-sinks.js:32:16:32:22 | tainted | -| template-sinks.js:32:16:32:22 | tainted | -| template-sinks.js:33:17:33:23 | tainted | -| template-sinks.js:33:17:33:23 | tainted | -| tst.js:2:6:2:27 | documen ... on.href | -| tst.js:2:6:2:27 | documen ... on.href | -| tst.js:2:6:2:83 | documen ... t=")+8) | -| tst.js:2:6:2:83 | documen ... t=")+8) | -| tst.js:5:12:5:33 | documen ... on.hash | -| tst.js:5:12:5:33 | documen ... on.hash | -| tst.js:5:12:5:33 | documen ... on.hash | -| tst.js:14:10:14:33 | documen ... .search | -| tst.js:14:10:14:33 | documen ... .search | -| tst.js:14:10:14:74 | documen ... , "$1") | -| tst.js:14:10:14:74 | documen ... , "$1") | -| tst.js:17:21:17:42 | documen ... on.hash | -| tst.js:17:21:17:42 | documen ... on.hash | -| tst.js:17:21:17:42 | documen ... on.hash | -| tst.js:20:30:20:51 | documen ... on.hash | -| tst.js:20:30:20:51 | documen ... on.hash | -| tst.js:20:30:20:51 | documen ... on.hash | -| tst.js:23:6:23:46 | atob(do ... ing(1)) | -| tst.js:23:6:23:46 | atob(do ... ing(1)) | -| tst.js:23:11:23:32 | documen ... on.hash | -| tst.js:23:11:23:32 | documen ... on.hash | -| tst.js:23:11:23:45 | documen ... ring(1) | -| tst.js:26:26:26:40 | location.search | -| tst.js:26:26:26:40 | location.search | -| tst.js:26:26:26:53 | locatio ... ring(1) | -| tst.js:26:26:26:53 | locatio ... ring(1) | -| tst.js:29:9:29:82 | source | -| tst.js:29:18:29:41 | documen ... .search | -| tst.js:29:18:29:41 | documen ... .search | -| tst.js:29:18:29:82 | documen ... , "$1") | -| tst.js:31:18:31:23 | source | -| tst.js:31:18:31:23 | source | -| tst.js:33:14:33:19 | source | -| tst.js:33:14:33:19 | source | -| tst.js:35:28:35:33 | source | -| tst.js:35:28:35:33 | source | -| tst.js:37:33:37:38 | source | -| tst.js:37:33:37:38 | source | -| webix/webix.html:3:16:3:37 | documen ... on.hash | -| webix/webix.html:3:16:3:37 | documen ... on.hash | -| webix/webix.html:3:16:3:37 | documen ... on.hash | -| webix/webix.html:4:26:4:47 | documen ... on.hash | -| webix/webix.html:4:26:4:47 | documen ... on.hash | -| webix/webix.html:4:26:4:47 | documen ... on.hash | -| webix/webix.html:5:47:5:68 | documen ... on.hash | -| webix/webix.html:5:47:5:68 | documen ... on.hash | -| webix/webix.html:5:47:5:68 | documen ... on.hash | -| webix/webix.js:3:12:3:33 | documen ... on.hash | -| webix/webix.js:3:12:3:33 | documen ... on.hash | -| webix/webix.js:3:12:3:33 | documen ... on.hash | -| webix/webix.js:4:22:4:43 | documen ... on.hash | -| webix/webix.js:4:22:4:43 | documen ... on.hash | -| webix/webix.js:4:22:4:43 | documen ... on.hash | -| webix/webix.js:5:43:5:64 | documen ... on.hash | -| webix/webix.js:5:43:5:64 | documen ... on.hash | -| webix/webix.js:5:43:5:64 | documen ... on.hash | edges -| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | -| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | -| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | -| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | -| NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:36:19:48 | req.body.name | -| NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:36:19:48 | req.body.name | -| NoSQLCodeInjection.js:19:36:19:48 | req.body.name | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | -| NoSQLCodeInjection.js:19:36:19:48 | req.body.name | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | -| NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:36:22:48 | req.body.name | -| NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:36:22:48 | req.body.name | -| NoSQLCodeInjection.js:22:36:22:48 | req.body.name | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | -| NoSQLCodeInjection.js:22:36:22:48 | req.body.name | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | -| actions.js:4:10:4:50 | github. ... message | actions.js:4:10:4:50 | github. ... message | -| angularjs.js:10:22:10:36 | location.search | angularjs.js:10:22:10:36 | location.search | -| angularjs.js:13:23:13:37 | location.search | angularjs.js:13:23:13:37 | location.search | -| angularjs.js:16:28:16:42 | location.search | angularjs.js:16:28:16:42 | location.search | -| angularjs.js:19:22:19:36 | location.search | angularjs.js:19:22:19:36 | location.search | -| angularjs.js:22:27:22:41 | location.search | angularjs.js:22:27:22:41 | location.search | -| angularjs.js:25:23:25:37 | location.search | angularjs.js:25:23:25:37 | location.search | -| angularjs.js:28:33:28:47 | location.search | angularjs.js:28:33:28:47 | location.search | -| angularjs.js:31:28:31:42 | location.search | angularjs.js:31:28:31:42 | location.search | -| angularjs.js:34:18:34:32 | location.search | angularjs.js:34:18:34:32 | location.search | -| angularjs.js:40:18:40:32 | location.search | angularjs.js:40:18:40:32 | location.search | -| angularjs.js:44:17:44:31 | location.search | angularjs.js:44:17:44:31 | location.search | -| angularjs.js:47:16:47:30 | location.search | angularjs.js:47:16:47:30 | location.search | -| angularjs.js:50:22:50:36 | location.search | angularjs.js:50:22:50:36 | location.search | -| angularjs.js:53:32:53:46 | location.search | angularjs.js:53:32:53:46 | location.search | -| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" | -| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" | -| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" | -| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" | -| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" | -| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" | -| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" | -| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" | -| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" | -| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" | -| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" | -| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" | -| express.js:15:22:15:54 | req.par ... ction") | express.js:15:22:15:54 | req.par ... ction") | -| express.js:17:30:17:53 | req.par ... cript") | express.js:17:30:17:53 | req.par ... cript") | -| express.js:19:37:19:70 | req.par ... odule") | express.js:19:37:19:70 | req.par ... odule") | -| express.js:21:19:21:48 | req.par ... ntext") | express.js:21:19:21:48 | req.par ... ntext") | -| express.js:26:9:26:35 | taint | express.js:27:34:27:38 | taint | -| express.js:26:9:26:35 | taint | express.js:27:34:27:38 | taint | -| express.js:26:17:26:35 | req.param("wobble") | express.js:26:9:26:35 | taint | -| express.js:26:17:26:35 | req.param("wobble") | express.js:26:9:26:35 | taint | -| express.js:34:9:34:35 | taint | express.js:43:15:43:19 | taint | -| express.js:34:9:34:35 | taint | express.js:43:15:43:19 | taint | -| express.js:34:17:34:35 | req.param("wobble") | express.js:34:9:34:35 | taint | -| express.js:34:17:34:35 | req.param("wobble") | express.js:34:9:34:35 | taint | -| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg | -| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg | -| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg | -| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg | -| module.js:9:16:9:29 | req.query.code | module.js:9:16:9:29 | req.query.code | -| module.js:11:17:11:30 | req.query.code | module.js:11:17:11:30 | req.query.code | -| react-native.js:7:7:7:33 | tainted | react-native.js:8:32:8:38 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:8:32:8:38 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:10:23:10:29 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:10:23:10:29 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | -| react.js:10:56:10:77 | documen ... on.hash | react.js:10:56:10:77 | documen ... on.hash | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:20:17:20:23 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:20:17:20:23 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:21:16:21:22 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:21:16:21:22 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:22:18:22:24 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:22:18:22:24 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:23:17:23:23 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:23:17:23:23 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:24:18:24:24 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:24:18:24:24 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:25:16:25:22 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:25:16:25:22 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:26:27:26:33 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:26:27:26:33 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:27:21:27:27 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:27:21:27:27 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:28:17:28:23 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:28:17:28:23 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:29:24:29:30 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:29:24:29:30 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:30:21:30:27 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:30:21:30:27 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:31:19:31:25 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:31:19:31:25 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:32:16:32:22 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:32:16:32:22 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:33:17:33:23 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:33:17:33:23 | tainted | -| template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:18:9:18:31 | tainted | -| template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:18:9:18:31 | tainted | -| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) | -| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) | -| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) | -| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) | -| tst.js:5:12:5:33 | documen ... on.hash | tst.js:5:12:5:33 | documen ... on.hash | -| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") | -| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") | -| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") | -| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") | -| tst.js:17:21:17:42 | documen ... on.hash | tst.js:17:21:17:42 | documen ... on.hash | -| tst.js:20:30:20:51 | documen ... on.hash | tst.js:20:30:20:51 | documen ... on.hash | -| tst.js:23:11:23:32 | documen ... on.hash | tst.js:23:11:23:45 | documen ... ring(1) | -| tst.js:23:11:23:32 | documen ... on.hash | tst.js:23:11:23:45 | documen ... ring(1) | -| tst.js:23:11:23:45 | documen ... ring(1) | tst.js:23:6:23:46 | atob(do ... ing(1)) | -| tst.js:23:11:23:45 | documen ... ring(1) | tst.js:23:6:23:46 | atob(do ... ing(1)) | -| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) | -| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) | -| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) | -| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) | -| tst.js:29:9:29:82 | source | tst.js:31:18:31:23 | source | -| tst.js:29:9:29:82 | source | tst.js:31:18:31:23 | source | -| tst.js:29:9:29:82 | source | tst.js:33:14:33:19 | source | -| tst.js:29:9:29:82 | source | tst.js:33:14:33:19 | source | -| tst.js:29:9:29:82 | source | tst.js:35:28:35:33 | source | -| tst.js:29:9:29:82 | source | tst.js:35:28:35:33 | source | -| tst.js:29:9:29:82 | source | tst.js:37:33:37:38 | source | -| tst.js:29:9:29:82 | source | tst.js:37:33:37:38 | source | -| tst.js:29:18:29:41 | documen ... .search | tst.js:29:18:29:82 | documen ... , "$1") | -| tst.js:29:18:29:41 | documen ... .search | tst.js:29:18:29:82 | documen ... , "$1") | -| tst.js:29:18:29:82 | documen ... , "$1") | tst.js:29:9:29:82 | source | -| webix/webix.html:3:16:3:37 | documen ... on.hash | webix/webix.html:3:16:3:37 | documen ... on.hash | -| webix/webix.html:4:26:4:47 | documen ... on.hash | webix/webix.html:4:26:4:47 | documen ... on.hash | -| webix/webix.html:5:47:5:68 | documen ... on.hash | webix/webix.html:5:47:5:68 | documen ... on.hash | -| webix/webix.js:3:12:3:33 | documen ... on.hash | webix/webix.js:3:12:3:33 | documen ... on.hash | -| webix/webix.js:4:22:4:43 | documen ... on.hash | webix/webix.js:4:22:4:43 | documen ... on.hash | -| webix/webix.js:5:43:5:64 | documen ... on.hash | webix/webix.js:5:43:5:64 | documen ... on.hash | +| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | provenance | | +| NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | provenance | | +| NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | provenance | | +| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" | provenance | | +| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" | provenance | | +| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" | provenance | | +| express.js:26:9:26:35 | taint | express.js:27:34:27:38 | taint | provenance | | +| express.js:26:17:26:35 | req.param("wobble") | express.js:26:9:26:35 | taint | provenance | | +| express.js:34:9:34:35 | taint | express.js:43:15:43:19 | taint | provenance | | +| express.js:34:17:34:35 | req.param("wobble") | express.js:34:9:34:35 | taint | provenance | | +| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg | provenance | | +| react-native.js:7:7:7:33 | tainted | react-native.js:8:32:8:38 | tainted | provenance | | +| react-native.js:7:7:7:33 | tainted | react-native.js:10:23:10:29 | tainted | provenance | | +| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:20:17:20:23 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:21:16:21:22 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:22:18:22:24 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:23:17:23:23 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:24:18:24:24 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:25:16:25:22 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:26:27:26:33 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:27:21:27:27 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:28:17:28:23 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:29:24:29:30 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:30:21:30:27 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:31:19:31:25 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:32:16:32:22 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:33:17:33:23 | tainted | provenance | | +| template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:18:9:18:31 | tainted | provenance | | +| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) | provenance | | +| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") | provenance | | +| tst.js:23:11:23:32 | documen ... on.hash | tst.js:23:11:23:45 | documen ... ring(1) | provenance | | +| tst.js:23:11:23:45 | documen ... ring(1) | tst.js:23:6:23:46 | atob(do ... ing(1)) | provenance | | +| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) | provenance | | +| tst.js:29:9:29:82 | source | tst.js:31:18:31:23 | source | provenance | | +| tst.js:29:9:29:82 | source | tst.js:33:14:33:19 | source | provenance | | +| tst.js:29:9:29:82 | source | tst.js:35:28:35:33 | source | provenance | | +| tst.js:29:9:29:82 | source | tst.js:37:33:37:38 | source | provenance | | +| tst.js:29:18:29:41 | documen ... .search | tst.js:29:18:29:82 | documen ... , "$1") | provenance | | +| tst.js:29:18:29:82 | documen ... , "$1") | tst.js:29:9:29:82 | source | provenance | | +nodes +| NoSQLCodeInjection.js:18:24:18:31 | req.body | semmle.label | req.body | +| NoSQLCodeInjection.js:18:24:18:37 | req.body.query | semmle.label | req.body.query | +| NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | semmle.label | "name = ... dy.name | +| NoSQLCodeInjection.js:19:36:19:43 | req.body | semmle.label | req.body | +| NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | semmle.label | "name = ... dy.name | +| NoSQLCodeInjection.js:22:36:22:43 | req.body | semmle.label | req.body | +| actions.js:4:10:4:50 | github. ... message | semmle.label | github. ... message | +| angularjs.js:10:22:10:36 | location.search | semmle.label | location.search | +| angularjs.js:13:23:13:37 | location.search | semmle.label | location.search | +| angularjs.js:16:28:16:42 | location.search | semmle.label | location.search | +| angularjs.js:19:22:19:36 | location.search | semmle.label | location.search | +| angularjs.js:22:27:22:41 | location.search | semmle.label | location.search | +| angularjs.js:25:23:25:37 | location.search | semmle.label | location.search | +| angularjs.js:28:33:28:47 | location.search | semmle.label | location.search | +| angularjs.js:31:28:31:42 | location.search | semmle.label | location.search | +| angularjs.js:34:18:34:32 | location.search | semmle.label | location.search | +| angularjs.js:40:18:40:32 | location.search | semmle.label | location.search | +| angularjs.js:44:17:44:31 | location.search | semmle.label | location.search | +| angularjs.js:47:16:47:30 | location.search | semmle.label | location.search | +| angularjs.js:50:22:50:36 | location.search | semmle.label | location.search | +| angularjs.js:53:32:53:46 | location.search | semmle.label | location.search | +| express.js:7:24:7:69 | "return ... + "];" | semmle.label | "return ... + "];" | +| express.js:7:44:7:62 | req.param("wobble") | semmle.label | req.param("wobble") | +| express.js:9:34:9:79 | "return ... + "];" | semmle.label | "return ... + "];" | +| express.js:9:54:9:72 | req.param("wobble") | semmle.label | req.param("wobble") | +| express.js:12:8:12:53 | "return ... + "];" | semmle.label | "return ... + "];" | +| express.js:12:28:12:46 | req.param("wobble") | semmle.label | req.param("wobble") | +| express.js:15:22:15:54 | req.par ... ction") | semmle.label | req.par ... ction") | +| express.js:17:30:17:53 | req.par ... cript") | semmle.label | req.par ... cript") | +| express.js:19:37:19:70 | req.par ... odule") | semmle.label | req.par ... odule") | +| express.js:21:19:21:48 | req.par ... ntext") | semmle.label | req.par ... ntext") | +| express.js:26:9:26:35 | taint | semmle.label | taint | +| express.js:26:17:26:35 | req.param("wobble") | semmle.label | req.param("wobble") | +| express.js:27:34:27:38 | taint | semmle.label | taint | +| express.js:34:9:34:35 | taint | semmle.label | taint | +| express.js:34:17:34:35 | req.param("wobble") | semmle.label | req.param("wobble") | +| express.js:43:15:43:19 | taint | semmle.label | taint | +| express.js:49:30:49:32 | msg | semmle.label | msg | +| express.js:50:10:50:12 | msg | semmle.label | msg | +| module.js:9:16:9:29 | req.query.code | semmle.label | req.query.code | +| module.js:11:17:11:30 | req.query.code | semmle.label | req.query.code | +| react-native.js:7:7:7:33 | tainted | semmle.label | tainted | +| react-native.js:7:17:7:33 | req.param("code") | semmle.label | req.param("code") | +| react-native.js:8:32:8:38 | tainted | semmle.label | tainted | +| react-native.js:10:23:10:29 | tainted | semmle.label | tainted | +| react.js:10:56:10:77 | documen ... on.hash | semmle.label | documen ... on.hash | +| template-sinks.js:18:9:18:31 | tainted | semmle.label | tainted | +| template-sinks.js:18:19:18:31 | req.query.foo | semmle.label | req.query.foo | +| template-sinks.js:20:17:20:23 | tainted | semmle.label | tainted | +| template-sinks.js:21:16:21:22 | tainted | semmle.label | tainted | +| template-sinks.js:22:18:22:24 | tainted | semmle.label | tainted | +| template-sinks.js:23:17:23:23 | tainted | semmle.label | tainted | +| template-sinks.js:24:18:24:24 | tainted | semmle.label | tainted | +| template-sinks.js:25:16:25:22 | tainted | semmle.label | tainted | +| template-sinks.js:26:27:26:33 | tainted | semmle.label | tainted | +| template-sinks.js:27:21:27:27 | tainted | semmle.label | tainted | +| template-sinks.js:28:17:28:23 | tainted | semmle.label | tainted | +| template-sinks.js:29:24:29:30 | tainted | semmle.label | tainted | +| template-sinks.js:30:21:30:27 | tainted | semmle.label | tainted | +| template-sinks.js:31:19:31:25 | tainted | semmle.label | tainted | +| template-sinks.js:32:16:32:22 | tainted | semmle.label | tainted | +| template-sinks.js:33:17:33:23 | tainted | semmle.label | tainted | +| tst.js:2:6:2:27 | documen ... on.href | semmle.label | documen ... on.href | +| tst.js:2:6:2:83 | documen ... t=")+8) | semmle.label | documen ... t=")+8) | +| tst.js:5:12:5:33 | documen ... on.hash | semmle.label | documen ... on.hash | +| tst.js:14:10:14:33 | documen ... .search | semmle.label | documen ... .search | +| tst.js:14:10:14:74 | documen ... , "$1") | semmle.label | documen ... , "$1") | +| tst.js:17:21:17:42 | documen ... on.hash | semmle.label | documen ... on.hash | +| tst.js:20:30:20:51 | documen ... on.hash | semmle.label | documen ... on.hash | +| tst.js:23:6:23:46 | atob(do ... ing(1)) | semmle.label | atob(do ... ing(1)) | +| tst.js:23:11:23:32 | documen ... on.hash | semmle.label | documen ... on.hash | +| tst.js:23:11:23:45 | documen ... ring(1) | semmle.label | documen ... ring(1) | +| tst.js:26:26:26:40 | location.search | semmle.label | location.search | +| tst.js:26:26:26:53 | locatio ... ring(1) | semmle.label | locatio ... ring(1) | +| tst.js:29:9:29:82 | source | semmle.label | source | +| tst.js:29:18:29:41 | documen ... .search | semmle.label | documen ... .search | +| tst.js:29:18:29:82 | documen ... , "$1") | semmle.label | documen ... , "$1") | +| tst.js:31:18:31:23 | source | semmle.label | source | +| tst.js:33:14:33:19 | source | semmle.label | source | +| tst.js:35:28:35:33 | source | semmle.label | source | +| tst.js:37:33:37:38 | source | semmle.label | source | +| webix/webix.html:3:16:3:37 | documen ... on.hash | semmle.label | documen ... on.hash | +| webix/webix.html:4:26:4:47 | documen ... on.hash | semmle.label | documen ... on.hash | +| webix/webix.html:5:47:5:68 | documen ... on.hash | semmle.label | documen ... on.hash | +| webix/webix.js:3:12:3:33 | documen ... on.hash | semmle.label | documen ... on.hash | +| webix/webix.js:4:22:4:43 | documen ... on.hash | semmle.label | documen ... on.hash | +| webix/webix.js:5:43:5:64 | documen ... on.hash | semmle.label | documen ... on.hash | +subpaths #select | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | This code execution depends on a $@. | NoSQLCodeInjection.js:18:24:18:31 | req.body | user-provided value | | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | This code execution depends on a $@. | NoSQLCodeInjection.js:19:36:19:43 | req.body | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.expected b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.expected index 7e4bd3059551..2be7dc659f29 100644 --- a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.expected @@ -1,342 +1,135 @@ -nodes -| NoSQLCodeInjection.js:18:24:18:31 | req.body | -| NoSQLCodeInjection.js:18:24:18:31 | req.body | -| NoSQLCodeInjection.js:18:24:18:37 | req.body.query | -| NoSQLCodeInjection.js:18:24:18:37 | req.body.query | -| NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | -| NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | -| NoSQLCodeInjection.js:19:36:19:43 | req.body | -| NoSQLCodeInjection.js:19:36:19:43 | req.body | -| NoSQLCodeInjection.js:19:36:19:48 | req.body.name | -| NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | -| NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | -| NoSQLCodeInjection.js:22:36:22:43 | req.body | -| NoSQLCodeInjection.js:22:36:22:43 | req.body | -| NoSQLCodeInjection.js:22:36:22:48 | req.body.name | -| actions.js:4:10:4:50 | github. ... message | -| actions.js:4:10:4:50 | github. ... message | -| actions.js:4:10:4:50 | github. ... message | -| angularjs.js:10:22:10:36 | location.search | -| angularjs.js:10:22:10:36 | location.search | -| angularjs.js:10:22:10:36 | location.search | -| angularjs.js:13:23:13:37 | location.search | -| angularjs.js:13:23:13:37 | location.search | -| angularjs.js:13:23:13:37 | location.search | -| angularjs.js:16:28:16:42 | location.search | -| angularjs.js:16:28:16:42 | location.search | -| angularjs.js:16:28:16:42 | location.search | -| angularjs.js:19:22:19:36 | location.search | -| angularjs.js:19:22:19:36 | location.search | -| angularjs.js:19:22:19:36 | location.search | -| angularjs.js:22:27:22:41 | location.search | -| angularjs.js:22:27:22:41 | location.search | -| angularjs.js:22:27:22:41 | location.search | -| angularjs.js:25:23:25:37 | location.search | -| angularjs.js:25:23:25:37 | location.search | -| angularjs.js:25:23:25:37 | location.search | -| angularjs.js:28:33:28:47 | location.search | -| angularjs.js:28:33:28:47 | location.search | -| angularjs.js:28:33:28:47 | location.search | -| angularjs.js:31:28:31:42 | location.search | -| angularjs.js:31:28:31:42 | location.search | -| angularjs.js:31:28:31:42 | location.search | -| angularjs.js:34:18:34:32 | location.search | -| angularjs.js:34:18:34:32 | location.search | -| angularjs.js:34:18:34:32 | location.search | -| angularjs.js:40:18:40:32 | location.search | -| angularjs.js:40:18:40:32 | location.search | -| angularjs.js:40:18:40:32 | location.search | -| angularjs.js:44:17:44:31 | location.search | -| angularjs.js:44:17:44:31 | location.search | -| angularjs.js:44:17:44:31 | location.search | -| angularjs.js:47:16:47:30 | location.search | -| angularjs.js:47:16:47:30 | location.search | -| angularjs.js:47:16:47:30 | location.search | -| angularjs.js:50:22:50:36 | location.search | -| angularjs.js:50:22:50:36 | location.search | -| angularjs.js:50:22:50:36 | location.search | -| angularjs.js:53:32:53:46 | location.search | -| angularjs.js:53:32:53:46 | location.search | -| angularjs.js:53:32:53:46 | location.search | -| eslint-escope-build.js:20:22:20:22 | c | -| eslint-escope-build.js:20:22:20:22 | c | -| eslint-escope-build.js:21:16:21:16 | c | -| eslint-escope-build.js:21:16:21:16 | c | -| express.js:7:24:7:69 | "return ... + "];" | -| express.js:7:24:7:69 | "return ... + "];" | -| express.js:7:44:7:62 | req.param("wobble") | -| express.js:7:44:7:62 | req.param("wobble") | -| express.js:9:34:9:79 | "return ... + "];" | -| express.js:9:34:9:79 | "return ... + "];" | -| express.js:9:54:9:72 | req.param("wobble") | -| express.js:9:54:9:72 | req.param("wobble") | -| express.js:12:8:12:53 | "return ... + "];" | -| express.js:12:8:12:53 | "return ... + "];" | -| express.js:12:28:12:46 | req.param("wobble") | -| express.js:12:28:12:46 | req.param("wobble") | -| express.js:15:22:15:54 | req.par ... ction") | -| express.js:15:22:15:54 | req.par ... ction") | -| express.js:15:22:15:54 | req.par ... ction") | -| express.js:17:30:17:53 | req.par ... cript") | -| express.js:17:30:17:53 | req.par ... cript") | -| express.js:17:30:17:53 | req.par ... cript") | -| express.js:19:37:19:70 | req.par ... odule") | -| express.js:19:37:19:70 | req.par ... odule") | -| express.js:19:37:19:70 | req.par ... odule") | -| express.js:21:19:21:48 | req.par ... ntext") | -| express.js:21:19:21:48 | req.par ... ntext") | -| express.js:21:19:21:48 | req.par ... ntext") | -| express.js:26:9:26:35 | taint | -| express.js:26:17:26:35 | req.param("wobble") | -| express.js:26:17:26:35 | req.param("wobble") | -| express.js:27:34:27:38 | taint | -| express.js:27:34:27:38 | taint | -| express.js:34:9:34:35 | taint | -| express.js:34:17:34:35 | req.param("wobble") | -| express.js:34:17:34:35 | req.param("wobble") | -| express.js:43:15:43:19 | taint | -| express.js:43:15:43:19 | taint | -| express.js:49:30:49:32 | msg | -| express.js:49:30:49:32 | msg | -| express.js:50:10:50:12 | msg | -| express.js:50:10:50:12 | msg | -| module.js:9:16:9:29 | req.query.code | -| module.js:9:16:9:29 | req.query.code | -| module.js:9:16:9:29 | req.query.code | -| module.js:11:17:11:30 | req.query.code | -| module.js:11:17:11:30 | req.query.code | -| module.js:11:17:11:30 | req.query.code | -| react-native.js:7:7:7:33 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | -| react-native.js:7:17:7:33 | req.param("code") | -| react-native.js:8:32:8:38 | tainted | -| react-native.js:8:32:8:38 | tainted | -| react-native.js:10:23:10:29 | tainted | -| react-native.js:10:23:10:29 | tainted | -| react.js:10:56:10:77 | documen ... on.hash | -| react.js:10:56:10:77 | documen ... on.hash | -| react.js:10:56:10:77 | documen ... on.hash | -| template-sinks.js:18:9:18:31 | tainted | -| template-sinks.js:18:19:18:31 | req.query.foo | -| template-sinks.js:18:19:18:31 | req.query.foo | -| template-sinks.js:20:17:20:23 | tainted | -| template-sinks.js:20:17:20:23 | tainted | -| template-sinks.js:21:16:21:22 | tainted | -| template-sinks.js:21:16:21:22 | tainted | -| template-sinks.js:22:18:22:24 | tainted | -| template-sinks.js:22:18:22:24 | tainted | -| template-sinks.js:23:17:23:23 | tainted | -| template-sinks.js:23:17:23:23 | tainted | -| template-sinks.js:24:18:24:24 | tainted | -| template-sinks.js:24:18:24:24 | tainted | -| template-sinks.js:25:16:25:22 | tainted | -| template-sinks.js:25:16:25:22 | tainted | -| template-sinks.js:26:27:26:33 | tainted | -| template-sinks.js:26:27:26:33 | tainted | -| template-sinks.js:27:21:27:27 | tainted | -| template-sinks.js:27:21:27:27 | tainted | -| template-sinks.js:28:17:28:23 | tainted | -| template-sinks.js:28:17:28:23 | tainted | -| template-sinks.js:29:24:29:30 | tainted | -| template-sinks.js:29:24:29:30 | tainted | -| template-sinks.js:30:21:30:27 | tainted | -| template-sinks.js:30:21:30:27 | tainted | -| template-sinks.js:31:19:31:25 | tainted | -| template-sinks.js:31:19:31:25 | tainted | -| template-sinks.js:32:16:32:22 | tainted | -| template-sinks.js:32:16:32:22 | tainted | -| template-sinks.js:33:17:33:23 | tainted | -| template-sinks.js:33:17:33:23 | tainted | -| tst.js:2:6:2:27 | documen ... on.href | -| tst.js:2:6:2:27 | documen ... on.href | -| tst.js:2:6:2:83 | documen ... t=")+8) | -| tst.js:2:6:2:83 | documen ... t=")+8) | -| tst.js:5:12:5:33 | documen ... on.hash | -| tst.js:5:12:5:33 | documen ... on.hash | -| tst.js:5:12:5:33 | documen ... on.hash | -| tst.js:14:10:14:33 | documen ... .search | -| tst.js:14:10:14:33 | documen ... .search | -| tst.js:14:10:14:74 | documen ... , "$1") | -| tst.js:14:10:14:74 | documen ... , "$1") | -| tst.js:17:21:17:42 | documen ... on.hash | -| tst.js:17:21:17:42 | documen ... on.hash | -| tst.js:17:21:17:42 | documen ... on.hash | -| tst.js:20:30:20:51 | documen ... on.hash | -| tst.js:20:30:20:51 | documen ... on.hash | -| tst.js:20:30:20:51 | documen ... on.hash | -| tst.js:23:6:23:46 | atob(do ... ing(1)) | -| tst.js:23:6:23:46 | atob(do ... ing(1)) | -| tst.js:23:11:23:32 | documen ... on.hash | -| tst.js:23:11:23:32 | documen ... on.hash | -| tst.js:23:11:23:45 | documen ... ring(1) | -| tst.js:26:26:26:40 | location.search | -| tst.js:26:26:26:40 | location.search | -| tst.js:26:26:26:53 | locatio ... ring(1) | -| tst.js:26:26:26:53 | locatio ... ring(1) | -| tst.js:29:9:29:82 | source | -| tst.js:29:18:29:41 | documen ... .search | -| tst.js:29:18:29:41 | documen ... .search | -| tst.js:29:18:29:82 | documen ... , "$1") | -| tst.js:31:18:31:23 | source | -| tst.js:31:18:31:23 | source | -| tst.js:33:14:33:19 | source | -| tst.js:33:14:33:19 | source | -| tst.js:35:28:35:33 | source | -| tst.js:35:28:35:33 | source | -| tst.js:37:33:37:38 | source | -| tst.js:37:33:37:38 | source | -| webix/webix.html:3:16:3:37 | documen ... on.hash | -| webix/webix.html:3:16:3:37 | documen ... on.hash | -| webix/webix.html:3:16:3:37 | documen ... on.hash | -| webix/webix.html:4:26:4:47 | documen ... on.hash | -| webix/webix.html:4:26:4:47 | documen ... on.hash | -| webix/webix.html:4:26:4:47 | documen ... on.hash | -| webix/webix.html:5:47:5:68 | documen ... on.hash | -| webix/webix.html:5:47:5:68 | documen ... on.hash | -| webix/webix.html:5:47:5:68 | documen ... on.hash | -| webix/webix.js:3:12:3:33 | documen ... on.hash | -| webix/webix.js:3:12:3:33 | documen ... on.hash | -| webix/webix.js:3:12:3:33 | documen ... on.hash | -| webix/webix.js:4:22:4:43 | documen ... on.hash | -| webix/webix.js:4:22:4:43 | documen ... on.hash | -| webix/webix.js:4:22:4:43 | documen ... on.hash | -| webix/webix.js:5:43:5:64 | documen ... on.hash | -| webix/webix.js:5:43:5:64 | documen ... on.hash | -| webix/webix.js:5:43:5:64 | documen ... on.hash | edges -| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | -| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | -| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | -| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | -| NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:36:19:48 | req.body.name | -| NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:36:19:48 | req.body.name | -| NoSQLCodeInjection.js:19:36:19:48 | req.body.name | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | -| NoSQLCodeInjection.js:19:36:19:48 | req.body.name | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | -| NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:36:22:48 | req.body.name | -| NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:36:22:48 | req.body.name | -| NoSQLCodeInjection.js:22:36:22:48 | req.body.name | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | -| NoSQLCodeInjection.js:22:36:22:48 | req.body.name | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | -| actions.js:4:10:4:50 | github. ... message | actions.js:4:10:4:50 | github. ... message | -| angularjs.js:10:22:10:36 | location.search | angularjs.js:10:22:10:36 | location.search | -| angularjs.js:13:23:13:37 | location.search | angularjs.js:13:23:13:37 | location.search | -| angularjs.js:16:28:16:42 | location.search | angularjs.js:16:28:16:42 | location.search | -| angularjs.js:19:22:19:36 | location.search | angularjs.js:19:22:19:36 | location.search | -| angularjs.js:22:27:22:41 | location.search | angularjs.js:22:27:22:41 | location.search | -| angularjs.js:25:23:25:37 | location.search | angularjs.js:25:23:25:37 | location.search | -| angularjs.js:28:33:28:47 | location.search | angularjs.js:28:33:28:47 | location.search | -| angularjs.js:31:28:31:42 | location.search | angularjs.js:31:28:31:42 | location.search | -| angularjs.js:34:18:34:32 | location.search | angularjs.js:34:18:34:32 | location.search | -| angularjs.js:40:18:40:32 | location.search | angularjs.js:40:18:40:32 | location.search | -| angularjs.js:44:17:44:31 | location.search | angularjs.js:44:17:44:31 | location.search | -| angularjs.js:47:16:47:30 | location.search | angularjs.js:47:16:47:30 | location.search | -| angularjs.js:50:22:50:36 | location.search | angularjs.js:50:22:50:36 | location.search | -| angularjs.js:53:32:53:46 | location.search | angularjs.js:53:32:53:46 | location.search | -| eslint-escope-build.js:20:22:20:22 | c | eslint-escope-build.js:21:16:21:16 | c | -| eslint-escope-build.js:20:22:20:22 | c | eslint-escope-build.js:21:16:21:16 | c | -| eslint-escope-build.js:20:22:20:22 | c | eslint-escope-build.js:21:16:21:16 | c | -| eslint-escope-build.js:20:22:20:22 | c | eslint-escope-build.js:21:16:21:16 | c | -| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" | -| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" | -| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" | -| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" | -| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" | -| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" | -| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" | -| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" | -| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" | -| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" | -| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" | -| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" | -| express.js:15:22:15:54 | req.par ... ction") | express.js:15:22:15:54 | req.par ... ction") | -| express.js:17:30:17:53 | req.par ... cript") | express.js:17:30:17:53 | req.par ... cript") | -| express.js:19:37:19:70 | req.par ... odule") | express.js:19:37:19:70 | req.par ... odule") | -| express.js:21:19:21:48 | req.par ... ntext") | express.js:21:19:21:48 | req.par ... ntext") | -| express.js:26:9:26:35 | taint | express.js:27:34:27:38 | taint | -| express.js:26:9:26:35 | taint | express.js:27:34:27:38 | taint | -| express.js:26:17:26:35 | req.param("wobble") | express.js:26:9:26:35 | taint | -| express.js:26:17:26:35 | req.param("wobble") | express.js:26:9:26:35 | taint | -| express.js:34:9:34:35 | taint | express.js:43:15:43:19 | taint | -| express.js:34:9:34:35 | taint | express.js:43:15:43:19 | taint | -| express.js:34:17:34:35 | req.param("wobble") | express.js:34:9:34:35 | taint | -| express.js:34:17:34:35 | req.param("wobble") | express.js:34:9:34:35 | taint | -| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg | -| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg | -| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg | -| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg | -| module.js:9:16:9:29 | req.query.code | module.js:9:16:9:29 | req.query.code | -| module.js:11:17:11:30 | req.query.code | module.js:11:17:11:30 | req.query.code | -| react-native.js:7:7:7:33 | tainted | react-native.js:8:32:8:38 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:8:32:8:38 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:10:23:10:29 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:10:23:10:29 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | -| react.js:10:56:10:77 | documen ... on.hash | react.js:10:56:10:77 | documen ... on.hash | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:20:17:20:23 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:20:17:20:23 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:21:16:21:22 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:21:16:21:22 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:22:18:22:24 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:22:18:22:24 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:23:17:23:23 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:23:17:23:23 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:24:18:24:24 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:24:18:24:24 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:25:16:25:22 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:25:16:25:22 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:26:27:26:33 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:26:27:26:33 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:27:21:27:27 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:27:21:27:27 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:28:17:28:23 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:28:17:28:23 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:29:24:29:30 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:29:24:29:30 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:30:21:30:27 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:30:21:30:27 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:31:19:31:25 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:31:19:31:25 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:32:16:32:22 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:32:16:32:22 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:33:17:33:23 | tainted | -| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:33:17:33:23 | tainted | -| template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:18:9:18:31 | tainted | -| template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:18:9:18:31 | tainted | -| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) | -| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) | -| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) | -| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) | -| tst.js:5:12:5:33 | documen ... on.hash | tst.js:5:12:5:33 | documen ... on.hash | -| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") | -| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") | -| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") | -| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") | -| tst.js:17:21:17:42 | documen ... on.hash | tst.js:17:21:17:42 | documen ... on.hash | -| tst.js:20:30:20:51 | documen ... on.hash | tst.js:20:30:20:51 | documen ... on.hash | -| tst.js:23:11:23:32 | documen ... on.hash | tst.js:23:11:23:45 | documen ... ring(1) | -| tst.js:23:11:23:32 | documen ... on.hash | tst.js:23:11:23:45 | documen ... ring(1) | -| tst.js:23:11:23:45 | documen ... ring(1) | tst.js:23:6:23:46 | atob(do ... ing(1)) | -| tst.js:23:11:23:45 | documen ... ring(1) | tst.js:23:6:23:46 | atob(do ... ing(1)) | -| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) | -| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) | -| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) | -| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) | -| tst.js:29:9:29:82 | source | tst.js:31:18:31:23 | source | -| tst.js:29:9:29:82 | source | tst.js:31:18:31:23 | source | -| tst.js:29:9:29:82 | source | tst.js:33:14:33:19 | source | -| tst.js:29:9:29:82 | source | tst.js:33:14:33:19 | source | -| tst.js:29:9:29:82 | source | tst.js:35:28:35:33 | source | -| tst.js:29:9:29:82 | source | tst.js:35:28:35:33 | source | -| tst.js:29:9:29:82 | source | tst.js:37:33:37:38 | source | -| tst.js:29:9:29:82 | source | tst.js:37:33:37:38 | source | -| tst.js:29:18:29:41 | documen ... .search | tst.js:29:18:29:82 | documen ... , "$1") | -| tst.js:29:18:29:41 | documen ... .search | tst.js:29:18:29:82 | documen ... , "$1") | -| tst.js:29:18:29:82 | documen ... , "$1") | tst.js:29:9:29:82 | source | -| webix/webix.html:3:16:3:37 | documen ... on.hash | webix/webix.html:3:16:3:37 | documen ... on.hash | -| webix/webix.html:4:26:4:47 | documen ... on.hash | webix/webix.html:4:26:4:47 | documen ... on.hash | -| webix/webix.html:5:47:5:68 | documen ... on.hash | webix/webix.html:5:47:5:68 | documen ... on.hash | -| webix/webix.js:3:12:3:33 | documen ... on.hash | webix/webix.js:3:12:3:33 | documen ... on.hash | -| webix/webix.js:4:22:4:43 | documen ... on.hash | webix/webix.js:4:22:4:43 | documen ... on.hash | -| webix/webix.js:5:43:5:64 | documen ... on.hash | webix/webix.js:5:43:5:64 | documen ... on.hash | +| NoSQLCodeInjection.js:18:24:18:31 | req.body | NoSQLCodeInjection.js:18:24:18:37 | req.body.query | provenance | | +| NoSQLCodeInjection.js:19:36:19:43 | req.body | NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | provenance | | +| NoSQLCodeInjection.js:22:36:22:43 | req.body | NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | provenance | | +| eslint-escope-build.js:20:22:20:22 | c | eslint-escope-build.js:21:16:21:16 | c | provenance | | +| express.js:7:44:7:62 | req.param("wobble") | express.js:7:24:7:69 | "return ... + "];" | provenance | | +| express.js:9:54:9:72 | req.param("wobble") | express.js:9:34:9:79 | "return ... + "];" | provenance | | +| express.js:12:28:12:46 | req.param("wobble") | express.js:12:8:12:53 | "return ... + "];" | provenance | | +| express.js:26:9:26:35 | taint | express.js:27:34:27:38 | taint | provenance | | +| express.js:26:17:26:35 | req.param("wobble") | express.js:26:9:26:35 | taint | provenance | | +| express.js:34:9:34:35 | taint | express.js:43:15:43:19 | taint | provenance | | +| express.js:34:17:34:35 | req.param("wobble") | express.js:34:9:34:35 | taint | provenance | | +| express.js:49:30:49:32 | msg | express.js:50:10:50:12 | msg | provenance | | +| react-native.js:7:7:7:33 | tainted | react-native.js:8:32:8:38 | tainted | provenance | | +| react-native.js:7:7:7:33 | tainted | react-native.js:10:23:10:29 | tainted | provenance | | +| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:20:17:20:23 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:21:16:21:22 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:22:18:22:24 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:23:17:23:23 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:24:18:24:24 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:25:16:25:22 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:26:27:26:33 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:27:21:27:27 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:28:17:28:23 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:29:24:29:30 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:30:21:30:27 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:31:19:31:25 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:32:16:32:22 | tainted | provenance | | +| template-sinks.js:18:9:18:31 | tainted | template-sinks.js:33:17:33:23 | tainted | provenance | | +| template-sinks.js:18:19:18:31 | req.query.foo | template-sinks.js:18:9:18:31 | tainted | provenance | | +| tst.js:2:6:2:27 | documen ... on.href | tst.js:2:6:2:83 | documen ... t=")+8) | provenance | | +| tst.js:14:10:14:33 | documen ... .search | tst.js:14:10:14:74 | documen ... , "$1") | provenance | | +| tst.js:23:11:23:32 | documen ... on.hash | tst.js:23:11:23:45 | documen ... ring(1) | provenance | | +| tst.js:23:11:23:45 | documen ... ring(1) | tst.js:23:6:23:46 | atob(do ... ing(1)) | provenance | | +| tst.js:26:26:26:40 | location.search | tst.js:26:26:26:53 | locatio ... ring(1) | provenance | | +| tst.js:29:9:29:82 | source | tst.js:31:18:31:23 | source | provenance | | +| tst.js:29:9:29:82 | source | tst.js:33:14:33:19 | source | provenance | | +| tst.js:29:9:29:82 | source | tst.js:35:28:35:33 | source | provenance | | +| tst.js:29:9:29:82 | source | tst.js:37:33:37:38 | source | provenance | | +| tst.js:29:18:29:41 | documen ... .search | tst.js:29:18:29:82 | documen ... , "$1") | provenance | | +| tst.js:29:18:29:82 | documen ... , "$1") | tst.js:29:9:29:82 | source | provenance | | +nodes +| NoSQLCodeInjection.js:18:24:18:31 | req.body | semmle.label | req.body | +| NoSQLCodeInjection.js:18:24:18:37 | req.body.query | semmle.label | req.body.query | +| NoSQLCodeInjection.js:19:24:19:48 | "name = ... dy.name | semmle.label | "name = ... dy.name | +| NoSQLCodeInjection.js:19:36:19:43 | req.body | semmle.label | req.body | +| NoSQLCodeInjection.js:22:24:22:48 | "name = ... dy.name | semmle.label | "name = ... dy.name | +| NoSQLCodeInjection.js:22:36:22:43 | req.body | semmle.label | req.body | +| actions.js:4:10:4:50 | github. ... message | semmle.label | github. ... message | +| angularjs.js:10:22:10:36 | location.search | semmle.label | location.search | +| angularjs.js:13:23:13:37 | location.search | semmle.label | location.search | +| angularjs.js:16:28:16:42 | location.search | semmle.label | location.search | +| angularjs.js:19:22:19:36 | location.search | semmle.label | location.search | +| angularjs.js:22:27:22:41 | location.search | semmle.label | location.search | +| angularjs.js:25:23:25:37 | location.search | semmle.label | location.search | +| angularjs.js:28:33:28:47 | location.search | semmle.label | location.search | +| angularjs.js:31:28:31:42 | location.search | semmle.label | location.search | +| angularjs.js:34:18:34:32 | location.search | semmle.label | location.search | +| angularjs.js:40:18:40:32 | location.search | semmle.label | location.search | +| angularjs.js:44:17:44:31 | location.search | semmle.label | location.search | +| angularjs.js:47:16:47:30 | location.search | semmle.label | location.search | +| angularjs.js:50:22:50:36 | location.search | semmle.label | location.search | +| angularjs.js:53:32:53:46 | location.search | semmle.label | location.search | +| eslint-escope-build.js:20:22:20:22 | c | semmle.label | c | +| eslint-escope-build.js:21:16:21:16 | c | semmle.label | c | +| express.js:7:24:7:69 | "return ... + "];" | semmle.label | "return ... + "];" | +| express.js:7:44:7:62 | req.param("wobble") | semmle.label | req.param("wobble") | +| express.js:9:34:9:79 | "return ... + "];" | semmle.label | "return ... + "];" | +| express.js:9:54:9:72 | req.param("wobble") | semmle.label | req.param("wobble") | +| express.js:12:8:12:53 | "return ... + "];" | semmle.label | "return ... + "];" | +| express.js:12:28:12:46 | req.param("wobble") | semmle.label | req.param("wobble") | +| express.js:15:22:15:54 | req.par ... ction") | semmle.label | req.par ... ction") | +| express.js:17:30:17:53 | req.par ... cript") | semmle.label | req.par ... cript") | +| express.js:19:37:19:70 | req.par ... odule") | semmle.label | req.par ... odule") | +| express.js:21:19:21:48 | req.par ... ntext") | semmle.label | req.par ... ntext") | +| express.js:26:9:26:35 | taint | semmle.label | taint | +| express.js:26:17:26:35 | req.param("wobble") | semmle.label | req.param("wobble") | +| express.js:27:34:27:38 | taint | semmle.label | taint | +| express.js:34:9:34:35 | taint | semmle.label | taint | +| express.js:34:17:34:35 | req.param("wobble") | semmle.label | req.param("wobble") | +| express.js:43:15:43:19 | taint | semmle.label | taint | +| express.js:49:30:49:32 | msg | semmle.label | msg | +| express.js:50:10:50:12 | msg | semmle.label | msg | +| module.js:9:16:9:29 | req.query.code | semmle.label | req.query.code | +| module.js:11:17:11:30 | req.query.code | semmle.label | req.query.code | +| react-native.js:7:7:7:33 | tainted | semmle.label | tainted | +| react-native.js:7:17:7:33 | req.param("code") | semmle.label | req.param("code") | +| react-native.js:8:32:8:38 | tainted | semmle.label | tainted | +| react-native.js:10:23:10:29 | tainted | semmle.label | tainted | +| react.js:10:56:10:77 | documen ... on.hash | semmle.label | documen ... on.hash | +| template-sinks.js:18:9:18:31 | tainted | semmle.label | tainted | +| template-sinks.js:18:19:18:31 | req.query.foo | semmle.label | req.query.foo | +| template-sinks.js:20:17:20:23 | tainted | semmle.label | tainted | +| template-sinks.js:21:16:21:22 | tainted | semmle.label | tainted | +| template-sinks.js:22:18:22:24 | tainted | semmle.label | tainted | +| template-sinks.js:23:17:23:23 | tainted | semmle.label | tainted | +| template-sinks.js:24:18:24:24 | tainted | semmle.label | tainted | +| template-sinks.js:25:16:25:22 | tainted | semmle.label | tainted | +| template-sinks.js:26:27:26:33 | tainted | semmle.label | tainted | +| template-sinks.js:27:21:27:27 | tainted | semmle.label | tainted | +| template-sinks.js:28:17:28:23 | tainted | semmle.label | tainted | +| template-sinks.js:29:24:29:30 | tainted | semmle.label | tainted | +| template-sinks.js:30:21:30:27 | tainted | semmle.label | tainted | +| template-sinks.js:31:19:31:25 | tainted | semmle.label | tainted | +| template-sinks.js:32:16:32:22 | tainted | semmle.label | tainted | +| template-sinks.js:33:17:33:23 | tainted | semmle.label | tainted | +| tst.js:2:6:2:27 | documen ... on.href | semmle.label | documen ... on.href | +| tst.js:2:6:2:83 | documen ... t=")+8) | semmle.label | documen ... t=")+8) | +| tst.js:5:12:5:33 | documen ... on.hash | semmle.label | documen ... on.hash | +| tst.js:14:10:14:33 | documen ... .search | semmle.label | documen ... .search | +| tst.js:14:10:14:74 | documen ... , "$1") | semmle.label | documen ... , "$1") | +| tst.js:17:21:17:42 | documen ... on.hash | semmle.label | documen ... on.hash | +| tst.js:20:30:20:51 | documen ... on.hash | semmle.label | documen ... on.hash | +| tst.js:23:6:23:46 | atob(do ... ing(1)) | semmle.label | atob(do ... ing(1)) | +| tst.js:23:11:23:32 | documen ... on.hash | semmle.label | documen ... on.hash | +| tst.js:23:11:23:45 | documen ... ring(1) | semmle.label | documen ... ring(1) | +| tst.js:26:26:26:40 | location.search | semmle.label | location.search | +| tst.js:26:26:26:53 | locatio ... ring(1) | semmle.label | locatio ... ring(1) | +| tst.js:29:9:29:82 | source | semmle.label | source | +| tst.js:29:18:29:41 | documen ... .search | semmle.label | documen ... .search | +| tst.js:29:18:29:82 | documen ... , "$1") | semmle.label | documen ... , "$1") | +| tst.js:31:18:31:23 | source | semmle.label | source | +| tst.js:33:14:33:19 | source | semmle.label | source | +| tst.js:35:28:35:33 | source | semmle.label | source | +| tst.js:37:33:37:38 | source | semmle.label | source | +| webix/webix.html:3:16:3:37 | documen ... on.hash | semmle.label | documen ... on.hash | +| webix/webix.html:4:26:4:47 | documen ... on.hash | semmle.label | documen ... on.hash | +| webix/webix.html:5:47:5:68 | documen ... on.hash | semmle.label | documen ... on.hash | +| webix/webix.js:3:12:3:33 | documen ... on.hash | semmle.label | documen ... on.hash | +| webix/webix.js:4:22:4:43 | documen ... on.hash | semmle.label | documen ... on.hash | +| webix/webix.js:5:43:5:64 | documen ... on.hash | semmle.label | documen ... on.hash | +subpaths #select | eslint-escope-build.js:21:16:21:16 | c | eslint-escope-build.js:20:22:20:22 | c | eslint-escope-build.js:21:16:21:16 | c | $@ flows to here and is interpreted as code. | eslint-escope-build.js:20:22:20:22 | c | User-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.ql b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.ql index 2e5a95533f1d..da6b4f631a9e 100644 --- a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.ql +++ b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/HeuristicSourceCodeInjection.ql @@ -1,9 +1,9 @@ import javascript import semmle.javascript.heuristics.AdditionalSources import semmle.javascript.security.dataflow.CodeInjectionQuery -import DataFlow::PathGraph +import CodeInjectionFlow::PathGraph -from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink -where cfg.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource +from CodeInjectionFlow::PathNode source, CodeInjectionFlow::PathNode sink +where CodeInjectionFlow::flowPath(source, sink) and source.getNode() instanceof HeuristicSource select sink.getNode(), source, sink, "$@ flows to here and is interpreted as code.", source.getNode(), "User-provided value" diff --git a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/ImproperCodeSanitization.expected b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/ImproperCodeSanitization.expected index 0ab2f14e556a..6e8db0460973 100644 --- a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/ImproperCodeSanitization.expected +++ b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/ImproperCodeSanitization.expected @@ -1,69 +1,34 @@ -nodes -| bad-code-sanitization.js:2:12:2:90 | /^[_$a- ... key)}]` | -| bad-code-sanitization.js:2:65:2:90 | `[${JSO ... key)}]` | -| bad-code-sanitization.js:2:69:2:87 | JSON.stringify(key) | -| bad-code-sanitization.js:2:69:2:87 | JSON.stringify(key) | -| bad-code-sanitization.js:6:11:6:25 | statements | -| bad-code-sanitization.js:6:24:6:25 | [] | -| bad-code-sanitization.js:7:21:7:70 | `${name ... key])}` | -| bad-code-sanitization.js:7:31:7:43 | safeProp(key) | -| bad-code-sanitization.js:8:27:8:36 | statements | -| bad-code-sanitization.js:8:27:8:46 | statements.join(';') | -| bad-code-sanitization.js:8:27:8:46 | statements.join(';') | -| bad-code-sanitization.js:15:44:15:63 | htmlescape(pathname) | -| bad-code-sanitization.js:15:44:15:63 | htmlescape(pathname) | -| bad-code-sanitization.js:15:44:15:63 | htmlescape(pathname) | -| bad-code-sanitization.js:19:27:19:47 | JSON.st ... (input) | -| bad-code-sanitization.js:19:27:19:47 | JSON.st ... (input) | -| bad-code-sanitization.js:19:27:19:47 | JSON.st ... (input) | -| bad-code-sanitization.js:31:30:31:50 | JSON.st ... (input) | -| bad-code-sanitization.js:31:30:31:50 | JSON.st ... (input) | -| bad-code-sanitization.js:31:30:31:50 | JSON.st ... (input) | -| bad-code-sanitization.js:40:23:40:43 | JSON.st ... (input) | -| bad-code-sanitization.js:40:23:40:43 | JSON.st ... (input) | -| bad-code-sanitization.js:40:23:40:43 | JSON.st ... (input) | -| bad-code-sanitization.js:44:22:44:42 | JSON.st ... (input) | -| bad-code-sanitization.js:44:22:44:42 | JSON.st ... (input) | -| bad-code-sanitization.js:44:22:44:42 | JSON.st ... (input) | -| bad-code-sanitization.js:52:28:52:62 | JSON.st ... bble")) | -| bad-code-sanitization.js:52:28:52:62 | JSON.st ... bble")) | -| bad-code-sanitization.js:52:28:52:62 | JSON.st ... bble")) | -| bad-code-sanitization.js:54:29:54:63 | JSON.st ... bble")) | -| bad-code-sanitization.js:54:29:54:63 | JSON.st ... bble")) | -| bad-code-sanitization.js:54:29:54:63 | JSON.st ... bble")) | -| bad-code-sanitization.js:58:29:58:49 | JSON.st ... (taint) | -| bad-code-sanitization.js:58:29:58:49 | JSON.st ... (taint) | -| bad-code-sanitization.js:58:29:58:49 | JSON.st ... (taint) | -| bad-code-sanitization.js:63:11:63:55 | assignment | -| bad-code-sanitization.js:63:24:63:55 | `obj[${ ... )}]=42` | -| bad-code-sanitization.js:63:31:63:49 | JSON.stringify(key) | -| bad-code-sanitization.js:63:31:63:49 | JSON.stringify(key) | -| bad-code-sanitization.js:64:27:64:36 | assignment | -| bad-code-sanitization.js:64:27:64:36 | assignment | edges -| bad-code-sanitization.js:2:12:2:90 | /^[_$a- ... key)}]` | bad-code-sanitization.js:7:31:7:43 | safeProp(key) | -| bad-code-sanitization.js:2:65:2:90 | `[${JSO ... key)}]` | bad-code-sanitization.js:2:12:2:90 | /^[_$a- ... key)}]` | -| bad-code-sanitization.js:2:69:2:87 | JSON.stringify(key) | bad-code-sanitization.js:2:65:2:90 | `[${JSO ... key)}]` | -| bad-code-sanitization.js:2:69:2:87 | JSON.stringify(key) | bad-code-sanitization.js:2:65:2:90 | `[${JSO ... key)}]` | -| bad-code-sanitization.js:6:11:6:25 | statements | bad-code-sanitization.js:8:27:8:36 | statements | -| bad-code-sanitization.js:6:24:6:25 | [] | bad-code-sanitization.js:6:11:6:25 | statements | -| bad-code-sanitization.js:7:21:7:70 | `${name ... key])}` | bad-code-sanitization.js:6:24:6:25 | [] | -| bad-code-sanitization.js:7:31:7:43 | safeProp(key) | bad-code-sanitization.js:7:21:7:70 | `${name ... key])}` | -| bad-code-sanitization.js:8:27:8:36 | statements | bad-code-sanitization.js:8:27:8:46 | statements.join(';') | -| bad-code-sanitization.js:8:27:8:36 | statements | bad-code-sanitization.js:8:27:8:46 | statements.join(';') | -| bad-code-sanitization.js:15:44:15:63 | htmlescape(pathname) | bad-code-sanitization.js:15:44:15:63 | htmlescape(pathname) | -| bad-code-sanitization.js:19:27:19:47 | JSON.st ... (input) | bad-code-sanitization.js:19:27:19:47 | JSON.st ... (input) | -| bad-code-sanitization.js:31:30:31:50 | JSON.st ... (input) | bad-code-sanitization.js:31:30:31:50 | JSON.st ... (input) | -| bad-code-sanitization.js:40:23:40:43 | JSON.st ... (input) | bad-code-sanitization.js:40:23:40:43 | JSON.st ... (input) | -| bad-code-sanitization.js:44:22:44:42 | JSON.st ... (input) | bad-code-sanitization.js:44:22:44:42 | JSON.st ... (input) | -| bad-code-sanitization.js:52:28:52:62 | JSON.st ... bble")) | bad-code-sanitization.js:52:28:52:62 | JSON.st ... bble")) | -| bad-code-sanitization.js:54:29:54:63 | JSON.st ... bble")) | bad-code-sanitization.js:54:29:54:63 | JSON.st ... bble")) | -| bad-code-sanitization.js:58:29:58:49 | JSON.st ... (taint) | bad-code-sanitization.js:58:29:58:49 | JSON.st ... (taint) | -| bad-code-sanitization.js:63:11:63:55 | assignment | bad-code-sanitization.js:64:27:64:36 | assignment | -| bad-code-sanitization.js:63:11:63:55 | assignment | bad-code-sanitization.js:64:27:64:36 | assignment | -| bad-code-sanitization.js:63:24:63:55 | `obj[${ ... )}]=42` | bad-code-sanitization.js:63:11:63:55 | assignment | -| bad-code-sanitization.js:63:31:63:49 | JSON.stringify(key) | bad-code-sanitization.js:63:24:63:55 | `obj[${ ... )}]=42` | -| bad-code-sanitization.js:63:31:63:49 | JSON.stringify(key) | bad-code-sanitization.js:63:24:63:55 | `obj[${ ... )}]=42` | +| bad-code-sanitization.js:2:12:2:90 | /^[_$a- ... key)}]` | bad-code-sanitization.js:7:31:7:43 | safeProp(key) | provenance | | +| bad-code-sanitization.js:2:69:2:87 | JSON.stringify(key) | bad-code-sanitization.js:2:12:2:90 | /^[_$a- ... key)}]` | provenance | | +| bad-code-sanitization.js:6:11:6:25 | statements | bad-code-sanitization.js:8:27:8:36 | statements | provenance | | +| bad-code-sanitization.js:7:5:7:14 | [post update] statements | bad-code-sanitization.js:6:11:6:25 | statements | provenance | | +| bad-code-sanitization.js:7:21:7:70 | `${name ... key])}` | bad-code-sanitization.js:7:5:7:14 | [post update] statements | provenance | | +| bad-code-sanitization.js:7:31:7:43 | safeProp(key) | bad-code-sanitization.js:7:21:7:70 | `${name ... key])}` | provenance | | +| bad-code-sanitization.js:8:27:8:36 | statements | bad-code-sanitization.js:8:27:8:46 | statements.join(';') | provenance | | +| bad-code-sanitization.js:63:11:63:55 | assignment | bad-code-sanitization.js:64:27:64:36 | assignment | provenance | | +| bad-code-sanitization.js:63:31:63:49 | JSON.stringify(key) | bad-code-sanitization.js:63:11:63:55 | assignment | provenance | | +nodes +| bad-code-sanitization.js:2:12:2:90 | /^[_$a- ... key)}]` | semmle.label | /^[_$a- ... key)}]` | +| bad-code-sanitization.js:2:69:2:87 | JSON.stringify(key) | semmle.label | JSON.stringify(key) | +| bad-code-sanitization.js:6:11:6:25 | statements | semmle.label | statements | +| bad-code-sanitization.js:7:5:7:14 | [post update] statements | semmle.label | [post update] statements | +| bad-code-sanitization.js:7:21:7:70 | `${name ... key])}` | semmle.label | `${name ... key])}` | +| bad-code-sanitization.js:7:31:7:43 | safeProp(key) | semmle.label | safeProp(key) | +| bad-code-sanitization.js:8:27:8:36 | statements | semmle.label | statements | +| bad-code-sanitization.js:8:27:8:46 | statements.join(';') | semmle.label | statements.join(';') | +| bad-code-sanitization.js:15:44:15:63 | htmlescape(pathname) | semmle.label | htmlescape(pathname) | +| bad-code-sanitization.js:19:27:19:47 | JSON.st ... (input) | semmle.label | JSON.st ... (input) | +| bad-code-sanitization.js:31:30:31:50 | JSON.st ... (input) | semmle.label | JSON.st ... (input) | +| bad-code-sanitization.js:40:23:40:43 | JSON.st ... (input) | semmle.label | JSON.st ... (input) | +| bad-code-sanitization.js:44:22:44:42 | JSON.st ... (input) | semmle.label | JSON.st ... (input) | +| bad-code-sanitization.js:52:28:52:62 | JSON.st ... bble")) | semmle.label | JSON.st ... bble")) | +| bad-code-sanitization.js:54:29:54:63 | JSON.st ... bble")) | semmle.label | JSON.st ... bble")) | +| bad-code-sanitization.js:58:29:58:49 | JSON.st ... (taint) | semmle.label | JSON.st ... (taint) | +| bad-code-sanitization.js:63:11:63:55 | assignment | semmle.label | assignment | +| bad-code-sanitization.js:63:31:63:49 | JSON.stringify(key) | semmle.label | JSON.stringify(key) | +| bad-code-sanitization.js:64:27:64:36 | assignment | semmle.label | assignment | +subpaths #select | bad-code-sanitization.js:8:27:8:46 | statements.join(';') | bad-code-sanitization.js:2:69:2:87 | JSON.stringify(key) | bad-code-sanitization.js:8:27:8:46 | statements.join(';') | Code construction depends on an $@. | bad-code-sanitization.js:2:69:2:87 | JSON.stringify(key) | improperly sanitized value | | bad-code-sanitization.js:15:44:15:63 | htmlescape(pathname) | bad-code-sanitization.js:15:44:15:63 | htmlescape(pathname) | bad-code-sanitization.js:15:44:15:63 | htmlescape(pathname) | Code construction depends on an $@. | bad-code-sanitization.js:15:44:15:63 | htmlescape(pathname) | improperly sanitized value | diff --git a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/UnsafeCodeConstruction.expected b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/UnsafeCodeConstruction.expected index 725c600ecaa3..868f2a287441 100644 --- a/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/UnsafeCodeConstruction.expected +++ b/javascript/ql/test/query-tests/Security/CWE-094/CodeInjection/UnsafeCodeConstruction.expected @@ -1,127 +1,20 @@ -nodes -| lib/index.js:1:35:1:38 | data | -| lib/index.js:1:35:1:38 | data | -| lib/index.js:2:21:2:24 | data | -| lib/index.js:2:21:2:24 | data | -| lib/index.js:5:35:5:38 | name | -| lib/index.js:5:35:5:38 | name | -| lib/index.js:6:26:6:29 | name | -| lib/index.js:6:26:6:29 | name | -| lib/index.js:13:38:13:41 | data | -| lib/index.js:13:38:13:41 | data | -| lib/index.js:14:21:14:24 | data | -| lib/index.js:14:21:14:24 | data | -| lib/index.js:19:26:19:29 | data | -| lib/index.js:19:26:19:29 | data | -| lib/index.js:22:7:22:10 | data | -| lib/index.js:22:7:22:10 | data | -| lib/index.js:41:32:41:35 | opts | -| lib/index.js:41:32:41:35 | opts | -| lib/index.js:42:3:42:19 | opts | -| lib/index.js:42:10:42:13 | opts | -| lib/index.js:42:10:42:19 | opts \|\| {} | -| lib/index.js:44:21:44:24 | opts | -| lib/index.js:44:21:44:32 | opts.varName | -| lib/index.js:51:21:51:32 | opts.varName | -| lib/index.js:51:21:51:32 | opts.varName | -| lib/index.js:51:21:51:32 | opts.varName | -| lib/index.js:86:15:86:19 | taint | -| lib/index.js:86:15:86:19 | taint | -| lib/index.js:87:18:87:22 | taint | -| lib/index.js:89:36:89:40 | taint | -| lib/index.js:93:32:93:36 | taint | -| lib/index.js:98:30:98:34 | taint | -| lib/index.js:103:21:103:47 | this.op ... dOption | -| lib/index.js:103:21:103:47 | this.op ... dOption | -| lib/index.js:104:21:104:47 | this.op ... dOption | -| lib/index.js:104:21:104:47 | this.op ... dOption | -| lib/index.js:105:21:105:47 | this.op ... dOption | -| lib/index.js:105:21:105:47 | this.op ... dOption | -| lib/index.js:106:21:106:30 | this.taint | -| lib/index.js:106:21:106:30 | this.taint | -| lib/index.js:112:17:112:21 | taint | -| lib/index.js:112:17:112:21 | taint | -| lib/index.js:113:20:113:24 | taint | -| lib/index.js:115:38:115:42 | taint | -| lib/index.js:121:34:121:38 | taint | -| lib/index.js:129:32:129:36 | taint | -| lib/index.js:135:23:135:49 | this.op ... dOption | -| lib/index.js:135:23:135:49 | this.op ... dOption | -| lib/index.js:136:23:136:49 | this.op ... dOption | -| lib/index.js:136:23:136:49 | this.op ... dOption | -| lib/index.js:137:23:137:49 | this.op ... dOption | -| lib/index.js:137:23:137:49 | this.op ... dOption | -| lib/index.js:138:23:138:32 | this.taint | -| lib/index.js:138:23:138:32 | this.taint | edges -| lib/index.js:1:35:1:38 | data | lib/index.js:2:21:2:24 | data | -| lib/index.js:1:35:1:38 | data | lib/index.js:2:21:2:24 | data | -| lib/index.js:1:35:1:38 | data | lib/index.js:2:21:2:24 | data | -| lib/index.js:1:35:1:38 | data | lib/index.js:2:21:2:24 | data | -| lib/index.js:5:35:5:38 | name | lib/index.js:6:26:6:29 | name | -| lib/index.js:5:35:5:38 | name | lib/index.js:6:26:6:29 | name | -| lib/index.js:5:35:5:38 | name | lib/index.js:6:26:6:29 | name | -| lib/index.js:5:35:5:38 | name | lib/index.js:6:26:6:29 | name | -| lib/index.js:13:38:13:41 | data | lib/index.js:14:21:14:24 | data | -| lib/index.js:13:38:13:41 | data | lib/index.js:14:21:14:24 | data | -| lib/index.js:13:38:13:41 | data | lib/index.js:14:21:14:24 | data | -| lib/index.js:13:38:13:41 | data | lib/index.js:14:21:14:24 | data | -| lib/index.js:19:26:19:29 | data | lib/index.js:22:7:22:10 | data | -| lib/index.js:19:26:19:29 | data | lib/index.js:22:7:22:10 | data | -| lib/index.js:19:26:19:29 | data | lib/index.js:22:7:22:10 | data | -| lib/index.js:19:26:19:29 | data | lib/index.js:22:7:22:10 | data | -| lib/index.js:41:32:41:35 | opts | lib/index.js:42:10:42:13 | opts | -| lib/index.js:41:32:41:35 | opts | lib/index.js:42:10:42:13 | opts | -| lib/index.js:42:3:42:19 | opts | lib/index.js:44:21:44:24 | opts | -| lib/index.js:42:10:42:13 | opts | lib/index.js:42:10:42:19 | opts \|\| {} | -| lib/index.js:42:10:42:19 | opts \|\| {} | lib/index.js:42:3:42:19 | opts | -| lib/index.js:44:21:44:24 | opts | lib/index.js:44:21:44:32 | opts.varName | -| lib/index.js:44:21:44:32 | opts.varName | lib/index.js:51:21:51:32 | opts.varName | -| lib/index.js:44:21:44:32 | opts.varName | lib/index.js:51:21:51:32 | opts.varName | -| lib/index.js:44:21:44:32 | opts.varName | lib/index.js:51:21:51:32 | opts.varName | -| lib/index.js:86:15:86:19 | taint | lib/index.js:87:18:87:22 | taint | -| lib/index.js:86:15:86:19 | taint | lib/index.js:87:18:87:22 | taint | -| lib/index.js:86:15:86:19 | taint | lib/index.js:89:36:89:40 | taint | -| lib/index.js:86:15:86:19 | taint | lib/index.js:89:36:89:40 | taint | -| lib/index.js:86:15:86:19 | taint | lib/index.js:93:32:93:36 | taint | -| lib/index.js:86:15:86:19 | taint | lib/index.js:93:32:93:36 | taint | -| lib/index.js:86:15:86:19 | taint | lib/index.js:98:30:98:34 | taint | -| lib/index.js:86:15:86:19 | taint | lib/index.js:98:30:98:34 | taint | -| lib/index.js:87:18:87:22 | taint | lib/index.js:106:21:106:30 | this.taint | -| lib/index.js:87:18:87:22 | taint | lib/index.js:106:21:106:30 | this.taint | -| lib/index.js:89:36:89:40 | taint | lib/index.js:103:21:103:47 | this.op ... dOption | -| lib/index.js:89:36:89:40 | taint | lib/index.js:103:21:103:47 | this.op ... dOption | -| lib/index.js:93:32:93:36 | taint | lib/index.js:104:21:104:47 | this.op ... dOption | -| lib/index.js:93:32:93:36 | taint | lib/index.js:104:21:104:47 | this.op ... dOption | -| lib/index.js:98:30:98:34 | taint | lib/index.js:105:21:105:47 | this.op ... dOption | -| lib/index.js:98:30:98:34 | taint | lib/index.js:105:21:105:47 | this.op ... dOption | -| lib/index.js:112:17:112:21 | taint | lib/index.js:113:20:113:24 | taint | -| lib/index.js:112:17:112:21 | taint | lib/index.js:113:20:113:24 | taint | -| lib/index.js:112:17:112:21 | taint | lib/index.js:115:38:115:42 | taint | -| lib/index.js:112:17:112:21 | taint | lib/index.js:115:38:115:42 | taint | -| lib/index.js:112:17:112:21 | taint | lib/index.js:121:34:121:38 | taint | -| lib/index.js:112:17:112:21 | taint | lib/index.js:121:34:121:38 | taint | -| lib/index.js:112:17:112:21 | taint | lib/index.js:129:32:129:36 | taint | -| lib/index.js:112:17:112:21 | taint | lib/index.js:129:32:129:36 | taint | -| lib/index.js:113:20:113:24 | taint | lib/index.js:138:23:138:32 | this.taint | -| lib/index.js:113:20:113:24 | taint | lib/index.js:138:23:138:32 | this.taint | -| lib/index.js:115:38:115:42 | taint | lib/index.js:135:23:135:49 | this.op ... dOption | -| lib/index.js:115:38:115:42 | taint | lib/index.js:135:23:135:49 | this.op ... dOption | -| lib/index.js:121:34:121:38 | taint | lib/index.js:136:23:136:49 | this.op ... dOption | -| lib/index.js:121:34:121:38 | taint | lib/index.js:136:23:136:49 | this.op ... dOption | -| lib/index.js:129:32:129:36 | taint | lib/index.js:137:23:137:49 | this.op ... dOption | -| lib/index.js:129:32:129:36 | taint | lib/index.js:137:23:137:49 | this.op ... dOption | +| lib/index.js:1:35:1:38 | data | lib/index.js:2:21:2:24 | data | provenance | | +| lib/index.js:5:35:5:38 | name | lib/index.js:6:26:6:29 | name | provenance | | +| lib/index.js:13:38:13:41 | data | lib/index.js:14:21:14:24 | data | provenance | | +| lib/index.js:19:26:19:29 | data | lib/index.js:22:7:22:10 | data | provenance | | +nodes +| lib/index.js:1:35:1:38 | data | semmle.label | data | +| lib/index.js:2:21:2:24 | data | semmle.label | data | +| lib/index.js:5:35:5:38 | name | semmle.label | name | +| lib/index.js:6:26:6:29 | name | semmle.label | name | +| lib/index.js:13:38:13:41 | data | semmle.label | data | +| lib/index.js:14:21:14:24 | data | semmle.label | data | +| lib/index.js:19:26:19:29 | data | semmle.label | data | +| lib/index.js:22:7:22:10 | data | semmle.label | data | +subpaths #select | lib/index.js:2:21:2:24 | data | lib/index.js:1:35:1:38 | data | lib/index.js:2:21:2:24 | data | This string concatenation which depends on $@ is later $@. | lib/index.js:1:35:1:38 | data | library input | lib/index.js:2:15:2:30 | "(" + data + ")" | interpreted as code | | lib/index.js:6:26:6:29 | name | lib/index.js:5:35:5:38 | name | lib/index.js:6:26:6:29 | name | This string concatenation which depends on $@ is later $@. | lib/index.js:5:35:5:38 | name | library input | lib/index.js:6:17:6:29 | "obj." + name | interpreted as code | | lib/index.js:14:21:14:24 | data | lib/index.js:13:38:13:41 | data | lib/index.js:14:21:14:24 | data | This string concatenation which depends on $@ is later $@. | lib/index.js:13:38:13:41 | data | library input | lib/index.js:14:15:14:30 | "(" + data + ")" | interpreted as code | | lib/index.js:22:7:22:10 | data | lib/index.js:19:26:19:29 | data | lib/index.js:22:7:22:10 | data | This string concatenation which depends on $@ is later $@. | lib/index.js:19:26:19:29 | data | library input | lib/index.js:25:24:25:26 | str | interpreted as code | -| lib/index.js:51:21:51:32 | opts.varName | lib/index.js:41:32:41:35 | opts | lib/index.js:51:21:51:32 | opts.varName | This string concatenation which depends on $@ is later $@. | lib/index.js:41:32:41:35 | opts | library input | lib/index.js:51:10:51:52 | " var ... ing();" | interpreted as code | -| lib/index.js:103:21:103:47 | this.op ... dOption | lib/index.js:86:15:86:19 | taint | lib/index.js:103:21:103:47 | this.op ... dOption | This string concatenation which depends on $@ is later $@. | lib/index.js:86:15:86:19 | taint | library input | lib/index.js:103:10:103:67 | " var ... ing();" | interpreted as code | -| lib/index.js:104:21:104:47 | this.op ... dOption | lib/index.js:86:15:86:19 | taint | lib/index.js:104:21:104:47 | this.op ... dOption | This string concatenation which depends on $@ is later $@. | lib/index.js:86:15:86:19 | taint | library input | lib/index.js:104:10:104:67 | " var ... ing();" | interpreted as code | -| lib/index.js:105:21:105:47 | this.op ... dOption | lib/index.js:86:15:86:19 | taint | lib/index.js:105:21:105:47 | this.op ... dOption | This string concatenation which depends on $@ is later $@. | lib/index.js:86:15:86:19 | taint | library input | lib/index.js:105:10:105:67 | " var ... ing();" | interpreted as code | -| lib/index.js:106:21:106:30 | this.taint | lib/index.js:86:15:86:19 | taint | lib/index.js:106:21:106:30 | this.taint | This string concatenation which depends on $@ is later $@. | lib/index.js:86:15:86:19 | taint | library input | lib/index.js:106:10:106:50 | " var ... ing();" | interpreted as code | -| lib/index.js:135:23:135:49 | this.op ... dOption | lib/index.js:112:17:112:21 | taint | lib/index.js:135:23:135:49 | this.op ... dOption | This string concatenation which depends on $@ is later $@. | lib/index.js:112:17:112:21 | taint | library input | lib/index.js:135:12:135:69 | " var ... ing();" | interpreted as code | -| lib/index.js:136:23:136:49 | this.op ... dOption | lib/index.js:112:17:112:21 | taint | lib/index.js:136:23:136:49 | this.op ... dOption | This string concatenation which depends on $@ is later $@. | lib/index.js:112:17:112:21 | taint | library input | lib/index.js:136:12:136:69 | " var ... ing();" | interpreted as code | -| lib/index.js:137:23:137:49 | this.op ... dOption | lib/index.js:112:17:112:21 | taint | lib/index.js:137:23:137:49 | this.op ... dOption | This string concatenation which depends on $@ is later $@. | lib/index.js:112:17:112:21 | taint | library input | lib/index.js:137:12:137:69 | " var ... ing();" | interpreted as code | -| lib/index.js:138:23:138:32 | this.taint | lib/index.js:112:17:112:21 | taint | lib/index.js:138:23:138:32 | this.taint | This string concatenation which depends on $@ is later $@. | lib/index.js:112:17:112:21 | taint | library input | lib/index.js:138:12:138:52 | " var ... ing();" | interpreted as code | diff --git a/javascript/ql/test/query-tests/Security/CWE-094/UnsafeDynamicMethodAccess/UnsafeDynamicMethodAccess.expected b/javascript/ql/test/query-tests/Security/CWE-094/UnsafeDynamicMethodAccess/UnsafeDynamicMethodAccess.expected index 4005bd32dba3..8511b6bcaf69 100644 --- a/javascript/ql/test/query-tests/Security/CWE-094/UnsafeDynamicMethodAccess/UnsafeDynamicMethodAccess.expected +++ b/javascript/ql/test/query-tests/Security/CWE-094/UnsafeDynamicMethodAccess/UnsafeDynamicMethodAccess.expected @@ -1,76 +1,60 @@ -nodes -| example.js:9:37:9:38 | ev | -| example.js:9:37:9:38 | ev | -| example.js:10:9:10:37 | message | -| example.js:10:19:10:37 | JSON.parse(ev.data) | -| example.js:10:30:10:31 | ev | -| example.js:10:30:10:36 | ev.data | -| example.js:13:5:13:24 | window[message.name] | -| example.js:13:5:13:24 | window[message.name] | -| example.js:13:12:13:18 | message | -| example.js:13:12:13:23 | message.name | -| tst.js:3:37:3:38 | ev | -| tst.js:3:37:3:38 | ev | -| tst.js:4:9:4:37 | message | -| tst.js:4:19:4:37 | JSON.parse(ev.data) | -| tst.js:4:30:4:31 | ev | -| tst.js:4:30:4:36 | ev.data | -| tst.js:5:5:5:24 | window[message.name] | -| tst.js:5:5:5:24 | window[message.name] | -| tst.js:5:12:5:18 | message | -| tst.js:5:12:5:23 | message.name | -| tst.js:6:9:6:28 | window[message.name] | -| tst.js:6:9:6:28 | window[message.name] | -| tst.js:6:16:6:22 | message | -| tst.js:6:16:6:27 | message.name | -| tst.js:11:5:11:19 | f[message.name] | -| tst.js:11:5:11:19 | f[message.name] | -| tst.js:11:7:11:13 | message | -| tst.js:11:7:11:18 | message.name | -| tst.js:15:5:15:14 | window[ev] | -| tst.js:15:5:15:14 | window[ev] | -| tst.js:15:12:15:13 | ev | -| tst.js:21:5:21:29 | window[ ... e.name] | -| tst.js:21:5:21:29 | window[ ... e.name] | -| tst.js:21:12:21:28 | '' + message.name | -| tst.js:21:17:21:23 | message | -| tst.js:21:17:21:28 | message.name | edges -| example.js:9:37:9:38 | ev | example.js:10:30:10:31 | ev | -| example.js:9:37:9:38 | ev | example.js:10:30:10:31 | ev | -| example.js:10:9:10:37 | message | example.js:13:12:13:18 | message | -| example.js:10:19:10:37 | JSON.parse(ev.data) | example.js:10:9:10:37 | message | -| example.js:10:30:10:31 | ev | example.js:10:30:10:36 | ev.data | -| example.js:10:30:10:36 | ev.data | example.js:10:19:10:37 | JSON.parse(ev.data) | -| example.js:13:12:13:18 | message | example.js:13:12:13:23 | message.name | -| example.js:13:12:13:23 | message.name | example.js:13:5:13:24 | window[message.name] | -| example.js:13:12:13:23 | message.name | example.js:13:5:13:24 | window[message.name] | -| tst.js:3:37:3:38 | ev | tst.js:4:30:4:31 | ev | -| tst.js:3:37:3:38 | ev | tst.js:4:30:4:31 | ev | -| tst.js:3:37:3:38 | ev | tst.js:15:12:15:13 | ev | -| tst.js:3:37:3:38 | ev | tst.js:15:12:15:13 | ev | -| tst.js:4:9:4:37 | message | tst.js:5:12:5:18 | message | -| tst.js:4:9:4:37 | message | tst.js:6:16:6:22 | message | -| tst.js:4:9:4:37 | message | tst.js:11:7:11:13 | message | -| tst.js:4:9:4:37 | message | tst.js:21:17:21:23 | message | -| tst.js:4:19:4:37 | JSON.parse(ev.data) | tst.js:4:9:4:37 | message | -| tst.js:4:30:4:31 | ev | tst.js:4:30:4:36 | ev.data | -| tst.js:4:30:4:36 | ev.data | tst.js:4:19:4:37 | JSON.parse(ev.data) | -| tst.js:5:12:5:18 | message | tst.js:5:12:5:23 | message.name | -| tst.js:5:12:5:23 | message.name | tst.js:5:5:5:24 | window[message.name] | -| tst.js:5:12:5:23 | message.name | tst.js:5:5:5:24 | window[message.name] | -| tst.js:6:16:6:22 | message | tst.js:6:16:6:27 | message.name | -| tst.js:6:16:6:27 | message.name | tst.js:6:9:6:28 | window[message.name] | -| tst.js:6:16:6:27 | message.name | tst.js:6:9:6:28 | window[message.name] | -| tst.js:11:7:11:13 | message | tst.js:11:7:11:18 | message.name | -| tst.js:11:7:11:18 | message.name | tst.js:11:5:11:19 | f[message.name] | -| tst.js:11:7:11:18 | message.name | tst.js:11:5:11:19 | f[message.name] | -| tst.js:15:12:15:13 | ev | tst.js:15:5:15:14 | window[ev] | -| tst.js:15:12:15:13 | ev | tst.js:15:5:15:14 | window[ev] | -| tst.js:21:12:21:28 | '' + message.name | tst.js:21:5:21:29 | window[ ... e.name] | -| tst.js:21:12:21:28 | '' + message.name | tst.js:21:5:21:29 | window[ ... e.name] | -| tst.js:21:17:21:23 | message | tst.js:21:17:21:28 | message.name | -| tst.js:21:17:21:28 | message.name | tst.js:21:12:21:28 | '' + message.name | +| example.js:9:37:9:38 | ev | example.js:10:30:10:31 | ev | provenance | | +| example.js:10:9:10:37 | message | example.js:13:12:13:18 | message | provenance | | +| example.js:10:19:10:37 | JSON.parse(ev.data) | example.js:10:9:10:37 | message | provenance | | +| example.js:10:30:10:31 | ev | example.js:10:30:10:36 | ev.data | provenance | Config | +| example.js:10:30:10:36 | ev.data | example.js:10:19:10:37 | JSON.parse(ev.data) | provenance | Config | +| example.js:13:12:13:18 | message | example.js:13:12:13:23 | message.name | provenance | Config | +| example.js:13:12:13:23 | message.name | example.js:13:5:13:24 | window[message.name] | provenance | Config | +| tst.js:3:37:3:38 | ev | tst.js:4:30:4:31 | ev | provenance | | +| tst.js:3:37:3:38 | ev | tst.js:15:12:15:13 | ev | provenance | | +| tst.js:4:9:4:37 | message | tst.js:5:12:5:18 | message | provenance | | +| tst.js:4:9:4:37 | message | tst.js:6:16:6:22 | message | provenance | | +| tst.js:4:9:4:37 | message | tst.js:11:7:11:13 | message | provenance | | +| tst.js:4:9:4:37 | message | tst.js:21:17:21:23 | message | provenance | | +| tst.js:4:19:4:37 | JSON.parse(ev.data) | tst.js:4:9:4:37 | message | provenance | | +| tst.js:4:30:4:31 | ev | tst.js:4:30:4:36 | ev.data | provenance | Config | +| tst.js:4:30:4:36 | ev.data | tst.js:4:19:4:37 | JSON.parse(ev.data) | provenance | Config | +| tst.js:5:12:5:18 | message | tst.js:5:12:5:23 | message.name | provenance | Config | +| tst.js:5:12:5:23 | message.name | tst.js:5:5:5:24 | window[message.name] | provenance | Config | +| tst.js:6:16:6:22 | message | tst.js:6:16:6:27 | message.name | provenance | Config | +| tst.js:6:16:6:27 | message.name | tst.js:6:9:6:28 | window[message.name] | provenance | Config | +| tst.js:11:7:11:13 | message | tst.js:11:7:11:18 | message.name | provenance | Config | +| tst.js:11:7:11:18 | message.name | tst.js:11:5:11:19 | f[message.name] | provenance | Config | +| tst.js:15:12:15:13 | ev | tst.js:15:5:15:14 | window[ev] | provenance | Config | +| tst.js:21:12:21:28 | '' + message.name | tst.js:21:5:21:29 | window[ ... e.name] | provenance | Config | +| tst.js:21:17:21:23 | message | tst.js:21:17:21:28 | message.name | provenance | Config | +| tst.js:21:17:21:28 | message.name | tst.js:21:12:21:28 | '' + message.name | provenance | Config | +nodes +| example.js:9:37:9:38 | ev | semmle.label | ev | +| example.js:10:9:10:37 | message | semmle.label | message | +| example.js:10:19:10:37 | JSON.parse(ev.data) | semmle.label | JSON.parse(ev.data) | +| example.js:10:30:10:31 | ev | semmle.label | ev | +| example.js:10:30:10:36 | ev.data | semmle.label | ev.data | +| example.js:13:5:13:24 | window[message.name] | semmle.label | window[message.name] | +| example.js:13:12:13:18 | message | semmle.label | message | +| example.js:13:12:13:23 | message.name | semmle.label | message.name | +| tst.js:3:37:3:38 | ev | semmle.label | ev | +| tst.js:4:9:4:37 | message | semmle.label | message | +| tst.js:4:19:4:37 | JSON.parse(ev.data) | semmle.label | JSON.parse(ev.data) | +| tst.js:4:30:4:31 | ev | semmle.label | ev | +| tst.js:4:30:4:36 | ev.data | semmle.label | ev.data | +| tst.js:5:5:5:24 | window[message.name] | semmle.label | window[message.name] | +| tst.js:5:12:5:18 | message | semmle.label | message | +| tst.js:5:12:5:23 | message.name | semmle.label | message.name | +| tst.js:6:9:6:28 | window[message.name] | semmle.label | window[message.name] | +| tst.js:6:16:6:22 | message | semmle.label | message | +| tst.js:6:16:6:27 | message.name | semmle.label | message.name | +| tst.js:11:5:11:19 | f[message.name] | semmle.label | f[message.name] | +| tst.js:11:7:11:13 | message | semmle.label | message | +| tst.js:11:7:11:18 | message.name | semmle.label | message.name | +| tst.js:15:5:15:14 | window[ev] | semmle.label | window[ev] | +| tst.js:15:12:15:13 | ev | semmle.label | ev | +| tst.js:21:5:21:29 | window[ ... e.name] | semmle.label | window[ ... e.name] | +| tst.js:21:12:21:28 | '' + message.name | semmle.label | '' + message.name | +| tst.js:21:17:21:23 | message | semmle.label | message | +| tst.js:21:17:21:28 | message.name | semmle.label | message.name | +subpaths #select | example.js:13:5:13:24 | window[message.name] | example.js:9:37:9:38 | ev | example.js:13:5:13:24 | window[message.name] | This method is invoked using a $@, which may allow remote code execution. | example.js:9:37:9:38 | ev | user-controlled value | | tst.js:5:5:5:24 | window[message.name] | tst.js:3:37:3:38 | ev | tst.js:5:5:5:24 | window[message.name] | This method is invoked using a $@, which may allow remote code execution. | tst.js:3:37:3:38 | ev | user-controlled value | diff --git a/javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization/IncompleteHtmlAttributeSanitization.expected b/javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization/IncompleteHtmlAttributeSanitization.expected index 7c80b54be340..7af957d720a1 100644 --- a/javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization/IncompleteHtmlAttributeSanitization.expected +++ b/javascript/ql/test/query-tests/Security/CWE-116/IncompleteSanitization/IncompleteHtmlAttributeSanitization.expected @@ -1,64 +1,25 @@ nodes -| tst.js:243:9:243:31 | s().rep ... ]/g,'') | -| tst.js:243:9:243:31 | s().rep ... ]/g,'') | -| tst.js:243:9:243:31 | s().rep ... ]/g,'') | -| tst.js:244:9:244:33 | s().rep ... /g, '') | -| tst.js:244:9:244:33 | s().rep ... /g, '') | -| tst.js:244:9:244:33 | s().rep ... /g, '') | -| tst.js:249:9:249:33 | s().rep ... ]/g,'') | -| tst.js:249:9:249:33 | s().rep ... ]/g,'') | -| tst.js:249:9:249:33 | s().rep ... ]/g,'') | -| tst.js:250:9:250:33 | s().rep ... ]/g,'') | -| tst.js:250:9:250:33 | s().rep ... ]/g,'') | -| tst.js:250:9:250:33 | s().rep ... ]/g,'') | -| tst.js:253:21:253:45 | s().rep ... /g, '') | -| tst.js:253:21:253:45 | s().rep ... /g, '') | -| tst.js:253:21:253:45 | s().rep ... /g, '') | -| tst.js:254:32:254:56 | s().rep ... /g, '') | -| tst.js:254:32:254:56 | s().rep ... /g, '') | -| tst.js:254:32:254:56 | s().rep ... /g, '') | -| tst.js:270:61:270:85 | s().rep ... /g, '') | -| tst.js:270:61:270:85 | s().rep ... /g, '') | -| tst.js:270:61:270:85 | s().rep ... /g, '') | -| tst.js:274:6:274:94 | arr | -| tst.js:274:12:274:94 | s().val ... g , '') | -| tst.js:274:12:274:94 | s().val ... g , '') | -| tst.js:275:9:275:11 | arr | -| tst.js:275:9:275:21 | arr.join(" ") | -| tst.js:275:9:275:21 | arr.join(" ") | -| tst.js:300:10:300:33 | s().rep ... ]/g,'') | -| tst.js:300:10:300:33 | s().rep ... ]/g,'') | -| tst.js:300:10:300:33 | s().rep ... ]/g,'') | -| tst.js:301:10:301:32 | s().rep ... ]/g,'') | -| tst.js:301:10:301:32 | s().rep ... ]/g,'') | -| tst.js:301:10:301:32 | s().rep ... ]/g,'') | -| tst.js:302:10:302:34 | s().rep ... ]/g,'') | -| tst.js:302:10:302:34 | s().rep ... ]/g,'') | -| tst.js:302:10:302:34 | s().rep ... ]/g,'') | -| tst.js:303:10:303:34 | s().rep ... /g, '') | -| tst.js:303:10:303:34 | s().rep ... /g, '') | -| tst.js:303:10:303:34 | s().rep ... /g, '') | -| tst.js:309:10:318:3 | s().rep ... ;";\\n\\t}) | -| tst.js:309:10:318:3 | s().rep ... ;";\\n\\t}) | -| tst.js:309:10:318:3 | s().rep ... ;";\\n\\t}) | +| tst.js:243:9:243:31 | s().rep ... ]/g,'') | semmle.label | s().rep ... ]/g,'') | +| tst.js:244:9:244:33 | s().rep ... /g, '') | semmle.label | s().rep ... /g, '') | +| tst.js:249:9:249:33 | s().rep ... ]/g,'') | semmle.label | s().rep ... ]/g,'') | +| tst.js:250:9:250:33 | s().rep ... ]/g,'') | semmle.label | s().rep ... ]/g,'') | +| tst.js:253:21:253:45 | s().rep ... /g, '') | semmle.label | s().rep ... /g, '') | +| tst.js:254:32:254:56 | s().rep ... /g, '') | semmle.label | s().rep ... /g, '') | +| tst.js:270:61:270:85 | s().rep ... /g, '') | semmle.label | s().rep ... /g, '') | +| tst.js:274:6:274:94 | arr | semmle.label | arr | +| tst.js:274:12:274:94 | s().val ... g , '') | semmle.label | s().val ... g , '') | +| tst.js:275:9:275:11 | arr | semmle.label | arr | +| tst.js:275:9:275:21 | arr.join(" ") | semmle.label | arr.join(" ") | +| tst.js:300:10:300:33 | s().rep ... ]/g,'') | semmle.label | s().rep ... ]/g,'') | +| tst.js:301:10:301:32 | s().rep ... ]/g,'') | semmle.label | s().rep ... ]/g,'') | +| tst.js:302:10:302:34 | s().rep ... ]/g,'') | semmle.label | s().rep ... ]/g,'') | +| tst.js:303:10:303:34 | s().rep ... /g, '') | semmle.label | s().rep ... /g, '') | +| tst.js:309:10:318:3 | s().rep ... ;";\\n\\t}) | semmle.label | s().rep ... ;";\\n\\t}) | edges -| tst.js:243:9:243:31 | s().rep ... ]/g,'') | tst.js:243:9:243:31 | s().rep ... ]/g,'') | -| tst.js:244:9:244:33 | s().rep ... /g, '') | tst.js:244:9:244:33 | s().rep ... /g, '') | -| tst.js:249:9:249:33 | s().rep ... ]/g,'') | tst.js:249:9:249:33 | s().rep ... ]/g,'') | -| tst.js:250:9:250:33 | s().rep ... ]/g,'') | tst.js:250:9:250:33 | s().rep ... ]/g,'') | -| tst.js:253:21:253:45 | s().rep ... /g, '') | tst.js:253:21:253:45 | s().rep ... /g, '') | -| tst.js:254:32:254:56 | s().rep ... /g, '') | tst.js:254:32:254:56 | s().rep ... /g, '') | -| tst.js:270:61:270:85 | s().rep ... /g, '') | tst.js:270:61:270:85 | s().rep ... /g, '') | -| tst.js:274:6:274:94 | arr | tst.js:275:9:275:11 | arr | -| tst.js:274:12:274:94 | s().val ... g , '') | tst.js:274:6:274:94 | arr | -| tst.js:274:12:274:94 | s().val ... g , '') | tst.js:274:6:274:94 | arr | -| tst.js:275:9:275:11 | arr | tst.js:275:9:275:21 | arr.join(" ") | -| tst.js:275:9:275:11 | arr | tst.js:275:9:275:21 | arr.join(" ") | -| tst.js:300:10:300:33 | s().rep ... ]/g,'') | tst.js:300:10:300:33 | s().rep ... ]/g,'') | -| tst.js:301:10:301:32 | s().rep ... ]/g,'') | tst.js:301:10:301:32 | s().rep ... ]/g,'') | -| tst.js:302:10:302:34 | s().rep ... ]/g,'') | tst.js:302:10:302:34 | s().rep ... ]/g,'') | -| tst.js:303:10:303:34 | s().rep ... /g, '') | tst.js:303:10:303:34 | s().rep ... /g, '') | -| tst.js:309:10:318:3 | s().rep ... ;";\\n\\t}) | tst.js:309:10:318:3 | s().rep ... ;";\\n\\t}) | +| tst.js:274:6:274:94 | arr | tst.js:275:9:275:11 | arr | provenance | | +| tst.js:274:12:274:94 | s().val ... g , '') | tst.js:274:6:274:94 | arr | provenance | | +| tst.js:275:9:275:11 | arr | tst.js:275:9:275:21 | arr.join(" ") | provenance | | +subpaths #select | tst.js:243:9:243:31 | s().rep ... ]/g,'') | tst.js:243:9:243:31 | s().rep ... ]/g,'') | tst.js:243:9:243:31 | s().rep ... ]/g,'') | Cross-site scripting vulnerability as the output of $@ may contain double quotes when it reaches this attribute definition. | tst.js:243:9:243:31 | s().rep ... ]/g,'') | this final HTML sanitizer step | | tst.js:244:9:244:33 | s().rep ... /g, '') | tst.js:244:9:244:33 | s().rep ... /g, '') | tst.js:244:9:244:33 | s().rep ... /g, '') | Cross-site scripting vulnerability as the output of $@ may contain double quotes when it reaches this attribute definition. | tst.js:244:9:244:33 | s().rep ... /g, '') | this final HTML sanitizer step | diff --git a/javascript/ql/test/query-tests/Security/CWE-117/LogInjection.expected b/javascript/ql/test/query-tests/Security/CWE-117/LogInjection.expected index db473a17d2c3..12bbd7feea99 100644 --- a/javascript/ql/test/query-tests/Security/CWE-117/LogInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-117/LogInjection.expected @@ -1,191 +1,141 @@ -nodes -| logInjectionBad.js:19:9:19:36 | q | -| logInjectionBad.js:19:13:19:36 | url.par ... , true) | -| logInjectionBad.js:19:23:19:29 | req.url | -| logInjectionBad.js:19:23:19:29 | req.url | -| logInjectionBad.js:20:9:20:35 | username | -| logInjectionBad.js:20:20:20:20 | q | -| logInjectionBad.js:20:20:20:26 | q.query | -| logInjectionBad.js:20:20:20:35 | q.query.username | -| logInjectionBad.js:22:18:22:43 | `[INFO] ... rname}` | -| logInjectionBad.js:22:18:22:43 | `[INFO] ... rname}` | -| logInjectionBad.js:22:34:22:41 | username | -| logInjectionBad.js:23:37:23:44 | username | -| logInjectionBad.js:23:37:23:44 | username | -| logInjectionBad.js:24:35:24:42 | username | -| logInjectionBad.js:24:35:24:42 | username | -| logInjectionBad.js:25:36:25:43 | username | -| logInjectionBad.js:25:36:25:43 | username | -| logInjectionBad.js:28:9:28:32 | exceptional return of check_u ... ername) | -| logInjectionBad.js:28:24:28:31 | username | -| logInjectionBad.js:29:14:29:18 | error | -| logInjectionBad.js:30:23:30:49 | `[ERROR ... rror}"` | -| logInjectionBad.js:30:23:30:49 | `[ERROR ... rror}"` | -| logInjectionBad.js:30:42:30:46 | error | -| logInjectionBad.js:46:9:46:36 | q | -| logInjectionBad.js:46:13:46:36 | url.par ... , true) | -| logInjectionBad.js:46:23:46:29 | req.url | -| logInjectionBad.js:46:23:46:29 | req.url | -| logInjectionBad.js:47:9:47:35 | username | -| logInjectionBad.js:47:20:47:20 | q | -| logInjectionBad.js:47:20:47:26 | q.query | -| logInjectionBad.js:47:20:47:35 | q.query.username | -| logInjectionBad.js:49:18:49:54 | ansiCol ... ername) | -| logInjectionBad.js:49:18:49:54 | ansiCol ... ername) | -| logInjectionBad.js:49:46:49:53 | username | -| logInjectionBad.js:50:18:50:47 | colors. ... ername) | -| logInjectionBad.js:50:18:50:47 | colors. ... ername) | -| logInjectionBad.js:50:39:50:46 | username | -| logInjectionBad.js:51:18:51:61 | wrapAns ... e), 20) | -| logInjectionBad.js:51:18:51:61 | wrapAns ... e), 20) | -| logInjectionBad.js:51:27:51:56 | colors. ... ername) | -| logInjectionBad.js:51:48:51:55 | username | -| logInjectionBad.js:52:17:52:47 | underli ... name))) | -| logInjectionBad.js:52:17:52:47 | underli ... name))) | -| logInjectionBad.js:52:27:52:46 | bold(blue(username)) | -| logInjectionBad.js:52:32:52:45 | blue(username) | -| logInjectionBad.js:52:37:52:44 | username | -| logInjectionBad.js:53:17:53:76 | highlig ... true}) | -| logInjectionBad.js:53:17:53:76 | highlig ... true}) | -| logInjectionBad.js:53:27:53:34 | username | -| logInjectionBad.js:54:17:54:51 | clc.red ... ername) | -| logInjectionBad.js:54:17:54:51 | clc.red ... ername) | -| logInjectionBad.js:54:43:54:50 | username | -| logInjectionBad.js:55:17:55:65 | sliceAn ... 20, 30) | -| logInjectionBad.js:55:17:55:65 | sliceAn ... 20, 30) | -| logInjectionBad.js:55:27:55:56 | colors. ... ername) | -| logInjectionBad.js:55:48:55:55 | username | -| logInjectionBad.js:56:17:56:55 | kleur.b ... ername) | -| logInjectionBad.js:56:17:56:55 | kleur.b ... ername) | -| logInjectionBad.js:56:47:56:54 | username | -| logInjectionBad.js:57:17:57:48 | chalk.u ... ername) | -| logInjectionBad.js:57:17:57:48 | chalk.u ... ername) | -| logInjectionBad.js:57:40:57:47 | username | -| logInjectionBad.js:58:17:58:59 | stripAn ... rname)) | -| logInjectionBad.js:58:17:58:59 | stripAn ... rname)) | -| logInjectionBad.js:58:27:58:58 | chalk.u ... ername) | -| logInjectionBad.js:58:50:58:57 | username | -| logInjectionBad.js:63:9:63:36 | q | -| logInjectionBad.js:63:13:63:36 | url.par ... , true) | -| logInjectionBad.js:63:23:63:29 | req.url | -| logInjectionBad.js:63:23:63:29 | req.url | -| logInjectionBad.js:64:9:64:35 | username | -| logInjectionBad.js:64:20:64:20 | q | -| logInjectionBad.js:64:20:64:26 | q.query | -| logInjectionBad.js:64:20:64:35 | q.query.username | -| logInjectionBad.js:66:17:66:43 | prettyj ... ername) | -| logInjectionBad.js:66:17:66:43 | prettyj ... ername) | -| logInjectionBad.js:66:35:66:42 | username | -| logInjectionBad.js:72:9:72:36 | q | -| logInjectionBad.js:72:13:72:36 | url.par ... , true) | -| logInjectionBad.js:72:23:72:29 | req.url | -| logInjectionBad.js:72:23:72:29 | req.url | -| logInjectionBad.js:73:9:73:35 | username | -| logInjectionBad.js:73:20:73:20 | q | -| logInjectionBad.js:73:20:73:26 | q.query | -| logInjectionBad.js:73:20:73:35 | q.query.username | -| logInjectionBad.js:75:15:75:22 | username | -| logInjectionBad.js:75:15:75:22 | username | -| logInjectionBad.js:82:30:82:37 | username | -| logInjectionBad.js:82:30:82:37 | username | -| logInjectionBad.js:91:26:91:33 | username | -| logInjectionBad.js:91:26:91:33 | username | -| logInjectionBad.js:99:26:99:33 | username | -| logInjectionBad.js:99:26:99:33 | username | -| logInjectionBad.js:113:37:113:44 | username | -| logInjectionBad.js:113:37:113:44 | username | edges -| logInjectionBad.js:19:9:19:36 | q | logInjectionBad.js:20:20:20:20 | q | -| logInjectionBad.js:19:13:19:36 | url.par ... , true) | logInjectionBad.js:19:9:19:36 | q | -| logInjectionBad.js:19:23:19:29 | req.url | logInjectionBad.js:19:13:19:36 | url.par ... , true) | -| logInjectionBad.js:19:23:19:29 | req.url | logInjectionBad.js:19:13:19:36 | url.par ... , true) | -| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:22:34:22:41 | username | -| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:23:37:23:44 | username | -| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:23:37:23:44 | username | -| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:24:35:24:42 | username | -| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:24:35:24:42 | username | -| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:25:36:25:43 | username | -| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:25:36:25:43 | username | -| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:28:24:28:31 | username | -| logInjectionBad.js:20:20:20:20 | q | logInjectionBad.js:20:20:20:26 | q.query | -| logInjectionBad.js:20:20:20:26 | q.query | logInjectionBad.js:20:20:20:35 | q.query.username | -| logInjectionBad.js:20:20:20:35 | q.query.username | logInjectionBad.js:20:9:20:35 | username | -| logInjectionBad.js:22:34:22:41 | username | logInjectionBad.js:22:18:22:43 | `[INFO] ... rname}` | -| logInjectionBad.js:22:34:22:41 | username | logInjectionBad.js:22:18:22:43 | `[INFO] ... rname}` | -| logInjectionBad.js:28:9:28:32 | exceptional return of check_u ... ername) | logInjectionBad.js:29:14:29:18 | error | -| logInjectionBad.js:28:24:28:31 | username | logInjectionBad.js:28:9:28:32 | exceptional return of check_u ... ername) | -| logInjectionBad.js:29:14:29:18 | error | logInjectionBad.js:30:42:30:46 | error | -| logInjectionBad.js:30:42:30:46 | error | logInjectionBad.js:30:23:30:49 | `[ERROR ... rror}"` | -| logInjectionBad.js:30:42:30:46 | error | logInjectionBad.js:30:23:30:49 | `[ERROR ... rror}"` | -| logInjectionBad.js:46:9:46:36 | q | logInjectionBad.js:47:20:47:20 | q | -| logInjectionBad.js:46:13:46:36 | url.par ... , true) | logInjectionBad.js:46:9:46:36 | q | -| logInjectionBad.js:46:23:46:29 | req.url | logInjectionBad.js:46:13:46:36 | url.par ... , true) | -| logInjectionBad.js:46:23:46:29 | req.url | logInjectionBad.js:46:13:46:36 | url.par ... , true) | -| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:49:46:49:53 | username | -| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:50:39:50:46 | username | -| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:51:48:51:55 | username | -| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:52:37:52:44 | username | -| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:53:27:53:34 | username | -| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:54:43:54:50 | username | -| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:55:48:55:55 | username | -| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:56:47:56:54 | username | -| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:57:40:57:47 | username | -| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:58:50:58:57 | username | -| logInjectionBad.js:47:20:47:20 | q | logInjectionBad.js:47:20:47:26 | q.query | -| logInjectionBad.js:47:20:47:26 | q.query | logInjectionBad.js:47:20:47:35 | q.query.username | -| logInjectionBad.js:47:20:47:35 | q.query.username | logInjectionBad.js:47:9:47:35 | username | -| logInjectionBad.js:49:46:49:53 | username | logInjectionBad.js:49:18:49:54 | ansiCol ... ername) | -| logInjectionBad.js:49:46:49:53 | username | logInjectionBad.js:49:18:49:54 | ansiCol ... ername) | -| logInjectionBad.js:50:39:50:46 | username | logInjectionBad.js:50:18:50:47 | colors. ... ername) | -| logInjectionBad.js:50:39:50:46 | username | logInjectionBad.js:50:18:50:47 | colors. ... ername) | -| logInjectionBad.js:51:27:51:56 | colors. ... ername) | logInjectionBad.js:51:18:51:61 | wrapAns ... e), 20) | -| logInjectionBad.js:51:27:51:56 | colors. ... ername) | logInjectionBad.js:51:18:51:61 | wrapAns ... e), 20) | -| logInjectionBad.js:51:48:51:55 | username | logInjectionBad.js:51:27:51:56 | colors. ... ername) | -| logInjectionBad.js:52:27:52:46 | bold(blue(username)) | logInjectionBad.js:52:17:52:47 | underli ... name))) | -| logInjectionBad.js:52:27:52:46 | bold(blue(username)) | logInjectionBad.js:52:17:52:47 | underli ... name))) | -| logInjectionBad.js:52:32:52:45 | blue(username) | logInjectionBad.js:52:27:52:46 | bold(blue(username)) | -| logInjectionBad.js:52:37:52:44 | username | logInjectionBad.js:52:32:52:45 | blue(username) | -| logInjectionBad.js:53:27:53:34 | username | logInjectionBad.js:53:17:53:76 | highlig ... true}) | -| logInjectionBad.js:53:27:53:34 | username | logInjectionBad.js:53:17:53:76 | highlig ... true}) | -| logInjectionBad.js:54:43:54:50 | username | logInjectionBad.js:54:17:54:51 | clc.red ... ername) | -| logInjectionBad.js:54:43:54:50 | username | logInjectionBad.js:54:17:54:51 | clc.red ... ername) | -| logInjectionBad.js:55:27:55:56 | colors. ... ername) | logInjectionBad.js:55:17:55:65 | sliceAn ... 20, 30) | -| logInjectionBad.js:55:27:55:56 | colors. ... ername) | logInjectionBad.js:55:17:55:65 | sliceAn ... 20, 30) | -| logInjectionBad.js:55:48:55:55 | username | logInjectionBad.js:55:27:55:56 | colors. ... ername) | -| logInjectionBad.js:56:47:56:54 | username | logInjectionBad.js:56:17:56:55 | kleur.b ... ername) | -| logInjectionBad.js:56:47:56:54 | username | logInjectionBad.js:56:17:56:55 | kleur.b ... ername) | -| logInjectionBad.js:57:40:57:47 | username | logInjectionBad.js:57:17:57:48 | chalk.u ... ername) | -| logInjectionBad.js:57:40:57:47 | username | logInjectionBad.js:57:17:57:48 | chalk.u ... ername) | -| logInjectionBad.js:58:27:58:58 | chalk.u ... ername) | logInjectionBad.js:58:17:58:59 | stripAn ... rname)) | -| logInjectionBad.js:58:27:58:58 | chalk.u ... ername) | logInjectionBad.js:58:17:58:59 | stripAn ... rname)) | -| logInjectionBad.js:58:50:58:57 | username | logInjectionBad.js:58:27:58:58 | chalk.u ... ername) | -| logInjectionBad.js:63:9:63:36 | q | logInjectionBad.js:64:20:64:20 | q | -| logInjectionBad.js:63:13:63:36 | url.par ... , true) | logInjectionBad.js:63:9:63:36 | q | -| logInjectionBad.js:63:23:63:29 | req.url | logInjectionBad.js:63:13:63:36 | url.par ... , true) | -| logInjectionBad.js:63:23:63:29 | req.url | logInjectionBad.js:63:13:63:36 | url.par ... , true) | -| logInjectionBad.js:64:9:64:35 | username | logInjectionBad.js:66:35:66:42 | username | -| logInjectionBad.js:64:20:64:20 | q | logInjectionBad.js:64:20:64:26 | q.query | -| logInjectionBad.js:64:20:64:26 | q.query | logInjectionBad.js:64:20:64:35 | q.query.username | -| logInjectionBad.js:64:20:64:35 | q.query.username | logInjectionBad.js:64:9:64:35 | username | -| logInjectionBad.js:66:35:66:42 | username | logInjectionBad.js:66:17:66:43 | prettyj ... ername) | -| logInjectionBad.js:66:35:66:42 | username | logInjectionBad.js:66:17:66:43 | prettyj ... ername) | -| logInjectionBad.js:72:9:72:36 | q | logInjectionBad.js:73:20:73:20 | q | -| logInjectionBad.js:72:13:72:36 | url.par ... , true) | logInjectionBad.js:72:9:72:36 | q | -| logInjectionBad.js:72:23:72:29 | req.url | logInjectionBad.js:72:13:72:36 | url.par ... , true) | -| logInjectionBad.js:72:23:72:29 | req.url | logInjectionBad.js:72:13:72:36 | url.par ... , true) | -| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:75:15:75:22 | username | -| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:75:15:75:22 | username | -| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:82:30:82:37 | username | -| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:82:30:82:37 | username | -| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:91:26:91:33 | username | -| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:91:26:91:33 | username | -| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:99:26:99:33 | username | -| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:99:26:99:33 | username | -| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:113:37:113:44 | username | -| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:113:37:113:44 | username | -| logInjectionBad.js:73:20:73:20 | q | logInjectionBad.js:73:20:73:26 | q.query | -| logInjectionBad.js:73:20:73:26 | q.query | logInjectionBad.js:73:20:73:35 | q.query.username | -| logInjectionBad.js:73:20:73:35 | q.query.username | logInjectionBad.js:73:9:73:35 | username | +| logInjectionBad.js:7:25:7:32 | username | logInjectionBad.js:8:38:8:45 | username | provenance | | +| logInjectionBad.js:19:9:19:36 | q | logInjectionBad.js:20:20:20:20 | q | provenance | | +| logInjectionBad.js:19:13:19:36 | url.par ... , true) | logInjectionBad.js:19:9:19:36 | q | provenance | | +| logInjectionBad.js:19:23:19:29 | req.url | logInjectionBad.js:19:13:19:36 | url.par ... , true) | provenance | | +| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:22:34:22:41 | username | provenance | | +| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:23:37:23:44 | username | provenance | | +| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:24:35:24:42 | username | provenance | | +| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:25:36:25:43 | username | provenance | | +| logInjectionBad.js:20:9:20:35 | username | logInjectionBad.js:28:24:28:31 | username | provenance | | +| logInjectionBad.js:20:20:20:20 | q | logInjectionBad.js:20:9:20:35 | username | provenance | | +| logInjectionBad.js:22:34:22:41 | username | logInjectionBad.js:22:18:22:43 | `[INFO] ... rname}` | provenance | | +| logInjectionBad.js:28:9:28:32 | exceptional return of check_u ... ername) | logInjectionBad.js:29:14:29:18 | error | provenance | | +| logInjectionBad.js:28:24:28:31 | username | logInjectionBad.js:7:25:7:32 | username | provenance | | +| logInjectionBad.js:28:24:28:31 | username | logInjectionBad.js:28:9:28:32 | exceptional return of check_u ... ername) | provenance | | +| logInjectionBad.js:29:14:29:18 | error | logInjectionBad.js:30:42:30:46 | error | provenance | | +| logInjectionBad.js:30:42:30:46 | error | logInjectionBad.js:30:23:30:49 | `[ERROR ... rror}"` | provenance | | +| logInjectionBad.js:46:9:46:36 | q | logInjectionBad.js:47:20:47:20 | q | provenance | | +| logInjectionBad.js:46:13:46:36 | url.par ... , true) | logInjectionBad.js:46:9:46:36 | q | provenance | | +| logInjectionBad.js:46:23:46:29 | req.url | logInjectionBad.js:46:13:46:36 | url.par ... , true) | provenance | | +| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:49:46:49:53 | username | provenance | | +| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:50:39:50:46 | username | provenance | | +| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:51:48:51:55 | username | provenance | | +| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:52:37:52:44 | username | provenance | | +| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:53:27:53:34 | username | provenance | | +| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:54:43:54:50 | username | provenance | | +| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:55:48:55:55 | username | provenance | | +| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:56:47:56:54 | username | provenance | | +| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:57:40:57:47 | username | provenance | | +| logInjectionBad.js:47:9:47:35 | username | logInjectionBad.js:58:50:58:57 | username | provenance | | +| logInjectionBad.js:47:20:47:20 | q | logInjectionBad.js:47:9:47:35 | username | provenance | | +| logInjectionBad.js:49:46:49:53 | username | logInjectionBad.js:49:18:49:54 | ansiCol ... ername) | provenance | | +| logInjectionBad.js:50:39:50:46 | username | logInjectionBad.js:50:18:50:47 | colors. ... ername) | provenance | | +| logInjectionBad.js:51:27:51:56 | colors. ... ername) | logInjectionBad.js:51:18:51:61 | wrapAns ... e), 20) | provenance | | +| logInjectionBad.js:51:48:51:55 | username | logInjectionBad.js:51:27:51:56 | colors. ... ername) | provenance | | +| logInjectionBad.js:52:27:52:46 | bold(blue(username)) | logInjectionBad.js:52:17:52:47 | underli ... name))) | provenance | | +| logInjectionBad.js:52:32:52:45 | blue(username) | logInjectionBad.js:52:27:52:46 | bold(blue(username)) | provenance | | +| logInjectionBad.js:52:37:52:44 | username | logInjectionBad.js:52:32:52:45 | blue(username) | provenance | | +| logInjectionBad.js:53:27:53:34 | username | logInjectionBad.js:53:17:53:76 | highlig ... true}) | provenance | | +| logInjectionBad.js:54:43:54:50 | username | logInjectionBad.js:54:17:54:51 | clc.red ... ername) | provenance | | +| logInjectionBad.js:55:27:55:56 | colors. ... ername) | logInjectionBad.js:55:17:55:65 | sliceAn ... 20, 30) | provenance | | +| logInjectionBad.js:55:48:55:55 | username | logInjectionBad.js:55:27:55:56 | colors. ... ername) | provenance | | +| logInjectionBad.js:56:47:56:54 | username | logInjectionBad.js:56:17:56:55 | kleur.b ... ername) | provenance | | +| logInjectionBad.js:57:40:57:47 | username | logInjectionBad.js:57:17:57:48 | chalk.u ... ername) | provenance | | +| logInjectionBad.js:58:27:58:58 | chalk.u ... ername) | logInjectionBad.js:58:17:58:59 | stripAn ... rname)) | provenance | | +| logInjectionBad.js:58:50:58:57 | username | logInjectionBad.js:58:27:58:58 | chalk.u ... ername) | provenance | | +| logInjectionBad.js:63:9:63:36 | q | logInjectionBad.js:64:20:64:20 | q | provenance | | +| logInjectionBad.js:63:13:63:36 | url.par ... , true) | logInjectionBad.js:63:9:63:36 | q | provenance | | +| logInjectionBad.js:63:23:63:29 | req.url | logInjectionBad.js:63:13:63:36 | url.par ... , true) | provenance | | +| logInjectionBad.js:64:9:64:35 | username | logInjectionBad.js:66:35:66:42 | username | provenance | | +| logInjectionBad.js:64:20:64:20 | q | logInjectionBad.js:64:9:64:35 | username | provenance | | +| logInjectionBad.js:66:35:66:42 | username | logInjectionBad.js:66:17:66:43 | prettyj ... ername) | provenance | | +| logInjectionBad.js:72:9:72:36 | q | logInjectionBad.js:73:20:73:20 | q | provenance | | +| logInjectionBad.js:72:13:72:36 | url.par ... , true) | logInjectionBad.js:72:9:72:36 | q | provenance | | +| logInjectionBad.js:72:23:72:29 | req.url | logInjectionBad.js:72:13:72:36 | url.par ... , true) | provenance | | +| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:75:15:75:22 | username | provenance | | +| logInjectionBad.js:73:9:73:35 | username | logInjectionBad.js:75:15:75:22 | username | provenance | | +| logInjectionBad.js:73:20:73:20 | q | logInjectionBad.js:73:9:73:35 | username | provenance | | +| logInjectionBad.js:75:15:75:22 | username | logInjectionBad.js:77:5:85:5 | functio ... ;\\n } [username] | provenance | | +| logInjectionBad.js:75:15:75:22 | username | logInjectionBad.js:87:5:94:5 | functio ... ;\\n } [username] | provenance | | +| logInjectionBad.js:75:15:75:22 | username | logInjectionBad.js:96:5:103:5 | functio ... ;\\n } [username] | provenance | | +| logInjectionBad.js:75:15:75:22 | username | logInjectionBad.js:105:5:118:5 | functio ... ;\\n } [username] | provenance | | +| logInjectionBad.js:77:5:85:5 | functio ... ;\\n } [username] | logInjectionBad.js:82:30:82:37 | username | provenance | | +| logInjectionBad.js:87:5:94:5 | functio ... ;\\n } [username] | logInjectionBad.js:91:26:91:33 | username | provenance | | +| logInjectionBad.js:96:5:103:5 | functio ... ;\\n } [username] | logInjectionBad.js:99:26:99:33 | username | provenance | | +| logInjectionBad.js:105:5:118:5 | functio ... ;\\n } [username] | logInjectionBad.js:113:37:113:44 | username | provenance | | +nodes +| logInjectionBad.js:7:25:7:32 | username | semmle.label | username | +| logInjectionBad.js:8:38:8:45 | username | semmle.label | username | +| logInjectionBad.js:19:9:19:36 | q | semmle.label | q | +| logInjectionBad.js:19:13:19:36 | url.par ... , true) | semmle.label | url.par ... , true) | +| logInjectionBad.js:19:23:19:29 | req.url | semmle.label | req.url | +| logInjectionBad.js:20:9:20:35 | username | semmle.label | username | +| logInjectionBad.js:20:20:20:20 | q | semmle.label | q | +| logInjectionBad.js:22:18:22:43 | `[INFO] ... rname}` | semmle.label | `[INFO] ... rname}` | +| logInjectionBad.js:22:34:22:41 | username | semmle.label | username | +| logInjectionBad.js:23:37:23:44 | username | semmle.label | username | +| logInjectionBad.js:24:35:24:42 | username | semmle.label | username | +| logInjectionBad.js:25:36:25:43 | username | semmle.label | username | +| logInjectionBad.js:28:9:28:32 | exceptional return of check_u ... ername) | semmle.label | exceptional return of check_u ... ername) | +| logInjectionBad.js:28:24:28:31 | username | semmle.label | username | +| logInjectionBad.js:29:14:29:18 | error | semmle.label | error | +| logInjectionBad.js:30:23:30:49 | `[ERROR ... rror}"` | semmle.label | `[ERROR ... rror}"` | +| logInjectionBad.js:30:42:30:46 | error | semmle.label | error | +| logInjectionBad.js:46:9:46:36 | q | semmle.label | q | +| logInjectionBad.js:46:13:46:36 | url.par ... , true) | semmle.label | url.par ... , true) | +| logInjectionBad.js:46:23:46:29 | req.url | semmle.label | req.url | +| logInjectionBad.js:47:9:47:35 | username | semmle.label | username | +| logInjectionBad.js:47:20:47:20 | q | semmle.label | q | +| logInjectionBad.js:49:18:49:54 | ansiCol ... ername) | semmle.label | ansiCol ... ername) | +| logInjectionBad.js:49:46:49:53 | username | semmle.label | username | +| logInjectionBad.js:50:18:50:47 | colors. ... ername) | semmle.label | colors. ... ername) | +| logInjectionBad.js:50:39:50:46 | username | semmle.label | username | +| logInjectionBad.js:51:18:51:61 | wrapAns ... e), 20) | semmle.label | wrapAns ... e), 20) | +| logInjectionBad.js:51:27:51:56 | colors. ... ername) | semmle.label | colors. ... ername) | +| logInjectionBad.js:51:48:51:55 | username | semmle.label | username | +| logInjectionBad.js:52:17:52:47 | underli ... name))) | semmle.label | underli ... name))) | +| logInjectionBad.js:52:27:52:46 | bold(blue(username)) | semmle.label | bold(blue(username)) | +| logInjectionBad.js:52:32:52:45 | blue(username) | semmle.label | blue(username) | +| logInjectionBad.js:52:37:52:44 | username | semmle.label | username | +| logInjectionBad.js:53:17:53:76 | highlig ... true}) | semmle.label | highlig ... true}) | +| logInjectionBad.js:53:27:53:34 | username | semmle.label | username | +| logInjectionBad.js:54:17:54:51 | clc.red ... ername) | semmle.label | clc.red ... ername) | +| logInjectionBad.js:54:43:54:50 | username | semmle.label | username | +| logInjectionBad.js:55:17:55:65 | sliceAn ... 20, 30) | semmle.label | sliceAn ... 20, 30) | +| logInjectionBad.js:55:27:55:56 | colors. ... ername) | semmle.label | colors. ... ername) | +| logInjectionBad.js:55:48:55:55 | username | semmle.label | username | +| logInjectionBad.js:56:17:56:55 | kleur.b ... ername) | semmle.label | kleur.b ... ername) | +| logInjectionBad.js:56:47:56:54 | username | semmle.label | username | +| logInjectionBad.js:57:17:57:48 | chalk.u ... ername) | semmle.label | chalk.u ... ername) | +| logInjectionBad.js:57:40:57:47 | username | semmle.label | username | +| logInjectionBad.js:58:17:58:59 | stripAn ... rname)) | semmle.label | stripAn ... rname)) | +| logInjectionBad.js:58:27:58:58 | chalk.u ... ername) | semmle.label | chalk.u ... ername) | +| logInjectionBad.js:58:50:58:57 | username | semmle.label | username | +| logInjectionBad.js:63:9:63:36 | q | semmle.label | q | +| logInjectionBad.js:63:13:63:36 | url.par ... , true) | semmle.label | url.par ... , true) | +| logInjectionBad.js:63:23:63:29 | req.url | semmle.label | req.url | +| logInjectionBad.js:64:9:64:35 | username | semmle.label | username | +| logInjectionBad.js:64:20:64:20 | q | semmle.label | q | +| logInjectionBad.js:66:17:66:43 | prettyj ... ername) | semmle.label | prettyj ... ername) | +| logInjectionBad.js:66:35:66:42 | username | semmle.label | username | +| logInjectionBad.js:72:9:72:36 | q | semmle.label | q | +| logInjectionBad.js:72:13:72:36 | url.par ... , true) | semmle.label | url.par ... , true) | +| logInjectionBad.js:72:23:72:29 | req.url | semmle.label | req.url | +| logInjectionBad.js:73:9:73:35 | username | semmle.label | username | +| logInjectionBad.js:73:20:73:20 | q | semmle.label | q | +| logInjectionBad.js:75:15:75:22 | username | semmle.label | username | +| logInjectionBad.js:75:15:75:22 | username | semmle.label | username | +| logInjectionBad.js:77:5:85:5 | functio ... ;\\n } [username] | semmle.label | functio ... ;\\n } [username] | +| logInjectionBad.js:82:30:82:37 | username | semmle.label | username | +| logInjectionBad.js:87:5:94:5 | functio ... ;\\n } [username] | semmle.label | functio ... ;\\n } [username] | +| logInjectionBad.js:91:26:91:33 | username | semmle.label | username | +| logInjectionBad.js:96:5:103:5 | functio ... ;\\n } [username] | semmle.label | functio ... ;\\n } [username] | +| logInjectionBad.js:99:26:99:33 | username | semmle.label | username | +| logInjectionBad.js:105:5:118:5 | functio ... ;\\n } [username] | semmle.label | functio ... ;\\n } [username] | +| logInjectionBad.js:113:37:113:44 | username | semmle.label | username | +subpaths +| logInjectionBad.js:28:24:28:31 | username | logInjectionBad.js:7:25:7:32 | username | logInjectionBad.js:8:38:8:45 | username | logInjectionBad.js:28:9:28:32 | exceptional return of check_u ... ername) | #select | logInjectionBad.js:22:18:22:43 | `[INFO] ... rname}` | logInjectionBad.js:19:23:19:29 | req.url | logInjectionBad.js:22:18:22:43 | `[INFO] ... rname}` | Log entry depends on a $@. | logInjectionBad.js:19:23:19:29 | req.url | user-provided value | | logInjectionBad.js:23:37:23:44 | username | logInjectionBad.js:19:23:19:29 | req.url | logInjectionBad.js:23:37:23:44 | username | Log entry depends on a $@. | logInjectionBad.js:19:23:19:29 | req.url | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-134/TaintedFormatString.expected b/javascript/ql/test/query-tests/Security/CWE-134/TaintedFormatString.expected index 856b4edf80a7..8a3688cad56c 100644 --- a/javascript/ql/test/query-tests/Security/CWE-134/TaintedFormatString.expected +++ b/javascript/ql/test/query-tests/Security/CWE-134/TaintedFormatString.expected @@ -1,85 +1,26 @@ -nodes -| tst.js:5:15:5:30 | req.query.format | -| tst.js:5:15:5:30 | req.query.format | -| tst.js:5:15:5:30 | req.query.format | -| tst.js:6:26:6:41 | req.query.format | -| tst.js:6:26:6:41 | req.query.format | -| tst.js:6:26:6:41 | req.query.format | -| tst.js:7:15:7:30 | req.query.format | -| tst.js:7:15:7:30 | req.query.format | -| tst.js:7:15:7:30 | req.query.format | -| tst.js:8:17:8:32 | req.query.format | -| tst.js:8:17:8:32 | req.query.format | -| tst.js:8:17:8:32 | req.query.format | -| tst.js:9:16:9:31 | req.query.format | -| tst.js:9:16:9:31 | req.query.format | -| tst.js:9:16:9:31 | req.query.format | -| tst.js:10:12:10:27 | req.query.format | -| tst.js:10:12:10:27 | req.query.format | -| tst.js:10:12:10:27 | req.query.format | -| tst.js:11:32:11:47 | req.query.format | -| tst.js:11:32:11:47 | req.query.format | -| tst.js:11:32:11:47 | req.query.format | -| tst.js:12:21:12:36 | req.query.format | -| tst.js:12:21:12:36 | req.query.format | -| tst.js:12:21:12:36 | req.query.format | -| tst.js:13:35:13:50 | req.query.format | -| tst.js:13:35:13:50 | req.query.format | -| tst.js:13:35:13:50 | req.query.format | -| tst.js:14:29:14:44 | req.query.format | -| tst.js:14:29:14:44 | req.query.format | -| tst.js:14:29:14:44 | req.query.format | -| tst.js:15:30:15:45 | req.query.format | -| tst.js:15:30:15:45 | req.query.format | -| tst.js:15:30:15:45 | req.query.format | -| tst.js:16:26:16:41 | req.query.format | -| tst.js:16:26:16:41 | req.query.format | -| tst.js:16:26:16:41 | req.query.format | -| tst.js:17:30:17:45 | req.query.format | -| tst.js:17:30:17:45 | req.query.format | -| tst.js:17:30:17:45 | req.query.format | -| tst.js:18:38:18:53 | req.query.format | -| tst.js:18:38:18:53 | req.query.format | -| tst.js:18:38:18:53 | req.query.format | -| tst.js:20:17:20:32 | req.query.format | -| tst.js:20:17:20:32 | req.query.format | -| tst.js:20:17:20:32 | req.query.format | -| tst.js:21:16:21:31 | req.query.format | -| tst.js:21:16:21:31 | req.query.format | -| tst.js:21:16:21:31 | req.query.format | -| tst.js:22:17:22:32 | req.query.format | -| tst.js:22:17:22:32 | req.query.format | -| tst.js:22:17:22:32 | req.query.format | -| tst.js:24:25:24:40 | req.query.format | -| tst.js:24:25:24:40 | req.query.format | -| tst.js:24:25:24:40 | req.query.format | -| tst.js:25:33:25:48 | req.query.format | -| tst.js:25:33:25:48 | req.query.format | -| tst.js:25:33:25:48 | req.query.format | -| tst.js:26:34:26:49 | req.query.format | -| tst.js:26:34:26:49 | req.query.format | -| tst.js:26:34:26:49 | req.query.format | edges -| tst.js:5:15:5:30 | req.query.format | tst.js:5:15:5:30 | req.query.format | -| tst.js:6:26:6:41 | req.query.format | tst.js:6:26:6:41 | req.query.format | -| tst.js:7:15:7:30 | req.query.format | tst.js:7:15:7:30 | req.query.format | -| tst.js:8:17:8:32 | req.query.format | tst.js:8:17:8:32 | req.query.format | -| tst.js:9:16:9:31 | req.query.format | tst.js:9:16:9:31 | req.query.format | -| tst.js:10:12:10:27 | req.query.format | tst.js:10:12:10:27 | req.query.format | -| tst.js:11:32:11:47 | req.query.format | tst.js:11:32:11:47 | req.query.format | -| tst.js:12:21:12:36 | req.query.format | tst.js:12:21:12:36 | req.query.format | -| tst.js:13:35:13:50 | req.query.format | tst.js:13:35:13:50 | req.query.format | -| tst.js:14:29:14:44 | req.query.format | tst.js:14:29:14:44 | req.query.format | -| tst.js:15:30:15:45 | req.query.format | tst.js:15:30:15:45 | req.query.format | -| tst.js:16:26:16:41 | req.query.format | tst.js:16:26:16:41 | req.query.format | -| tst.js:17:30:17:45 | req.query.format | tst.js:17:30:17:45 | req.query.format | -| tst.js:18:38:18:53 | req.query.format | tst.js:18:38:18:53 | req.query.format | -| tst.js:20:17:20:32 | req.query.format | tst.js:20:17:20:32 | req.query.format | -| tst.js:21:16:21:31 | req.query.format | tst.js:21:16:21:31 | req.query.format | -| tst.js:22:17:22:32 | req.query.format | tst.js:22:17:22:32 | req.query.format | -| tst.js:24:25:24:40 | req.query.format | tst.js:24:25:24:40 | req.query.format | -| tst.js:25:33:25:48 | req.query.format | tst.js:25:33:25:48 | req.query.format | -| tst.js:26:34:26:49 | req.query.format | tst.js:26:34:26:49 | req.query.format | +nodes +| tst.js:5:15:5:30 | req.query.format | semmle.label | req.query.format | +| tst.js:6:26:6:41 | req.query.format | semmle.label | req.query.format | +| tst.js:7:15:7:30 | req.query.format | semmle.label | req.query.format | +| tst.js:8:17:8:32 | req.query.format | semmle.label | req.query.format | +| tst.js:9:16:9:31 | req.query.format | semmle.label | req.query.format | +| tst.js:10:12:10:27 | req.query.format | semmle.label | req.query.format | +| tst.js:11:32:11:47 | req.query.format | semmle.label | req.query.format | +| tst.js:12:21:12:36 | req.query.format | semmle.label | req.query.format | +| tst.js:13:35:13:50 | req.query.format | semmle.label | req.query.format | +| tst.js:14:29:14:44 | req.query.format | semmle.label | req.query.format | +| tst.js:15:30:15:45 | req.query.format | semmle.label | req.query.format | +| tst.js:16:26:16:41 | req.query.format | semmle.label | req.query.format | +| tst.js:17:30:17:45 | req.query.format | semmle.label | req.query.format | +| tst.js:18:38:18:53 | req.query.format | semmle.label | req.query.format | +| tst.js:20:17:20:32 | req.query.format | semmle.label | req.query.format | +| tst.js:21:16:21:31 | req.query.format | semmle.label | req.query.format | +| tst.js:22:17:22:32 | req.query.format | semmle.label | req.query.format | +| tst.js:24:25:24:40 | req.query.format | semmle.label | req.query.format | +| tst.js:25:33:25:48 | req.query.format | semmle.label | req.query.format | +| tst.js:26:34:26:49 | req.query.format | semmle.label | req.query.format | +subpaths #select | tst.js:5:15:5:30 | req.query.format | tst.js:5:15:5:30 | req.query.format | tst.js:5:15:5:30 | req.query.format | Format string depends on a $@. | tst.js:5:15:5:30 | req.query.format | user-provided value | | tst.js:6:26:6:41 | req.query.format | tst.js:6:26:6:41 | req.query.format | tst.js:6:26:6:41 | req.query.format | Format string depends on a $@. | tst.js:6:26:6:41 | req.query.format | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-200/FileAccessToHttp.expected b/javascript/ql/test/query-tests/Security/CWE-200/FileAccessToHttp.expected index a38e0d41942a..c53df2b9abd3 100644 --- a/javascript/ql/test/query-tests/Security/CWE-200/FileAccessToHttp.expected +++ b/javascript/ql/test/query-tests/Security/CWE-200/FileAccessToHttp.expected @@ -1,143 +1,109 @@ -nodes -| FileAccessToHttp.js:4:5:4:47 | content | -| FileAccessToHttp.js:4:15:4:47 | fs.read ... "utf8") | -| FileAccessToHttp.js:4:15:4:47 | fs.read ... "utf8") | -| FileAccessToHttp.js:5:11:10:1 | {\\n hos ... ent }\\n} | -| FileAccessToHttp.js:5:11:10:1 | {\\n hos ... ent }\\n} | -| FileAccessToHttp.js:9:12:9:31 | { Referer: content } | -| FileAccessToHttp.js:9:23:9:29 | content | -| bufferRead.js:12:13:12:43 | buffer | -| bufferRead.js:12:22:12:43 | new Buf ... s.size) | -| bufferRead.js:12:22:12:43 | new Buf ... s.size) | -| bufferRead.js:15:15:15:62 | postData | -| bufferRead.js:15:26:15:31 | buffer | -| bufferRead.js:15:26:15:62 | buffer. ... esRead) | -| bufferRead.js:33:21:33:28 | postData | -| bufferRead.js:33:21:33:28 | postData | -| googlecompiler.js:7:19:7:28 | codestring | -| googlecompiler.js:9:7:15:4 | post_data | -| googlecompiler.js:9:19:15:4 | queryst ... dy\\n }) | -| googlecompiler.js:9:41:15:3 | {\\n ... ody\\n } | -| googlecompiler.js:14:21:14:30 | codestring | -| googlecompiler.js:38:18:38:26 | post_data | -| googlecompiler.js:38:18:38:26 | post_data | -| googlecompiler.js:44:54:44:57 | data | -| googlecompiler.js:44:54:44:57 | data | -| googlecompiler.js:56:14:56:17 | data | -| readFileSync.js:5:5:5:39 | data | -| readFileSync.js:5:12:5:39 | fs.read ... t.txt") | -| readFileSync.js:5:12:5:39 | fs.read ... t.txt") | -| readFileSync.js:7:7:7:25 | s | -| readFileSync.js:7:11:7:14 | data | -| readFileSync.js:7:11:7:25 | data.toString() | -| readFileSync.js:26:18:26:18 | s | -| readFileSync.js:26:18:26:18 | s | -| readStreamRead.js:13:13:13:35 | chunk | -| readStreamRead.js:13:21:13:35 | readable.read() | -| readStreamRead.js:13:21:13:35 | readable.read() | -| readStreamRead.js:30:19:30:23 | chunk | -| readStreamRead.js:30:19:30:23 | chunk | -| request.js:6:19:6:26 | jsonData | -| request.js:8:11:8:20 | {jsonData} | -| request.js:8:11:8:20 | {jsonData} | -| request.js:8:12:8:19 | jsonData | -| request.js:13:18:13:24 | xmlData | -| request.js:16:11:23:3 | {\\n u ... ody\\n } | -| request.js:16:11:23:3 | {\\n u ... ody\\n } | -| request.js:22:11:22:17 | xmlData | -| request.js:28:52:28:55 | data | -| request.js:28:52:28:55 | data | -| request.js:35:14:35:17 | data | -| request.js:43:51:43:54 | data | -| request.js:43:51:43:54 | data | -| request.js:50:13:50:16 | data | -| sentAsHeaders.js:10:79:10:84 | buffer | -| sentAsHeaders.js:10:79:10:84 | buffer | -| sentAsHeaders.js:11:13:11:59 | content | -| sentAsHeaders.js:11:23:11:28 | buffer | -| sentAsHeaders.js:11:23:11:59 | buffer. ... esRead) | -| sentAsHeaders.js:12:9:12:81 | content | -| sentAsHeaders.js:12:19:12:25 | content | -| sentAsHeaders.js:12:19:12:74 | content ... =", "") | -| sentAsHeaders.js:12:19:12:81 | content ... .trim() | -| sentAsHeaders.js:14:20:19:9 | {\\n ... } | -| sentAsHeaders.js:14:20:19:9 | {\\n ... } | -| sentAsHeaders.js:18:20:18:55 | { Refer ... ntent } | -| sentAsHeaders.js:18:31:18:53 | "http:/ ... content | -| sentAsHeaders.js:18:47:18:53 | content | -| sentAsHeaders.js:20:20:25:9 | {\\n ... } | -| sentAsHeaders.js:20:20:25:9 | {\\n ... } | -| sentAsHeaders.js:24:20:24:55 | { Refer ... ntent } | -| sentAsHeaders.js:24:31:24:53 | "http:/ ... content | -| sentAsHeaders.js:24:47:24:53 | content | edges -| FileAccessToHttp.js:4:5:4:47 | content | FileAccessToHttp.js:9:23:9:29 | content | -| FileAccessToHttp.js:4:15:4:47 | fs.read ... "utf8") | FileAccessToHttp.js:4:5:4:47 | content | -| FileAccessToHttp.js:4:15:4:47 | fs.read ... "utf8") | FileAccessToHttp.js:4:5:4:47 | content | -| FileAccessToHttp.js:9:12:9:31 | { Referer: content } | FileAccessToHttp.js:5:11:10:1 | {\\n hos ... ent }\\n} | -| FileAccessToHttp.js:9:12:9:31 | { Referer: content } | FileAccessToHttp.js:5:11:10:1 | {\\n hos ... ent }\\n} | -| FileAccessToHttp.js:9:23:9:29 | content | FileAccessToHttp.js:9:12:9:31 | { Referer: content } | -| bufferRead.js:12:13:12:43 | buffer | bufferRead.js:15:26:15:31 | buffer | -| bufferRead.js:12:22:12:43 | new Buf ... s.size) | bufferRead.js:12:13:12:43 | buffer | -| bufferRead.js:12:22:12:43 | new Buf ... s.size) | bufferRead.js:12:13:12:43 | buffer | -| bufferRead.js:15:15:15:62 | postData | bufferRead.js:33:21:33:28 | postData | -| bufferRead.js:15:15:15:62 | postData | bufferRead.js:33:21:33:28 | postData | -| bufferRead.js:15:26:15:31 | buffer | bufferRead.js:15:26:15:62 | buffer. ... esRead) | -| bufferRead.js:15:26:15:62 | buffer. ... esRead) | bufferRead.js:15:15:15:62 | postData | -| googlecompiler.js:7:19:7:28 | codestring | googlecompiler.js:14:21:14:30 | codestring | -| googlecompiler.js:9:7:15:4 | post_data | googlecompiler.js:38:18:38:26 | post_data | -| googlecompiler.js:9:7:15:4 | post_data | googlecompiler.js:38:18:38:26 | post_data | -| googlecompiler.js:9:19:15:4 | queryst ... dy\\n }) | googlecompiler.js:9:7:15:4 | post_data | -| googlecompiler.js:9:41:15:3 | {\\n ... ody\\n } | googlecompiler.js:9:19:15:4 | queryst ... dy\\n }) | -| googlecompiler.js:14:21:14:30 | codestring | googlecompiler.js:9:41:15:3 | {\\n ... ody\\n } | -| googlecompiler.js:44:54:44:57 | data | googlecompiler.js:56:14:56:17 | data | -| googlecompiler.js:44:54:44:57 | data | googlecompiler.js:56:14:56:17 | data | -| googlecompiler.js:56:14:56:17 | data | googlecompiler.js:7:19:7:28 | codestring | -| readFileSync.js:5:5:5:39 | data | readFileSync.js:7:11:7:14 | data | -| readFileSync.js:5:12:5:39 | fs.read ... t.txt") | readFileSync.js:5:5:5:39 | data | -| readFileSync.js:5:12:5:39 | fs.read ... t.txt") | readFileSync.js:5:5:5:39 | data | -| readFileSync.js:7:7:7:25 | s | readFileSync.js:26:18:26:18 | s | -| readFileSync.js:7:7:7:25 | s | readFileSync.js:26:18:26:18 | s | -| readFileSync.js:7:11:7:14 | data | readFileSync.js:7:11:7:25 | data.toString() | -| readFileSync.js:7:11:7:25 | data.toString() | readFileSync.js:7:7:7:25 | s | -| readStreamRead.js:13:13:13:35 | chunk | readStreamRead.js:30:19:30:23 | chunk | -| readStreamRead.js:13:13:13:35 | chunk | readStreamRead.js:30:19:30:23 | chunk | -| readStreamRead.js:13:21:13:35 | readable.read() | readStreamRead.js:13:13:13:35 | chunk | -| readStreamRead.js:13:21:13:35 | readable.read() | readStreamRead.js:13:13:13:35 | chunk | -| request.js:6:19:6:26 | jsonData | request.js:8:12:8:19 | jsonData | -| request.js:8:12:8:19 | jsonData | request.js:8:11:8:20 | {jsonData} | -| request.js:8:12:8:19 | jsonData | request.js:8:11:8:20 | {jsonData} | -| request.js:13:18:13:24 | xmlData | request.js:22:11:22:17 | xmlData | -| request.js:22:11:22:17 | xmlData | request.js:16:11:23:3 | {\\n u ... ody\\n } | -| request.js:22:11:22:17 | xmlData | request.js:16:11:23:3 | {\\n u ... ody\\n } | -| request.js:28:52:28:55 | data | request.js:35:14:35:17 | data | -| request.js:28:52:28:55 | data | request.js:35:14:35:17 | data | -| request.js:35:14:35:17 | data | request.js:6:19:6:26 | jsonData | -| request.js:43:51:43:54 | data | request.js:50:13:50:16 | data | -| request.js:43:51:43:54 | data | request.js:50:13:50:16 | data | -| request.js:50:13:50:16 | data | request.js:13:18:13:24 | xmlData | -| sentAsHeaders.js:10:79:10:84 | buffer | sentAsHeaders.js:11:23:11:28 | buffer | -| sentAsHeaders.js:10:79:10:84 | buffer | sentAsHeaders.js:11:23:11:28 | buffer | -| sentAsHeaders.js:11:13:11:59 | content | sentAsHeaders.js:12:19:12:25 | content | -| sentAsHeaders.js:11:23:11:28 | buffer | sentAsHeaders.js:11:23:11:59 | buffer. ... esRead) | -| sentAsHeaders.js:11:23:11:59 | buffer. ... esRead) | sentAsHeaders.js:11:13:11:59 | content | -| sentAsHeaders.js:12:9:12:81 | content | sentAsHeaders.js:18:47:18:53 | content | -| sentAsHeaders.js:12:9:12:81 | content | sentAsHeaders.js:24:47:24:53 | content | -| sentAsHeaders.js:12:19:12:25 | content | sentAsHeaders.js:12:19:12:74 | content ... =", "") | -| sentAsHeaders.js:12:19:12:74 | content ... =", "") | sentAsHeaders.js:12:19:12:81 | content ... .trim() | -| sentAsHeaders.js:12:19:12:81 | content ... .trim() | sentAsHeaders.js:12:9:12:81 | content | -| sentAsHeaders.js:18:20:18:55 | { Refer ... ntent } | sentAsHeaders.js:14:20:19:9 | {\\n ... } | -| sentAsHeaders.js:18:20:18:55 | { Refer ... ntent } | sentAsHeaders.js:14:20:19:9 | {\\n ... } | -| sentAsHeaders.js:18:31:18:53 | "http:/ ... content | sentAsHeaders.js:18:20:18:55 | { Refer ... ntent } | -| sentAsHeaders.js:18:47:18:53 | content | sentAsHeaders.js:18:31:18:53 | "http:/ ... content | -| sentAsHeaders.js:24:20:24:55 | { Refer ... ntent } | sentAsHeaders.js:20:20:25:9 | {\\n ... } | -| sentAsHeaders.js:24:20:24:55 | { Refer ... ntent } | sentAsHeaders.js:20:20:25:9 | {\\n ... } | -| sentAsHeaders.js:24:31:24:53 | "http:/ ... content | sentAsHeaders.js:24:20:24:55 | { Refer ... ntent } | -| sentAsHeaders.js:24:47:24:53 | content | sentAsHeaders.js:24:31:24:53 | "http:/ ... content | +| FileAccessToHttp.js:4:5:4:47 | content | FileAccessToHttp.js:9:23:9:29 | content | provenance | | +| FileAccessToHttp.js:4:15:4:47 | fs.read ... "utf8") | FileAccessToHttp.js:4:5:4:47 | content | provenance | | +| FileAccessToHttp.js:5:11:10:1 | [post update] {\\n hos ... ent }\\n} [headers, Referer] | FileAccessToHttp.js:5:11:10:1 | {\\n hos ... ent }\\n} | provenance | | +| FileAccessToHttp.js:9:12:9:31 | { Referer: content } [Referer] | FileAccessToHttp.js:5:11:10:1 | [post update] {\\n hos ... ent }\\n} [headers, Referer] | provenance | | +| FileAccessToHttp.js:9:23:9:29 | content | FileAccessToHttp.js:9:12:9:31 | { Referer: content } [Referer] | provenance | | +| bufferRead.js:12:13:12:43 | buffer | bufferRead.js:13:21:13:26 | buffer | provenance | | +| bufferRead.js:12:13:12:43 | buffer | bufferRead.js:13:32:13:37 | buffer | provenance | | +| bufferRead.js:12:22:12:43 | new Buf ... s.size) | bufferRead.js:12:13:12:43 | buffer | provenance | | +| bufferRead.js:13:21:13:26 | buffer | bufferRead.js:13:32:13:37 | buffer | provenance | | +| bufferRead.js:13:32:13:37 | buffer | bufferRead.js:15:26:15:31 | buffer | provenance | | +| bufferRead.js:15:15:15:62 | postData | bufferRead.js:33:21:33:28 | postData | provenance | | +| bufferRead.js:15:26:15:31 | buffer | bufferRead.js:15:26:15:62 | buffer. ... esRead) | provenance | | +| bufferRead.js:15:26:15:62 | buffer. ... esRead) | bufferRead.js:15:15:15:62 | postData | provenance | | +| readFileSync.js:5:5:5:39 | data | readFileSync.js:7:11:7:14 | data | provenance | | +| readFileSync.js:5:12:5:39 | fs.read ... t.txt") | readFileSync.js:5:5:5:39 | data | provenance | | +| readFileSync.js:7:7:7:25 | s | readFileSync.js:26:18:26:18 | s | provenance | | +| readFileSync.js:7:11:7:14 | data | readFileSync.js:7:11:7:25 | data.toString() | provenance | | +| readFileSync.js:7:11:7:25 | data.toString() | readFileSync.js:7:7:7:25 | s | provenance | | +| readStreamRead.js:13:13:13:35 | chunk | readStreamRead.js:30:19:30:23 | chunk | provenance | | +| readStreamRead.js:13:21:13:35 | readable.read() | readStreamRead.js:13:13:13:35 | chunk | provenance | | +| request.js:6:19:6:26 | jsonData | request.js:8:12:8:19 | jsonData | provenance | | +| request.js:8:11:8:20 | [post update] {jsonData} [jsonData] | request.js:8:11:8:20 | {jsonData} | provenance | | +| request.js:8:12:8:19 | jsonData | request.js:8:11:8:20 | [post update] {jsonData} [jsonData] | provenance | | +| request.js:13:18:13:24 | xmlData | request.js:22:11:22:17 | xmlData | provenance | | +| request.js:16:11:23:3 | [post update] {\\n u ... ody\\n } [body] | request.js:16:11:23:3 | {\\n u ... ody\\n } | provenance | | +| request.js:22:11:22:17 | xmlData | request.js:16:11:23:3 | [post update] {\\n u ... ody\\n } [body] | provenance | | +| request.js:28:52:28:55 | data | request.js:35:14:35:17 | data | provenance | | +| request.js:35:14:35:17 | data | request.js:6:19:6:26 | jsonData | provenance | | +| request.js:43:51:43:54 | data | request.js:50:13:50:16 | data | provenance | | +| request.js:50:13:50:16 | data | request.js:13:18:13:24 | xmlData | provenance | | +| sentAsHeaders.js:10:79:10:84 | buffer | sentAsHeaders.js:11:23:11:28 | buffer | provenance | | +| sentAsHeaders.js:11:13:11:59 | content | sentAsHeaders.js:12:19:12:25 | content | provenance | | +| sentAsHeaders.js:11:23:11:28 | buffer | sentAsHeaders.js:11:23:11:59 | buffer. ... esRead) | provenance | | +| sentAsHeaders.js:11:23:11:59 | buffer. ... esRead) | sentAsHeaders.js:11:13:11:59 | content | provenance | | +| sentAsHeaders.js:12:9:12:81 | content | sentAsHeaders.js:18:47:18:53 | content | provenance | | +| sentAsHeaders.js:12:9:12:81 | content | sentAsHeaders.js:24:47:24:53 | content | provenance | | +| sentAsHeaders.js:12:19:12:25 | content | sentAsHeaders.js:12:19:12:74 | content ... =", "") | provenance | | +| sentAsHeaders.js:12:19:12:74 | content ... =", "") | sentAsHeaders.js:12:19:12:81 | content ... .trim() | provenance | | +| sentAsHeaders.js:12:19:12:81 | content ... .trim() | sentAsHeaders.js:12:9:12:81 | content | provenance | | +| sentAsHeaders.js:14:20:19:9 | [post update] {\\n ... } [headers, Referer] | sentAsHeaders.js:14:20:19:9 | {\\n ... } | provenance | | +| sentAsHeaders.js:18:20:18:55 | { Refer ... ntent } [Referer] | sentAsHeaders.js:14:20:19:9 | [post update] {\\n ... } [headers, Referer] | provenance | | +| sentAsHeaders.js:18:31:18:53 | "http:/ ... content | sentAsHeaders.js:18:20:18:55 | { Refer ... ntent } [Referer] | provenance | | +| sentAsHeaders.js:18:47:18:53 | content | sentAsHeaders.js:18:31:18:53 | "http:/ ... content | provenance | | +| sentAsHeaders.js:20:20:25:9 | [post update] {\\n ... } [headers, Referer] | sentAsHeaders.js:20:20:25:9 | {\\n ... } | provenance | | +| sentAsHeaders.js:24:20:24:55 | { Refer ... ntent } [Referer] | sentAsHeaders.js:20:20:25:9 | [post update] {\\n ... } [headers, Referer] | provenance | | +| sentAsHeaders.js:24:31:24:53 | "http:/ ... content | sentAsHeaders.js:24:20:24:55 | { Refer ... ntent } [Referer] | provenance | | +| sentAsHeaders.js:24:47:24:53 | content | sentAsHeaders.js:24:31:24:53 | "http:/ ... content | provenance | | +nodes +| FileAccessToHttp.js:4:5:4:47 | content | semmle.label | content | +| FileAccessToHttp.js:4:15:4:47 | fs.read ... "utf8") | semmle.label | fs.read ... "utf8") | +| FileAccessToHttp.js:5:11:10:1 | [post update] {\\n hos ... ent }\\n} [headers, Referer] | semmle.label | [post update] {\\n hos ... ent }\\n} [headers, Referer] | +| FileAccessToHttp.js:5:11:10:1 | {\\n hos ... ent }\\n} | semmle.label | {\\n hos ... ent }\\n} | +| FileAccessToHttp.js:9:12:9:31 | { Referer: content } [Referer] | semmle.label | { Referer: content } [Referer] | +| FileAccessToHttp.js:9:23:9:29 | content | semmle.label | content | +| bufferRead.js:12:13:12:43 | buffer | semmle.label | buffer | +| bufferRead.js:12:22:12:43 | new Buf ... s.size) | semmle.label | new Buf ... s.size) | +| bufferRead.js:13:21:13:26 | buffer | semmle.label | buffer | +| bufferRead.js:13:32:13:37 | buffer | semmle.label | buffer | +| bufferRead.js:15:15:15:62 | postData | semmle.label | postData | +| bufferRead.js:15:26:15:31 | buffer | semmle.label | buffer | +| bufferRead.js:15:26:15:62 | buffer. ... esRead) | semmle.label | buffer. ... esRead) | +| bufferRead.js:33:21:33:28 | postData | semmle.label | postData | +| readFileSync.js:5:5:5:39 | data | semmle.label | data | +| readFileSync.js:5:12:5:39 | fs.read ... t.txt") | semmle.label | fs.read ... t.txt") | +| readFileSync.js:7:7:7:25 | s | semmle.label | s | +| readFileSync.js:7:11:7:14 | data | semmle.label | data | +| readFileSync.js:7:11:7:25 | data.toString() | semmle.label | data.toString() | +| readFileSync.js:26:18:26:18 | s | semmle.label | s | +| readStreamRead.js:13:13:13:35 | chunk | semmle.label | chunk | +| readStreamRead.js:13:21:13:35 | readable.read() | semmle.label | readable.read() | +| readStreamRead.js:30:19:30:23 | chunk | semmle.label | chunk | +| request.js:6:19:6:26 | jsonData | semmle.label | jsonData | +| request.js:8:11:8:20 | [post update] {jsonData} [jsonData] | semmle.label | [post update] {jsonData} [jsonData] | +| request.js:8:11:8:20 | {jsonData} | semmle.label | {jsonData} | +| request.js:8:12:8:19 | jsonData | semmle.label | jsonData | +| request.js:13:18:13:24 | xmlData | semmle.label | xmlData | +| request.js:16:11:23:3 | [post update] {\\n u ... ody\\n } [body] | semmle.label | [post update] {\\n u ... ody\\n } [body] | +| request.js:16:11:23:3 | {\\n u ... ody\\n } | semmle.label | {\\n u ... ody\\n } | +| request.js:22:11:22:17 | xmlData | semmle.label | xmlData | +| request.js:28:52:28:55 | data | semmle.label | data | +| request.js:35:14:35:17 | data | semmle.label | data | +| request.js:43:51:43:54 | data | semmle.label | data | +| request.js:50:13:50:16 | data | semmle.label | data | +| sentAsHeaders.js:10:79:10:84 | buffer | semmle.label | buffer | +| sentAsHeaders.js:11:13:11:59 | content | semmle.label | content | +| sentAsHeaders.js:11:23:11:28 | buffer | semmle.label | buffer | +| sentAsHeaders.js:11:23:11:59 | buffer. ... esRead) | semmle.label | buffer. ... esRead) | +| sentAsHeaders.js:12:9:12:81 | content | semmle.label | content | +| sentAsHeaders.js:12:19:12:25 | content | semmle.label | content | +| sentAsHeaders.js:12:19:12:74 | content ... =", "") | semmle.label | content ... =", "") | +| sentAsHeaders.js:12:19:12:81 | content ... .trim() | semmle.label | content ... .trim() | +| sentAsHeaders.js:14:20:19:9 | [post update] {\\n ... } [headers, Referer] | semmle.label | [post update] {\\n ... } [headers, Referer] | +| sentAsHeaders.js:14:20:19:9 | {\\n ... } | semmle.label | {\\n ... } | +| sentAsHeaders.js:18:20:18:55 | { Refer ... ntent } [Referer] | semmle.label | { Refer ... ntent } [Referer] | +| sentAsHeaders.js:18:31:18:53 | "http:/ ... content | semmle.label | "http:/ ... content | +| sentAsHeaders.js:18:47:18:53 | content | semmle.label | content | +| sentAsHeaders.js:20:20:25:9 | [post update] {\\n ... } [headers, Referer] | semmle.label | [post update] {\\n ... } [headers, Referer] | +| sentAsHeaders.js:20:20:25:9 | {\\n ... } | semmle.label | {\\n ... } | +| sentAsHeaders.js:24:20:24:55 | { Refer ... ntent } [Referer] | semmle.label | { Refer ... ntent } [Referer] | +| sentAsHeaders.js:24:31:24:53 | "http:/ ... content | semmle.label | "http:/ ... content | +| sentAsHeaders.js:24:47:24:53 | content | semmle.label | content | +subpaths #select | FileAccessToHttp.js:5:11:10:1 | {\\n hos ... ent }\\n} | FileAccessToHttp.js:4:15:4:47 | fs.read ... "utf8") | FileAccessToHttp.js:5:11:10:1 | {\\n hos ... ent }\\n} | Outbound network request depends on $@. | FileAccessToHttp.js:4:15:4:47 | fs.read ... "utf8") | file data | | bufferRead.js:33:21:33:28 | postData | bufferRead.js:12:22:12:43 | new Buf ... s.size) | bufferRead.js:33:21:33:28 | postData | Outbound network request depends on $@. | bufferRead.js:12:22:12:43 | new Buf ... s.size) | file data | -| googlecompiler.js:38:18:38:26 | post_data | googlecompiler.js:44:54:44:57 | data | googlecompiler.js:38:18:38:26 | post_data | Outbound network request depends on $@. | googlecompiler.js:44:54:44:57 | data | file data | | readFileSync.js:26:18:26:18 | s | readFileSync.js:5:12:5:39 | fs.read ... t.txt") | readFileSync.js:26:18:26:18 | s | Outbound network request depends on $@. | readFileSync.js:5:12:5:39 | fs.read ... t.txt") | file data | | readStreamRead.js:30:19:30:23 | chunk | readStreamRead.js:13:21:13:35 | readable.read() | readStreamRead.js:30:19:30:23 | chunk | Outbound network request depends on $@. | readStreamRead.js:13:21:13:35 | readable.read() | file data | | request.js:8:11:8:20 | {jsonData} | request.js:28:52:28:55 | data | request.js:8:11:8:20 | {jsonData} | Outbound network request depends on $@. | request.js:28:52:28:55 | data | file data | diff --git a/javascript/ql/test/query-tests/Security/CWE-201/PostMessageStar.expected b/javascript/ql/test/query-tests/Security/CWE-201/PostMessageStar.expected index e4c14a2060c6..c6c416c93e03 100644 --- a/javascript/ql/test/query-tests/Security/CWE-201/PostMessageStar.expected +++ b/javascript/ql/test/query-tests/Security/CWE-201/PostMessageStar.expected @@ -1,34 +1,22 @@ -nodes -| PostMessageStar2.js:1:27:1:34 | password | -| PostMessageStar2.js:1:27:1:34 | password | -| PostMessageStar2.js:1:27:1:34 | password | -| PostMessageStar2.js:4:7:4:15 | data | -| PostMessageStar2.js:4:14:4:15 | {} | -| PostMessageStar2.js:5:14:5:21 | password | -| PostMessageStar2.js:5:14:5:21 | password | -| PostMessageStar2.js:8:29:8:32 | data | -| PostMessageStar2.js:8:29:8:32 | data | -| PostMessageStar2.js:9:29:9:36 | data.foo | -| PostMessageStar2.js:9:29:9:36 | data.foo | -| PostMessageStar2.js:13:27:13:33 | authKey | -| PostMessageStar2.js:13:27:13:33 | authKey | -| PostMessageStar2.js:13:27:13:33 | authKey | -| PostMessageStar.js:1:27:1:34 | userName | -| PostMessageStar.js:1:27:1:34 | userName | -| PostMessageStar.js:1:27:1:34 | userName | edges -| PostMessageStar2.js:1:27:1:34 | password | PostMessageStar2.js:1:27:1:34 | password | -| PostMessageStar2.js:4:7:4:15 | data | PostMessageStar2.js:8:29:8:32 | data | -| PostMessageStar2.js:4:7:4:15 | data | PostMessageStar2.js:8:29:8:32 | data | -| PostMessageStar2.js:4:14:4:15 | {} | PostMessageStar2.js:4:7:4:15 | data | -| PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:4:14:4:15 | {} | -| PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:4:14:4:15 | {} | -| PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:9:29:9:36 | data.foo | -| PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:9:29:9:36 | data.foo | -| PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:9:29:9:36 | data.foo | -| PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:9:29:9:36 | data.foo | -| PostMessageStar2.js:13:27:13:33 | authKey | PostMessageStar2.js:13:27:13:33 | authKey | -| PostMessageStar.js:1:27:1:34 | userName | PostMessageStar.js:1:27:1:34 | userName | +| PostMessageStar2.js:4:7:4:15 | data [foo] | PostMessageStar2.js:8:29:8:32 | data [foo] | provenance | | +| PostMessageStar2.js:4:7:4:15 | data [foo] | PostMessageStar2.js:9:29:9:32 | data [foo] | provenance | | +| PostMessageStar2.js:5:3:5:6 | [post update] data [foo] | PostMessageStar2.js:4:7:4:15 | data [foo] | provenance | | +| PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:5:3:5:6 | [post update] data [foo] | provenance | | +| PostMessageStar2.js:8:29:8:32 | data [foo] | PostMessageStar2.js:8:29:8:32 | data | provenance | | +| PostMessageStar2.js:9:29:9:32 | data [foo] | PostMessageStar2.js:9:29:9:36 | data.foo | provenance | | +nodes +| PostMessageStar2.js:1:27:1:34 | password | semmle.label | password | +| PostMessageStar2.js:4:7:4:15 | data [foo] | semmle.label | data [foo] | +| PostMessageStar2.js:5:3:5:6 | [post update] data [foo] | semmle.label | [post update] data [foo] | +| PostMessageStar2.js:5:14:5:21 | password | semmle.label | password | +| PostMessageStar2.js:8:29:8:32 | data | semmle.label | data | +| PostMessageStar2.js:8:29:8:32 | data [foo] | semmle.label | data [foo] | +| PostMessageStar2.js:9:29:9:32 | data [foo] | semmle.label | data [foo] | +| PostMessageStar2.js:9:29:9:36 | data.foo | semmle.label | data.foo | +| PostMessageStar2.js:13:27:13:33 | authKey | semmle.label | authKey | +| PostMessageStar.js:1:27:1:34 | userName | semmle.label | userName | +subpaths #select | PostMessageStar2.js:1:27:1:34 | password | PostMessageStar2.js:1:27:1:34 | password | PostMessageStar2.js:1:27:1:34 | password | $@ is sent to another window without origin restriction. | PostMessageStar2.js:1:27:1:34 | password | Sensitive data | | PostMessageStar2.js:8:29:8:32 | data | PostMessageStar2.js:5:14:5:21 | password | PostMessageStar2.js:8:29:8:32 | data | $@ is sent to another window without origin restriction. | PostMessageStar2.js:5:14:5:21 | password | Sensitive data | diff --git a/javascript/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected b/javascript/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected index d649d3b8a640..8754a6cbdf01 100644 --- a/javascript/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected +++ b/javascript/ql/test/query-tests/Security/CWE-209/StackTraceExposure.expected @@ -1,33 +1,22 @@ -nodes -| node.js:8:10:8:12 | err | -| node.js:8:10:8:12 | err | -| node.js:11:13:11:15 | err | -| node.js:11:13:11:21 | err.stack | -| node.js:11:13:11:21 | err.stack | -| tst.js:6:12:6:12 | e | -| tst.js:6:12:6:12 | e | -| tst.js:7:13:7:13 | e | -| tst.js:7:13:7:13 | e | -| tst.js:8:15:8:15 | e | -| tst.js:16:20:16:20 | e | -| tst.js:17:11:17:11 | e | -| tst.js:17:11:17:17 | e.stack | -| tst.js:17:11:17:17 | e.stack | edges -| node.js:8:10:8:12 | err | node.js:11:13:11:15 | err | -| node.js:8:10:8:12 | err | node.js:11:13:11:15 | err | -| node.js:11:13:11:15 | err | node.js:11:13:11:21 | err.stack | -| node.js:11:13:11:15 | err | node.js:11:13:11:21 | err.stack | -| tst.js:6:12:6:12 | e | tst.js:7:13:7:13 | e | -| tst.js:6:12:6:12 | e | tst.js:7:13:7:13 | e | -| tst.js:6:12:6:12 | e | tst.js:7:13:7:13 | e | -| tst.js:6:12:6:12 | e | tst.js:7:13:7:13 | e | -| tst.js:6:12:6:12 | e | tst.js:8:15:8:15 | e | -| tst.js:6:12:6:12 | e | tst.js:8:15:8:15 | e | -| tst.js:8:15:8:15 | e | tst.js:16:20:16:20 | e | -| tst.js:16:20:16:20 | e | tst.js:17:11:17:11 | e | -| tst.js:17:11:17:11 | e | tst.js:17:11:17:17 | e.stack | -| tst.js:17:11:17:11 | e | tst.js:17:11:17:17 | e.stack | +| node.js:8:10:8:12 | err | node.js:11:13:11:15 | err | provenance | | +| node.js:11:13:11:15 | err | node.js:11:13:11:21 | err.stack | provenance | | +| tst.js:6:12:6:12 | e | tst.js:7:13:7:13 | e | provenance | | +| tst.js:6:12:6:12 | e | tst.js:8:15:8:15 | e | provenance | | +| tst.js:8:15:8:15 | e | tst.js:16:20:16:20 | e | provenance | | +| tst.js:16:20:16:20 | e | tst.js:17:11:17:11 | e | provenance | | +| tst.js:17:11:17:11 | e | tst.js:17:11:17:17 | e.stack | provenance | | +nodes +| node.js:8:10:8:12 | err | semmle.label | err | +| node.js:11:13:11:15 | err | semmle.label | err | +| node.js:11:13:11:21 | err.stack | semmle.label | err.stack | +| tst.js:6:12:6:12 | e | semmle.label | e | +| tst.js:7:13:7:13 | e | semmle.label | e | +| tst.js:8:15:8:15 | e | semmle.label | e | +| tst.js:16:20:16:20 | e | semmle.label | e | +| tst.js:17:11:17:11 | e | semmle.label | e | +| tst.js:17:11:17:17 | e.stack | semmle.label | e.stack | +subpaths #select | node.js:11:13:11:21 | err.stack | node.js:8:10:8:12 | err | node.js:11:13:11:21 | err.stack | This information exposed to the user depends on $@. | node.js:8:10:8:12 | err | stack trace information | | tst.js:7:13:7:13 | e | tst.js:6:12:6:12 | e | tst.js:7:13:7:13 | e | This information exposed to the user depends on $@. | tst.js:6:12:6:12 | e | stack trace information | diff --git a/javascript/ql/test/query-tests/Security/CWE-312/BuildArtifactLeak.expected b/javascript/ql/test/query-tests/Security/CWE-312/BuildArtifactLeak.expected index 8514ae581045..1f3caa8f1ceb 100644 --- a/javascript/ql/test/query-tests/Security/CWE-312/BuildArtifactLeak.expected +++ b/javascript/ql/test/query-tests/Security/CWE-312/BuildArtifactLeak.expected @@ -1,67 +1,90 @@ -nodes -| build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} | -| build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} | -| build-leaks.js:5:20:5:46 | JSON.st ... ss.env) | -| build-leaks.js:5:35:5:45 | process.env | -| build-leaks.js:5:35:5:45 | process.env | -| build-leaks.js:13:11:19:10 | raw | -| build-leaks.js:13:17:19:10 | Object. ... }) | -| build-leaks.js:14:18:14:20 | env | -| build-leaks.js:15:24:15:34 | process.env | -| build-leaks.js:15:24:15:34 | process.env | -| build-leaks.js:15:24:15:39 | process.env[key] | -| build-leaks.js:16:20:16:22 | env | -| build-leaks.js:21:11:26:5 | stringifed | -| build-leaks.js:21:24:26:5 | {\\n ... )\\n } | -| build-leaks.js:22:24:25:14 | Object. ... }, {}) | -| build-leaks.js:22:49:22:51 | env | -| build-leaks.js:23:24:23:47 | JSON.st ... w[key]) | -| build-leaks.js:23:39:23:41 | raw | -| build-leaks.js:23:39:23:46 | raw[key] | -| build-leaks.js:24:20:24:22 | env | -| build-leaks.js:30:22:30:31 | stringifed | -| build-leaks.js:34:26:34:57 | getEnv( ... ngified | -| build-leaks.js:34:26:34:57 | getEnv( ... ngified | -| build-leaks.js:40:9:40:60 | pw | -| build-leaks.js:40:14:40:60 | url.par ... assword | -| build-leaks.js:40:14:40:60 | url.par ... assword | -| build-leaks.js:41:43:41:86 | { "proc ... y(pw) } | -| build-leaks.js:41:43:41:86 | { "proc ... y(pw) } | -| build-leaks.js:41:67:41:84 | JSON.stringify(pw) | -| build-leaks.js:41:82:41:83 | pw | edges -| build-leaks.js:5:20:5:46 | JSON.st ... ss.env) | build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} | -| build-leaks.js:5:20:5:46 | JSON.st ... ss.env) | build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} | -| build-leaks.js:5:35:5:45 | process.env | build-leaks.js:5:20:5:46 | JSON.st ... ss.env) | -| build-leaks.js:5:35:5:45 | process.env | build-leaks.js:5:20:5:46 | JSON.st ... ss.env) | -| build-leaks.js:13:11:19:10 | raw | build-leaks.js:23:39:23:41 | raw | -| build-leaks.js:13:17:19:10 | Object. ... }) | build-leaks.js:13:11:19:10 | raw | -| build-leaks.js:14:18:14:20 | env | build-leaks.js:16:20:16:22 | env | -| build-leaks.js:15:24:15:34 | process.env | build-leaks.js:14:18:14:20 | env | -| build-leaks.js:15:24:15:34 | process.env | build-leaks.js:14:18:14:20 | env | -| build-leaks.js:15:24:15:34 | process.env | build-leaks.js:15:24:15:39 | process.env[key] | -| build-leaks.js:15:24:15:34 | process.env | build-leaks.js:15:24:15:39 | process.env[key] | -| build-leaks.js:15:24:15:39 | process.env[key] | build-leaks.js:14:18:14:20 | env | -| build-leaks.js:16:20:16:22 | env | build-leaks.js:13:17:19:10 | Object. ... }) | -| build-leaks.js:16:20:16:22 | env | build-leaks.js:14:18:14:20 | env | -| build-leaks.js:21:11:26:5 | stringifed | build-leaks.js:30:22:30:31 | stringifed | -| build-leaks.js:21:24:26:5 | {\\n ... )\\n } | build-leaks.js:21:11:26:5 | stringifed | -| build-leaks.js:22:24:25:14 | Object. ... }, {}) | build-leaks.js:21:24:26:5 | {\\n ... )\\n } | -| build-leaks.js:22:49:22:51 | env | build-leaks.js:24:20:24:22 | env | -| build-leaks.js:23:24:23:47 | JSON.st ... w[key]) | build-leaks.js:22:49:22:51 | env | -| build-leaks.js:23:39:23:41 | raw | build-leaks.js:22:49:22:51 | env | -| build-leaks.js:23:39:23:41 | raw | build-leaks.js:23:39:23:46 | raw[key] | -| build-leaks.js:23:39:23:46 | raw[key] | build-leaks.js:23:24:23:47 | JSON.st ... w[key]) | -| build-leaks.js:24:20:24:22 | env | build-leaks.js:22:24:25:14 | Object. ... }, {}) | -| build-leaks.js:24:20:24:22 | env | build-leaks.js:22:49:22:51 | env | -| build-leaks.js:30:22:30:31 | stringifed | build-leaks.js:34:26:34:57 | getEnv( ... ngified | -| build-leaks.js:30:22:30:31 | stringifed | build-leaks.js:34:26:34:57 | getEnv( ... ngified | -| build-leaks.js:40:9:40:60 | pw | build-leaks.js:41:82:41:83 | pw | -| build-leaks.js:40:14:40:60 | url.par ... assword | build-leaks.js:40:9:40:60 | pw | -| build-leaks.js:40:14:40:60 | url.par ... assword | build-leaks.js:40:9:40:60 | pw | -| build-leaks.js:41:67:41:84 | JSON.stringify(pw) | build-leaks.js:41:43:41:86 | { "proc ... y(pw) } | -| build-leaks.js:41:67:41:84 | JSON.stringify(pw) | build-leaks.js:41:43:41:86 | { "proc ... y(pw) } | -| build-leaks.js:41:82:41:83 | pw | build-leaks.js:41:67:41:84 | JSON.stringify(pw) | +| build-leaks.js:4:39:6:1 | [post update] { // NO ... .env)\\n} [process.env] | build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} | provenance | | +| build-leaks.js:5:20:5:46 | JSON.st ... ss.env) | build-leaks.js:4:39:6:1 | [post update] { // NO ... .env)\\n} [process.env] | provenance | | +| build-leaks.js:5:35:5:45 | process.env | build-leaks.js:5:20:5:46 | JSON.st ... ss.env) | provenance | | +| build-leaks.js:13:11:19:10 | raw | build-leaks.js:22:36:22:38 | raw | provenance | | +| build-leaks.js:13:17:19:10 | Object. ... }) | build-leaks.js:13:11:19:10 | raw | provenance | | +| build-leaks.js:14:18:14:20 | env | build-leaks.js:16:20:16:22 | env | provenance | | +| build-leaks.js:14:18:14:20 | env | build-leaks.js:16:20:16:22 | env | provenance | | +| build-leaks.js:14:18:14:20 | env [Return] | build-leaks.js:17:12:19:9 | [post update] {\\n ... } | provenance | | +| build-leaks.js:15:13:15:15 | [post update] env | build-leaks.js:14:18:14:20 | env | provenance | | +| build-leaks.js:15:13:15:15 | [post update] env | build-leaks.js:14:18:14:20 | env [Return] | provenance | | +| build-leaks.js:15:24:15:34 | process.env | build-leaks.js:15:13:15:15 | [post update] env | provenance | Config | +| build-leaks.js:16:20:16:22 | env | build-leaks.js:13:17:19:10 | Object. ... }) | provenance | | +| build-leaks.js:16:20:16:22 | env | build-leaks.js:14:18:14:20 | env | provenance | | +| build-leaks.js:16:20:16:22 | env | build-leaks.js:22:49:22:51 | env | provenance | | +| build-leaks.js:17:12:19:9 | [post update] {\\n ... } | build-leaks.js:17:12:19:9 | {\\n ... } | provenance | | +| build-leaks.js:17:12:19:9 | {\\n ... } | build-leaks.js:13:17:19:10 | Object. ... }) | provenance | | +| build-leaks.js:17:12:19:9 | {\\n ... } | build-leaks.js:14:18:14:20 | env | provenance | | +| build-leaks.js:21:11:26:5 | stringifed [process.env] | build-leaks.js:30:22:30:31 | stringifed [process.env] | provenance | | +| build-leaks.js:21:24:26:5 | {\\n ... )\\n } [process.env] | build-leaks.js:21:11:26:5 | stringifed [process.env] | provenance | | +| build-leaks.js:22:24:25:14 | Object. ... }, {}) | build-leaks.js:21:24:26:5 | {\\n ... )\\n } [process.env] | provenance | | +| build-leaks.js:22:36:22:38 | raw | build-leaks.js:22:24:25:14 | Object. ... }, {}) | provenance | | +| build-leaks.js:22:36:22:38 | raw | build-leaks.js:22:49:22:51 | env | provenance | Config | +| build-leaks.js:22:36:22:38 | raw | build-leaks.js:23:39:23:41 | raw | provenance | | +| build-leaks.js:22:36:22:38 | raw | build-leaks.js:25:12:25:13 | [post update] {} | provenance | | +| build-leaks.js:22:49:22:51 | env | build-leaks.js:24:20:24:22 | env | provenance | | +| build-leaks.js:22:49:22:51 | env | build-leaks.js:24:20:24:22 | env | provenance | | +| build-leaks.js:23:13:23:15 | [post update] env | build-leaks.js:22:49:22:51 | env | provenance | | +| build-leaks.js:23:13:23:15 | [post update] env | build-leaks.js:22:49:22:51 | env [Return] | provenance | | +| build-leaks.js:23:39:23:41 | raw | build-leaks.js:23:13:23:15 | [post update] env | provenance | Config | +| build-leaks.js:25:12:25:13 | [post update] {} | build-leaks.js:25:12:25:13 | {} | provenance | | +| build-leaks.js:25:12:25:13 | {} | build-leaks.js:22:24:25:14 | Object. ... }, {}) | provenance | | +| build-leaks.js:25:12:25:13 | {} | build-leaks.js:22:49:22:51 | env | provenance | | +| build-leaks.js:28:12:31:5 | {\\n ... d\\n } [stringified, process.env] | build-leaks.js:34:26:34:45 | getEnv('production') [stringified, process.env] | provenance | | +| build-leaks.js:30:22:30:31 | stringifed [process.env] | build-leaks.js:28:12:31:5 | {\\n ... d\\n } [stringified, process.env] | provenance | | +| build-leaks.js:34:26:34:45 | getEnv('production') [stringified, process.env] | build-leaks.js:34:26:34:57 | getEnv( ... ngified [process.env] | provenance | | +| build-leaks.js:34:26:34:57 | getEnv( ... ngified [process.env] | build-leaks.js:34:26:34:57 | getEnv( ... ngified | provenance | | +| build-leaks.js:40:9:40:60 | pw | build-leaks.js:41:82:41:83 | pw | provenance | | +| build-leaks.js:40:14:40:60 | url.par ... assword | build-leaks.js:40:9:40:60 | pw | provenance | | +| build-leaks.js:41:43:41:86 | [post update] { "proc ... y(pw) } [process.env.secret] | build-leaks.js:41:43:41:86 | { "proc ... y(pw) } | provenance | | +| build-leaks.js:41:67:41:84 | JSON.stringify(pw) | build-leaks.js:41:43:41:86 | [post update] { "proc ... y(pw) } [process.env.secret] | provenance | | +| build-leaks.js:41:82:41:83 | pw | build-leaks.js:41:67:41:84 | JSON.stringify(pw) | provenance | | +nodes +| build-leaks.js:4:39:6:1 | [post update] { // NO ... .env)\\n} [process.env] | semmle.label | [post update] { // NO ... .env)\\n} [process.env] | +| build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} | semmle.label | { // NO ... .env)\\n} | +| build-leaks.js:5:20:5:46 | JSON.st ... ss.env) | semmle.label | JSON.st ... ss.env) | +| build-leaks.js:5:35:5:45 | process.env | semmle.label | process.env | +| build-leaks.js:13:11:19:10 | raw | semmle.label | raw | +| build-leaks.js:13:17:19:10 | Object. ... }) | semmle.label | Object. ... }) | +| build-leaks.js:14:18:14:20 | env | semmle.label | env | +| build-leaks.js:14:18:14:20 | env | semmle.label | env | +| build-leaks.js:14:18:14:20 | env [Return] | semmle.label | env [Return] | +| build-leaks.js:15:13:15:15 | [post update] env | semmle.label | [post update] env | +| build-leaks.js:15:24:15:34 | process.env | semmle.label | process.env | +| build-leaks.js:16:20:16:22 | env | semmle.label | env | +| build-leaks.js:16:20:16:22 | env | semmle.label | env | +| build-leaks.js:17:12:19:9 | [post update] {\\n ... } | semmle.label | [post update] {\\n ... } | +| build-leaks.js:17:12:19:9 | {\\n ... } | semmle.label | {\\n ... } | +| build-leaks.js:21:11:26:5 | stringifed [process.env] | semmle.label | stringifed [process.env] | +| build-leaks.js:21:24:26:5 | {\\n ... )\\n } [process.env] | semmle.label | {\\n ... )\\n } [process.env] | +| build-leaks.js:22:24:25:14 | Object. ... }, {}) | semmle.label | Object. ... }, {}) | +| build-leaks.js:22:36:22:38 | raw | semmle.label | raw | +| build-leaks.js:22:49:22:51 | env | semmle.label | env | +| build-leaks.js:22:49:22:51 | env | semmle.label | env | +| build-leaks.js:22:49:22:51 | env [Return] | semmle.label | env [Return] | +| build-leaks.js:23:13:23:15 | [post update] env | semmle.label | [post update] env | +| build-leaks.js:23:39:23:41 | raw | semmle.label | raw | +| build-leaks.js:24:20:24:22 | env | semmle.label | env | +| build-leaks.js:24:20:24:22 | env | semmle.label | env | +| build-leaks.js:25:12:25:13 | [post update] {} | semmle.label | [post update] {} | +| build-leaks.js:25:12:25:13 | {} | semmle.label | {} | +| build-leaks.js:28:12:31:5 | {\\n ... d\\n } [stringified, process.env] | semmle.label | {\\n ... d\\n } [stringified, process.env] | +| build-leaks.js:30:22:30:31 | stringifed [process.env] | semmle.label | stringifed [process.env] | +| build-leaks.js:34:26:34:45 | getEnv('production') [stringified, process.env] | semmle.label | getEnv('production') [stringified, process.env] | +| build-leaks.js:34:26:34:57 | getEnv( ... ngified | semmle.label | getEnv( ... ngified | +| build-leaks.js:34:26:34:57 | getEnv( ... ngified [process.env] | semmle.label | getEnv( ... ngified [process.env] | +| build-leaks.js:40:9:40:60 | pw | semmle.label | pw | +| build-leaks.js:40:14:40:60 | url.par ... assword | semmle.label | url.par ... assword | +| build-leaks.js:41:43:41:86 | [post update] { "proc ... y(pw) } [process.env.secret] | semmle.label | [post update] { "proc ... y(pw) } [process.env.secret] | +| build-leaks.js:41:43:41:86 | { "proc ... y(pw) } | semmle.label | { "proc ... y(pw) } | +| build-leaks.js:41:67:41:84 | JSON.stringify(pw) | semmle.label | JSON.stringify(pw) | +| build-leaks.js:41:82:41:83 | pw | semmle.label | pw | +subpaths +| build-leaks.js:17:12:19:9 | {\\n ... } | build-leaks.js:14:18:14:20 | env | build-leaks.js:16:20:16:22 | env | build-leaks.js:13:17:19:10 | Object. ... }) | +| build-leaks.js:22:36:22:38 | raw | build-leaks.js:23:39:23:41 | raw | build-leaks.js:22:49:22:51 | env [Return] | build-leaks.js:25:12:25:13 | [post update] {} | +| build-leaks.js:22:36:22:38 | raw | build-leaks.js:23:39:23:41 | raw | build-leaks.js:24:20:24:22 | env | build-leaks.js:22:24:25:14 | Object. ... }, {}) | +| build-leaks.js:25:12:25:13 | {} | build-leaks.js:22:49:22:51 | env | build-leaks.js:24:20:24:22 | env | build-leaks.js:22:24:25:14 | Object. ... }, {}) | #select | build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} | build-leaks.js:5:35:5:45 | process.env | build-leaks.js:4:39:6:1 | { // NO ... .env)\\n} | This creates a build artifact that depends on $@. | build-leaks.js:5:35:5:45 | process.env | sensitive data returned byprocess environment | | build-leaks.js:34:26:34:57 | getEnv( ... ngified | build-leaks.js:15:24:15:34 | process.env | build-leaks.js:34:26:34:57 | getEnv( ... ngified | This creates a build artifact that depends on $@. | build-leaks.js:15:24:15:34 | process.env | sensitive data returned byprocess environment | diff --git a/javascript/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected b/javascript/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected index 01df8b2b672a..8e50d05362e7 100644 --- a/javascript/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected +++ b/javascript/ql/test/query-tests/Security/CWE-312/CleartextLogging.expected @@ -1,300 +1,175 @@ -nodes -| passwords.js:2:17:2:24 | password | -| passwords.js:2:17:2:24 | password | -| passwords.js:2:17:2:24 | password | -| passwords.js:3:17:3:26 | o.password | -| passwords.js:3:17:3:26 | o.password | -| passwords.js:3:17:3:26 | o.password | -| passwords.js:4:17:4:29 | getPassword() | -| passwords.js:4:17:4:29 | getPassword() | -| passwords.js:4:17:4:29 | getPassword() | -| passwords.js:5:17:5:31 | o.getPassword() | -| passwords.js:5:17:5:31 | o.getPassword() | -| passwords.js:5:17:5:31 | o.getPassword() | -| passwords.js:7:20:7:20 | x | -| passwords.js:8:21:8:21 | x | -| passwords.js:8:21:8:21 | x | -| passwords.js:10:11:10:18 | password | -| passwords.js:10:11:10:18 | password | -| passwords.js:12:18:12:25 | password | -| passwords.js:12:18:12:25 | password | -| passwords.js:12:18:12:25 | password | -| passwords.js:14:17:14:38 | name + ... assword | -| passwords.js:14:17:14:38 | name + ... assword | -| passwords.js:14:31:14:38 | password | -| passwords.js:14:31:14:38 | password | -| passwords.js:16:17:16:38 | `${name ... sword}` | -| passwords.js:16:17:16:38 | `${name ... sword}` | -| passwords.js:16:29:16:36 | password | -| passwords.js:16:29:16:36 | password | -| passwords.js:18:9:20:5 | obj1 | -| passwords.js:18:16:20:5 | {\\n ... x\\n } | -| passwords.js:18:16:20:5 | {\\n ... x\\n } | -| passwords.js:21:17:21:20 | obj1 | -| passwords.js:21:17:21:20 | obj1 | -| passwords.js:23:9:25:5 | obj2 | -| passwords.js:23:16:25:5 | {\\n ... d\\n } | -| passwords.js:24:12:24:19 | password | -| passwords.js:24:12:24:19 | password | -| passwords.js:26:17:26:20 | obj2 | -| passwords.js:26:17:26:20 | obj2 | -| passwords.js:28:9:28:17 | obj3 | -| passwords.js:28:16:28:17 | {} | -| passwords.js:29:17:29:20 | obj3 | -| passwords.js:29:17:29:20 | obj3 | -| passwords.js:30:14:30:21 | password | -| passwords.js:30:14:30:21 | password | -| passwords.js:77:37:77:53 | req.body.password | -| passwords.js:77:37:77:53 | req.body.password | -| passwords.js:78:17:78:38 | temp.en ... assword | -| passwords.js:78:17:78:38 | temp.en ... assword | -| passwords.js:80:9:80:25 | secret | -| passwords.js:80:18:80:25 | password | -| passwords.js:80:18:80:25 | password | -| passwords.js:81:17:81:31 | `pw: ${secret}` | -| passwords.js:81:17:81:31 | `pw: ${secret}` | -| passwords.js:81:24:81:29 | secret | -| passwords.js:93:21:93:46 | "Passwo ... assword | -| passwords.js:93:21:93:46 | "Passwo ... assword | -| passwords.js:93:39:93:46 | password | -| passwords.js:93:39:93:46 | password | -| passwords.js:98:21:98:46 | "Passwo ... assword | -| passwords.js:98:21:98:46 | "Passwo ... assword | -| passwords.js:98:39:98:46 | password | -| passwords.js:98:39:98:46 | password | -| passwords.js:105:21:105:46 | "Passwo ... assword | -| passwords.js:105:21:105:46 | "Passwo ... assword | -| passwords.js:105:39:105:46 | password | -| passwords.js:105:39:105:46 | password | -| passwords.js:110:21:110:46 | "Passwo ... assword | -| passwords.js:110:21:110:46 | "Passwo ... assword | -| passwords.js:110:39:110:46 | password | -| passwords.js:110:39:110:46 | password | -| passwords.js:114:25:114:50 | "Passwo ... assword | -| passwords.js:114:25:114:50 | "Passwo ... assword | -| passwords.js:114:43:114:50 | password | -| passwords.js:114:43:114:50 | password | -| passwords.js:119:21:119:46 | "Passwo ... assword | -| passwords.js:119:21:119:46 | "Passwo ... assword | -| passwords.js:119:39:119:46 | password | -| passwords.js:119:39:119:46 | password | -| passwords.js:122:17:122:49 | name + ... tring() | -| passwords.js:122:17:122:49 | name + ... tring() | -| passwords.js:122:31:122:38 | password | -| passwords.js:122:31:122:38 | password | -| passwords.js:122:31:122:49 | password.toString() | -| passwords.js:123:17:123:48 | name + ... lueOf() | -| passwords.js:123:17:123:48 | name + ... lueOf() | -| passwords.js:123:31:123:38 | password | -| passwords.js:123:31:123:38 | password | -| passwords.js:123:31:123:48 | password.valueOf() | -| passwords.js:127:9:132:5 | config | -| passwords.js:127:18:132:5 | {\\n ... )\\n } | -| passwords.js:127:18:132:5 | {\\n ... )\\n } | -| passwords.js:130:12:130:19 | password | -| passwords.js:130:12:130:19 | password | -| passwords.js:131:12:131:24 | getPassword() | -| passwords.js:131:12:131:24 | getPassword() | -| passwords.js:135:17:135:22 | config | -| passwords.js:135:17:135:22 | config | -| passwords.js:136:17:136:24 | config.x | -| passwords.js:136:17:136:24 | config.x | -| passwords.js:137:17:137:24 | config.y | -| passwords.js:137:17:137:24 | config.y | -| passwords.js:142:26:142:34 | arguments | -| passwords.js:142:26:142:34 | arguments | -| passwords.js:147:12:147:19 | password | -| passwords.js:147:12:147:19 | password | -| passwords.js:149:21:149:28 | config.x | -| passwords.js:150:21:150:31 | process.env | -| passwords.js:150:21:150:31 | process.env | -| passwords.js:152:9:152:63 | procdesc | -| passwords.js:152:20:152:44 | Util.in ... ss.env) | -| passwords.js:152:20:152:63 | Util.in ... /g, '') | -| passwords.js:152:33:152:43 | process.env | -| passwords.js:152:33:152:43 | process.env | -| passwords.js:154:21:154:28 | procdesc | -| passwords.js:156:17:156:27 | process.env | -| passwords.js:156:17:156:27 | process.env | -| passwords.js:156:17:156:27 | process.env | -| passwords.js:163:14:163:21 | password | -| passwords.js:163:14:163:21 | password | -| passwords.js:163:14:163:41 | passwor ... g, "*") | -| passwords.js:163:14:163:41 | passwor ... g, "*") | -| passwords.js:164:14:164:21 | password | -| passwords.js:164:14:164:21 | password | -| passwords.js:164:14:164:42 | passwor ... g, "*") | -| passwords.js:164:14:164:42 | passwor ... g, "*") | -| passwords.js:169:17:169:24 | password | -| passwords.js:169:17:169:24 | password | -| passwords.js:169:17:169:45 | passwor ... g, "*") | -| passwords.js:169:17:169:45 | passwor ... g, "*") | -| passwords.js:170:11:170:18 | password | -| passwords.js:170:11:170:18 | password | -| passwords.js:170:11:170:39 | passwor ... g, "*") | -| passwords.js:170:11:170:39 | passwor ... g, "*") | -| passwords.js:173:17:173:26 | myPassword | -| passwords.js:173:17:173:26 | myPassword | -| passwords.js:173:17:173:26 | myPassword | -| passwords.js:176:17:176:26 | myPasscode | -| passwords.js:176:17:176:26 | myPasscode | -| passwords.js:176:17:176:26 | myPasscode | -| passwords_in_browser1.js:2:13:2:20 | password | -| passwords_in_browser1.js:2:13:2:20 | password | -| passwords_in_browser1.js:2:13:2:20 | password | -| passwords_in_browser2.js:2:13:2:20 | password | -| passwords_in_browser2.js:2:13:2:20 | password | -| passwords_in_browser2.js:2:13:2:20 | password | -| passwords_in_server_1.js:6:13:6:20 | password | -| passwords_in_server_1.js:6:13:6:20 | password | -| passwords_in_server_1.js:6:13:6:20 | password | -| passwords_in_server_2.js:3:13:3:20 | password | -| passwords_in_server_2.js:3:13:3:20 | password | -| passwords_in_server_2.js:3:13:3:20 | password | -| passwords_in_server_3.js:2:13:2:20 | password | -| passwords_in_server_3.js:2:13:2:20 | password | -| passwords_in_server_3.js:2:13:2:20 | password | -| passwords_in_server_4.js:2:13:2:20 | password | -| passwords_in_server_4.js:2:13:2:20 | password | -| passwords_in_server_4.js:2:13:2:20 | password | -| passwords_in_server_5.js:4:7:4:24 | req.query.password | -| passwords_in_server_5.js:4:7:4:24 | req.query.password | -| passwords_in_server_5.js:7:12:7:12 | x | -| passwords_in_server_5.js:8:17:8:17 | x | -| passwords_in_server_5.js:8:17:8:17 | x | edges -| passwords.js:2:17:2:24 | password | passwords.js:2:17:2:24 | password | -| passwords.js:3:17:3:26 | o.password | passwords.js:3:17:3:26 | o.password | -| passwords.js:4:17:4:29 | getPassword() | passwords.js:4:17:4:29 | getPassword() | -| passwords.js:5:17:5:31 | o.getPassword() | passwords.js:5:17:5:31 | o.getPassword() | -| passwords.js:7:20:7:20 | x | passwords.js:8:21:8:21 | x | -| passwords.js:7:20:7:20 | x | passwords.js:8:21:8:21 | x | -| passwords.js:10:11:10:18 | password | passwords.js:7:20:7:20 | x | -| passwords.js:10:11:10:18 | password | passwords.js:7:20:7:20 | x | -| passwords.js:12:18:12:25 | password | passwords.js:12:18:12:25 | password | -| passwords.js:14:31:14:38 | password | passwords.js:14:17:14:38 | name + ... assword | -| passwords.js:14:31:14:38 | password | passwords.js:14:17:14:38 | name + ... assword | -| passwords.js:14:31:14:38 | password | passwords.js:14:17:14:38 | name + ... assword | -| passwords.js:14:31:14:38 | password | passwords.js:14:17:14:38 | name + ... assword | -| passwords.js:16:29:16:36 | password | passwords.js:16:17:16:38 | `${name ... sword}` | -| passwords.js:16:29:16:36 | password | passwords.js:16:17:16:38 | `${name ... sword}` | -| passwords.js:16:29:16:36 | password | passwords.js:16:17:16:38 | `${name ... sword}` | -| passwords.js:16:29:16:36 | password | passwords.js:16:17:16:38 | `${name ... sword}` | -| passwords.js:18:9:20:5 | obj1 | passwords.js:21:17:21:20 | obj1 | -| passwords.js:18:9:20:5 | obj1 | passwords.js:21:17:21:20 | obj1 | -| passwords.js:18:16:20:5 | {\\n ... x\\n } | passwords.js:18:9:20:5 | obj1 | -| passwords.js:18:16:20:5 | {\\n ... x\\n } | passwords.js:18:9:20:5 | obj1 | -| passwords.js:23:9:25:5 | obj2 | passwords.js:26:17:26:20 | obj2 | -| passwords.js:23:9:25:5 | obj2 | passwords.js:26:17:26:20 | obj2 | -| passwords.js:23:16:25:5 | {\\n ... d\\n } | passwords.js:23:9:25:5 | obj2 | -| passwords.js:24:12:24:19 | password | passwords.js:23:16:25:5 | {\\n ... d\\n } | -| passwords.js:24:12:24:19 | password | passwords.js:23:16:25:5 | {\\n ... d\\n } | -| passwords.js:28:9:28:17 | obj3 | passwords.js:29:17:29:20 | obj3 | -| passwords.js:28:9:28:17 | obj3 | passwords.js:29:17:29:20 | obj3 | -| passwords.js:28:16:28:17 | {} | passwords.js:28:9:28:17 | obj3 | -| passwords.js:30:14:30:21 | password | passwords.js:28:16:28:17 | {} | -| passwords.js:30:14:30:21 | password | passwords.js:28:16:28:17 | {} | -| passwords.js:77:37:77:53 | req.body.password | passwords.js:78:17:78:38 | temp.en ... assword | -| passwords.js:77:37:77:53 | req.body.password | passwords.js:78:17:78:38 | temp.en ... assword | -| passwords.js:77:37:77:53 | req.body.password | passwords.js:78:17:78:38 | temp.en ... assword | -| passwords.js:77:37:77:53 | req.body.password | passwords.js:78:17:78:38 | temp.en ... assword | -| passwords.js:80:9:80:25 | secret | passwords.js:81:24:81:29 | secret | -| passwords.js:80:18:80:25 | password | passwords.js:80:9:80:25 | secret | -| passwords.js:80:18:80:25 | password | passwords.js:80:9:80:25 | secret | -| passwords.js:81:24:81:29 | secret | passwords.js:81:17:81:31 | `pw: ${secret}` | -| passwords.js:81:24:81:29 | secret | passwords.js:81:17:81:31 | `pw: ${secret}` | -| passwords.js:93:39:93:46 | password | passwords.js:93:21:93:46 | "Passwo ... assword | -| passwords.js:93:39:93:46 | password | passwords.js:93:21:93:46 | "Passwo ... assword | -| passwords.js:93:39:93:46 | password | passwords.js:93:21:93:46 | "Passwo ... assword | -| passwords.js:93:39:93:46 | password | passwords.js:93:21:93:46 | "Passwo ... assword | -| passwords.js:98:39:98:46 | password | passwords.js:98:21:98:46 | "Passwo ... assword | -| passwords.js:98:39:98:46 | password | passwords.js:98:21:98:46 | "Passwo ... assword | -| passwords.js:98:39:98:46 | password | passwords.js:98:21:98:46 | "Passwo ... assword | -| passwords.js:98:39:98:46 | password | passwords.js:98:21:98:46 | "Passwo ... assword | -| passwords.js:105:39:105:46 | password | passwords.js:105:21:105:46 | "Passwo ... assword | -| passwords.js:105:39:105:46 | password | passwords.js:105:21:105:46 | "Passwo ... assword | -| passwords.js:105:39:105:46 | password | passwords.js:105:21:105:46 | "Passwo ... assword | -| passwords.js:105:39:105:46 | password | passwords.js:105:21:105:46 | "Passwo ... assword | -| passwords.js:110:39:110:46 | password | passwords.js:110:21:110:46 | "Passwo ... assword | -| passwords.js:110:39:110:46 | password | passwords.js:110:21:110:46 | "Passwo ... assword | -| passwords.js:110:39:110:46 | password | passwords.js:110:21:110:46 | "Passwo ... assword | -| passwords.js:110:39:110:46 | password | passwords.js:110:21:110:46 | "Passwo ... assword | -| passwords.js:114:43:114:50 | password | passwords.js:114:25:114:50 | "Passwo ... assword | -| passwords.js:114:43:114:50 | password | passwords.js:114:25:114:50 | "Passwo ... assword | -| passwords.js:114:43:114:50 | password | passwords.js:114:25:114:50 | "Passwo ... assword | -| passwords.js:114:43:114:50 | password | passwords.js:114:25:114:50 | "Passwo ... assword | -| passwords.js:119:39:119:46 | password | passwords.js:119:21:119:46 | "Passwo ... assword | -| passwords.js:119:39:119:46 | password | passwords.js:119:21:119:46 | "Passwo ... assword | -| passwords.js:119:39:119:46 | password | passwords.js:119:21:119:46 | "Passwo ... assword | -| passwords.js:119:39:119:46 | password | passwords.js:119:21:119:46 | "Passwo ... assword | -| passwords.js:122:31:122:38 | password | passwords.js:122:31:122:49 | password.toString() | -| passwords.js:122:31:122:38 | password | passwords.js:122:31:122:49 | password.toString() | -| passwords.js:122:31:122:49 | password.toString() | passwords.js:122:17:122:49 | name + ... tring() | -| passwords.js:122:31:122:49 | password.toString() | passwords.js:122:17:122:49 | name + ... tring() | -| passwords.js:123:31:123:38 | password | passwords.js:123:31:123:48 | password.valueOf() | -| passwords.js:123:31:123:38 | password | passwords.js:123:31:123:48 | password.valueOf() | -| passwords.js:123:31:123:48 | password.valueOf() | passwords.js:123:17:123:48 | name + ... lueOf() | -| passwords.js:123:31:123:48 | password.valueOf() | passwords.js:123:17:123:48 | name + ... lueOf() | -| passwords.js:127:9:132:5 | config | passwords.js:135:17:135:22 | config | -| passwords.js:127:9:132:5 | config | passwords.js:135:17:135:22 | config | -| passwords.js:127:18:132:5 | {\\n ... )\\n } | passwords.js:127:9:132:5 | config | -| passwords.js:127:18:132:5 | {\\n ... )\\n } | passwords.js:127:9:132:5 | config | -| passwords.js:130:12:130:19 | password | passwords.js:127:18:132:5 | {\\n ... )\\n } | -| passwords.js:130:12:130:19 | password | passwords.js:127:18:132:5 | {\\n ... )\\n } | -| passwords.js:130:12:130:19 | password | passwords.js:136:17:136:24 | config.x | -| passwords.js:130:12:130:19 | password | passwords.js:136:17:136:24 | config.x | -| passwords.js:130:12:130:19 | password | passwords.js:136:17:136:24 | config.x | -| passwords.js:130:12:130:19 | password | passwords.js:136:17:136:24 | config.x | -| passwords.js:131:12:131:24 | getPassword() | passwords.js:127:18:132:5 | {\\n ... )\\n } | -| passwords.js:131:12:131:24 | getPassword() | passwords.js:127:18:132:5 | {\\n ... )\\n } | -| passwords.js:131:12:131:24 | getPassword() | passwords.js:137:17:137:24 | config.y | -| passwords.js:131:12:131:24 | getPassword() | passwords.js:137:17:137:24 | config.y | -| passwords.js:131:12:131:24 | getPassword() | passwords.js:137:17:137:24 | config.y | -| passwords.js:131:12:131:24 | getPassword() | passwords.js:137:17:137:24 | config.y | -| passwords.js:147:12:147:19 | password | passwords.js:149:21:149:28 | config.x | -| passwords.js:147:12:147:19 | password | passwords.js:149:21:149:28 | config.x | -| passwords.js:149:21:149:28 | config.x | passwords.js:142:26:142:34 | arguments | -| passwords.js:149:21:149:28 | config.x | passwords.js:142:26:142:34 | arguments | -| passwords.js:150:21:150:31 | process.env | passwords.js:142:26:142:34 | arguments | -| passwords.js:150:21:150:31 | process.env | passwords.js:142:26:142:34 | arguments | -| passwords.js:150:21:150:31 | process.env | passwords.js:142:26:142:34 | arguments | -| passwords.js:150:21:150:31 | process.env | passwords.js:142:26:142:34 | arguments | -| passwords.js:152:9:152:63 | procdesc | passwords.js:154:21:154:28 | procdesc | -| passwords.js:152:20:152:44 | Util.in ... ss.env) | passwords.js:152:20:152:63 | Util.in ... /g, '') | -| passwords.js:152:20:152:63 | Util.in ... /g, '') | passwords.js:152:9:152:63 | procdesc | -| passwords.js:152:33:152:43 | process.env | passwords.js:152:20:152:44 | Util.in ... ss.env) | -| passwords.js:152:33:152:43 | process.env | passwords.js:152:20:152:44 | Util.in ... ss.env) | -| passwords.js:154:21:154:28 | procdesc | passwords.js:142:26:142:34 | arguments | -| passwords.js:154:21:154:28 | procdesc | passwords.js:142:26:142:34 | arguments | -| passwords.js:156:17:156:27 | process.env | passwords.js:156:17:156:27 | process.env | -| passwords.js:163:14:163:21 | password | passwords.js:163:14:163:41 | passwor ... g, "*") | -| passwords.js:163:14:163:21 | password | passwords.js:163:14:163:41 | passwor ... g, "*") | -| passwords.js:163:14:163:21 | password | passwords.js:163:14:163:41 | passwor ... g, "*") | -| passwords.js:163:14:163:21 | password | passwords.js:163:14:163:41 | passwor ... g, "*") | -| passwords.js:164:14:164:21 | password | passwords.js:164:14:164:42 | passwor ... g, "*") | -| passwords.js:164:14:164:21 | password | passwords.js:164:14:164:42 | passwor ... g, "*") | -| passwords.js:164:14:164:21 | password | passwords.js:164:14:164:42 | passwor ... g, "*") | -| passwords.js:164:14:164:21 | password | passwords.js:164:14:164:42 | passwor ... g, "*") | -| passwords.js:169:17:169:24 | password | passwords.js:169:17:169:45 | passwor ... g, "*") | -| passwords.js:169:17:169:24 | password | passwords.js:169:17:169:45 | passwor ... g, "*") | -| passwords.js:169:17:169:24 | password | passwords.js:169:17:169:45 | passwor ... g, "*") | -| passwords.js:169:17:169:24 | password | passwords.js:169:17:169:45 | passwor ... g, "*") | -| passwords.js:170:11:170:18 | password | passwords.js:170:11:170:39 | passwor ... g, "*") | -| passwords.js:170:11:170:18 | password | passwords.js:170:11:170:39 | passwor ... g, "*") | -| passwords.js:170:11:170:18 | password | passwords.js:170:11:170:39 | passwor ... g, "*") | -| passwords.js:170:11:170:18 | password | passwords.js:170:11:170:39 | passwor ... g, "*") | -| passwords.js:173:17:173:26 | myPassword | passwords.js:173:17:173:26 | myPassword | -| passwords.js:176:17:176:26 | myPasscode | passwords.js:176:17:176:26 | myPasscode | -| passwords_in_browser1.js:2:13:2:20 | password | passwords_in_browser1.js:2:13:2:20 | password | -| passwords_in_browser2.js:2:13:2:20 | password | passwords_in_browser2.js:2:13:2:20 | password | -| passwords_in_server_1.js:6:13:6:20 | password | passwords_in_server_1.js:6:13:6:20 | password | -| passwords_in_server_2.js:3:13:3:20 | password | passwords_in_server_2.js:3:13:3:20 | password | -| passwords_in_server_3.js:2:13:2:20 | password | passwords_in_server_3.js:2:13:2:20 | password | -| passwords_in_server_4.js:2:13:2:20 | password | passwords_in_server_4.js:2:13:2:20 | password | -| passwords_in_server_5.js:4:7:4:24 | req.query.password | passwords_in_server_5.js:7:12:7:12 | x | -| passwords_in_server_5.js:4:7:4:24 | req.query.password | passwords_in_server_5.js:7:12:7:12 | x | -| passwords_in_server_5.js:7:12:7:12 | x | passwords_in_server_5.js:8:17:8:17 | x | -| passwords_in_server_5.js:7:12:7:12 | x | passwords_in_server_5.js:8:17:8:17 | x | +| passwords.js:7:20:7:20 | x | passwords.js:8:21:8:21 | x | provenance | | +| passwords.js:10:11:10:18 | password | passwords.js:7:20:7:20 | x | provenance | | +| passwords.js:14:31:14:38 | password | passwords.js:14:17:14:38 | name + ... assword | provenance | | +| passwords.js:16:29:16:36 | password | passwords.js:16:17:16:38 | `${name ... sword}` | provenance | | +| passwords.js:18:9:20:5 | obj1 [password] | passwords.js:21:17:21:20 | obj1 [password] | provenance | | +| passwords.js:18:16:20:5 | {\\n ... x\\n } [password] | passwords.js:18:9:20:5 | obj1 [password] | provenance | | +| passwords.js:19:19:19:19 | x | passwords.js:18:16:20:5 | {\\n ... x\\n } [password] | provenance | | +| passwords.js:21:17:21:20 | obj1 [password] | passwords.js:21:17:21:20 | obj1 | provenance | | +| passwords.js:23:9:25:5 | obj2 [x] | passwords.js:26:17:26:20 | obj2 [x] | provenance | | +| passwords.js:23:16:25:5 | {\\n ... d\\n } [x] | passwords.js:23:9:25:5 | obj2 [x] | provenance | | +| passwords.js:24:12:24:19 | password | passwords.js:23:16:25:5 | {\\n ... d\\n } [x] | provenance | | +| passwords.js:26:17:26:20 | obj2 [x] | passwords.js:26:17:26:20 | obj2 | provenance | | +| passwords.js:28:9:28:17 | obj3 [x] | passwords.js:29:17:29:20 | obj3 [x] | provenance | | +| passwords.js:29:17:29:20 | obj3 [x] | passwords.js:29:17:29:20 | obj3 | provenance | | +| passwords.js:30:5:30:8 | [post update] obj3 [x] | passwords.js:28:9:28:17 | obj3 [x] | provenance | | +| passwords.js:30:14:30:21 | password | passwords.js:30:5:30:8 | [post update] obj3 [x] | provenance | | +| passwords.js:77:9:77:55 | temp [encryptedPassword] | passwords.js:78:17:78:20 | temp [encryptedPassword] | provenance | | +| passwords.js:77:16:77:55 | { encry ... sword } [encryptedPassword] | passwords.js:77:9:77:55 | temp [encryptedPassword] | provenance | | +| passwords.js:77:37:77:53 | req.body.password | passwords.js:77:16:77:55 | { encry ... sword } [encryptedPassword] | provenance | | +| passwords.js:78:17:78:20 | temp [encryptedPassword] | passwords.js:78:17:78:38 | temp.en ... assword | provenance | | +| passwords.js:80:9:80:25 | secret | passwords.js:81:24:81:29 | secret | provenance | | +| passwords.js:80:18:80:25 | password | passwords.js:80:9:80:25 | secret | provenance | | +| passwords.js:81:24:81:29 | secret | passwords.js:81:17:81:31 | `pw: ${secret}` | provenance | | +| passwords.js:93:39:93:46 | password | passwords.js:93:21:93:46 | "Passwo ... assword | provenance | | +| passwords.js:98:39:98:46 | password | passwords.js:98:21:98:46 | "Passwo ... assword | provenance | | +| passwords.js:105:39:105:46 | password | passwords.js:105:21:105:46 | "Passwo ... assword | provenance | | +| passwords.js:110:39:110:46 | password | passwords.js:110:21:110:46 | "Passwo ... assword | provenance | | +| passwords.js:114:43:114:50 | password | passwords.js:114:25:114:50 | "Passwo ... assword | provenance | | +| passwords.js:119:39:119:46 | password | passwords.js:119:21:119:46 | "Passwo ... assword | provenance | | +| passwords.js:122:31:122:38 | password | passwords.js:122:31:122:49 | password.toString() | provenance | | +| passwords.js:122:31:122:49 | password.toString() | passwords.js:122:17:122:49 | name + ... tring() | provenance | | +| passwords.js:123:31:123:38 | password | passwords.js:123:31:123:48 | password.valueOf() | provenance | | +| passwords.js:123:31:123:48 | password.valueOf() | passwords.js:123:17:123:48 | name + ... lueOf() | provenance | | +| passwords.js:127:9:132:5 | config [password] | passwords.js:135:17:135:22 | config [password] | provenance | | +| passwords.js:127:9:132:5 | config [x] | passwords.js:135:17:135:22 | config [x] | provenance | | +| passwords.js:127:9:132:5 | config [x] | passwords.js:136:17:136:22 | config [x] | provenance | | +| passwords.js:127:9:132:5 | config [y] | passwords.js:135:17:135:22 | config [y] | provenance | | +| passwords.js:127:9:132:5 | config [y] | passwords.js:137:17:137:22 | config [y] | provenance | | +| passwords.js:127:18:132:5 | {\\n ... )\\n } [password] | passwords.js:127:9:132:5 | config [password] | provenance | | +| passwords.js:127:18:132:5 | {\\n ... )\\n } [x] | passwords.js:127:9:132:5 | config [x] | provenance | | +| passwords.js:127:18:132:5 | {\\n ... )\\n } [y] | passwords.js:127:9:132:5 | config [y] | provenance | | +| passwords.js:128:19:128:19 | x | passwords.js:127:18:132:5 | {\\n ... )\\n } [password] | provenance | | +| passwords.js:130:12:130:19 | password | passwords.js:127:18:132:5 | {\\n ... )\\n } [x] | provenance | | +| passwords.js:131:12:131:24 | getPassword() | passwords.js:127:18:132:5 | {\\n ... )\\n } [y] | provenance | | +| passwords.js:135:17:135:22 | config [password] | passwords.js:135:17:135:22 | config | provenance | | +| passwords.js:135:17:135:22 | config [x] | passwords.js:135:17:135:22 | config | provenance | | +| passwords.js:135:17:135:22 | config [y] | passwords.js:135:17:135:22 | config | provenance | | +| passwords.js:136:17:136:22 | config [x] | passwords.js:136:17:136:24 | config.x | provenance | | +| passwords.js:137:17:137:22 | config [y] | passwords.js:137:17:137:24 | config.y | provenance | | +| passwords.js:146:9:148:5 | config [x] | passwords.js:149:21:149:26 | config [x] | provenance | | +| passwords.js:146:18:148:5 | {\\n ... d\\n } [x] | passwords.js:146:9:148:5 | config [x] | provenance | | +| passwords.js:147:12:147:19 | password | passwords.js:146:18:148:5 | {\\n ... d\\n } [x] | provenance | | +| passwords.js:149:21:149:26 | config [x] | passwords.js:149:21:149:28 | config.x | provenance | | +| passwords.js:149:21:149:28 | config.x | passwords.js:142:26:142:34 | arguments | provenance | Config | +| passwords.js:150:21:150:31 | process.env | passwords.js:142:26:142:34 | arguments | provenance | Config | +| passwords.js:152:9:152:63 | procdesc | passwords.js:154:21:154:28 | procdesc | provenance | | +| passwords.js:152:20:152:44 | Util.in ... ss.env) | passwords.js:152:20:152:63 | Util.in ... /g, '') | provenance | | +| passwords.js:152:20:152:63 | Util.in ... /g, '') | passwords.js:152:9:152:63 | procdesc | provenance | | +| passwords.js:152:33:152:43 | process.env | passwords.js:152:20:152:44 | Util.in ... ss.env) | provenance | | +| passwords.js:154:21:154:28 | procdesc | passwords.js:142:26:142:34 | arguments | provenance | Config | +| passwords.js:163:14:163:21 | password | passwords.js:163:14:163:41 | passwor ... g, "*") | provenance | | +| passwords.js:164:14:164:21 | password | passwords.js:164:14:164:42 | passwor ... g, "*") | provenance | | +| passwords.js:169:17:169:24 | password | passwords.js:169:17:169:45 | passwor ... g, "*") | provenance | | +| passwords.js:170:11:170:18 | password | passwords.js:170:11:170:39 | passwor ... g, "*") | provenance | | +| passwords_in_server_5.js:4:7:4:24 | req.query.password | passwords_in_server_5.js:7:12:7:12 | x | provenance | | +| passwords_in_server_5.js:7:12:7:12 | x | passwords_in_server_5.js:8:17:8:17 | x | provenance | | +nodes +| passwords.js:2:17:2:24 | password | semmle.label | password | +| passwords.js:3:17:3:26 | o.password | semmle.label | o.password | +| passwords.js:4:17:4:29 | getPassword() | semmle.label | getPassword() | +| passwords.js:5:17:5:31 | o.getPassword() | semmle.label | o.getPassword() | +| passwords.js:7:20:7:20 | x | semmle.label | x | +| passwords.js:8:21:8:21 | x | semmle.label | x | +| passwords.js:10:11:10:18 | password | semmle.label | password | +| passwords.js:12:18:12:25 | password | semmle.label | password | +| passwords.js:14:17:14:38 | name + ... assword | semmle.label | name + ... assword | +| passwords.js:14:31:14:38 | password | semmle.label | password | +| passwords.js:16:17:16:38 | `${name ... sword}` | semmle.label | `${name ... sword}` | +| passwords.js:16:29:16:36 | password | semmle.label | password | +| passwords.js:18:9:20:5 | obj1 [password] | semmle.label | obj1 [password] | +| passwords.js:18:16:20:5 | {\\n ... x\\n } [password] | semmle.label | {\\n ... x\\n } [password] | +| passwords.js:19:19:19:19 | x | semmle.label | x | +| passwords.js:21:17:21:20 | obj1 | semmle.label | obj1 | +| passwords.js:21:17:21:20 | obj1 [password] | semmle.label | obj1 [password] | +| passwords.js:23:9:25:5 | obj2 [x] | semmle.label | obj2 [x] | +| passwords.js:23:16:25:5 | {\\n ... d\\n } [x] | semmle.label | {\\n ... d\\n } [x] | +| passwords.js:24:12:24:19 | password | semmle.label | password | +| passwords.js:26:17:26:20 | obj2 | semmle.label | obj2 | +| passwords.js:26:17:26:20 | obj2 [x] | semmle.label | obj2 [x] | +| passwords.js:28:9:28:17 | obj3 [x] | semmle.label | obj3 [x] | +| passwords.js:29:17:29:20 | obj3 | semmle.label | obj3 | +| passwords.js:29:17:29:20 | obj3 [x] | semmle.label | obj3 [x] | +| passwords.js:30:5:30:8 | [post update] obj3 [x] | semmle.label | [post update] obj3 [x] | +| passwords.js:30:14:30:21 | password | semmle.label | password | +| passwords.js:77:9:77:55 | temp [encryptedPassword] | semmle.label | temp [encryptedPassword] | +| passwords.js:77:16:77:55 | { encry ... sword } [encryptedPassword] | semmle.label | { encry ... sword } [encryptedPassword] | +| passwords.js:77:37:77:53 | req.body.password | semmle.label | req.body.password | +| passwords.js:78:17:78:20 | temp [encryptedPassword] | semmle.label | temp [encryptedPassword] | +| passwords.js:78:17:78:38 | temp.en ... assword | semmle.label | temp.en ... assword | +| passwords.js:80:9:80:25 | secret | semmle.label | secret | +| passwords.js:80:18:80:25 | password | semmle.label | password | +| passwords.js:81:17:81:31 | `pw: ${secret}` | semmle.label | `pw: ${secret}` | +| passwords.js:81:24:81:29 | secret | semmle.label | secret | +| passwords.js:93:21:93:46 | "Passwo ... assword | semmle.label | "Passwo ... assword | +| passwords.js:93:39:93:46 | password | semmle.label | password | +| passwords.js:98:21:98:46 | "Passwo ... assword | semmle.label | "Passwo ... assword | +| passwords.js:98:39:98:46 | password | semmle.label | password | +| passwords.js:105:21:105:46 | "Passwo ... assword | semmle.label | "Passwo ... assword | +| passwords.js:105:39:105:46 | password | semmle.label | password | +| passwords.js:110:21:110:46 | "Passwo ... assword | semmle.label | "Passwo ... assword | +| passwords.js:110:39:110:46 | password | semmle.label | password | +| passwords.js:114:25:114:50 | "Passwo ... assword | semmle.label | "Passwo ... assword | +| passwords.js:114:43:114:50 | password | semmle.label | password | +| passwords.js:119:21:119:46 | "Passwo ... assword | semmle.label | "Passwo ... assword | +| passwords.js:119:39:119:46 | password | semmle.label | password | +| passwords.js:122:17:122:49 | name + ... tring() | semmle.label | name + ... tring() | +| passwords.js:122:31:122:38 | password | semmle.label | password | +| passwords.js:122:31:122:49 | password.toString() | semmle.label | password.toString() | +| passwords.js:123:17:123:48 | name + ... lueOf() | semmle.label | name + ... lueOf() | +| passwords.js:123:31:123:38 | password | semmle.label | password | +| passwords.js:123:31:123:48 | password.valueOf() | semmle.label | password.valueOf() | +| passwords.js:127:9:132:5 | config [password] | semmle.label | config [password] | +| passwords.js:127:9:132:5 | config [x] | semmle.label | config [x] | +| passwords.js:127:9:132:5 | config [y] | semmle.label | config [y] | +| passwords.js:127:18:132:5 | {\\n ... )\\n } [password] | semmle.label | {\\n ... )\\n } [password] | +| passwords.js:127:18:132:5 | {\\n ... )\\n } [x] | semmle.label | {\\n ... )\\n } [x] | +| passwords.js:127:18:132:5 | {\\n ... )\\n } [y] | semmle.label | {\\n ... )\\n } [y] | +| passwords.js:128:19:128:19 | x | semmle.label | x | +| passwords.js:130:12:130:19 | password | semmle.label | password | +| passwords.js:131:12:131:24 | getPassword() | semmle.label | getPassword() | +| passwords.js:135:17:135:22 | config | semmle.label | config | +| passwords.js:135:17:135:22 | config [password] | semmle.label | config [password] | +| passwords.js:135:17:135:22 | config [x] | semmle.label | config [x] | +| passwords.js:135:17:135:22 | config [y] | semmle.label | config [y] | +| passwords.js:136:17:136:22 | config [x] | semmle.label | config [x] | +| passwords.js:136:17:136:24 | config.x | semmle.label | config.x | +| passwords.js:137:17:137:22 | config [y] | semmle.label | config [y] | +| passwords.js:137:17:137:24 | config.y | semmle.label | config.y | +| passwords.js:142:26:142:34 | arguments | semmle.label | arguments | +| passwords.js:146:9:148:5 | config [x] | semmle.label | config [x] | +| passwords.js:146:18:148:5 | {\\n ... d\\n } [x] | semmle.label | {\\n ... d\\n } [x] | +| passwords.js:147:12:147:19 | password | semmle.label | password | +| passwords.js:149:21:149:26 | config [x] | semmle.label | config [x] | +| passwords.js:149:21:149:28 | config.x | semmle.label | config.x | +| passwords.js:150:21:150:31 | process.env | semmle.label | process.env | +| passwords.js:152:9:152:63 | procdesc | semmle.label | procdesc | +| passwords.js:152:20:152:44 | Util.in ... ss.env) | semmle.label | Util.in ... ss.env) | +| passwords.js:152:20:152:63 | Util.in ... /g, '') | semmle.label | Util.in ... /g, '') | +| passwords.js:152:33:152:43 | process.env | semmle.label | process.env | +| passwords.js:154:21:154:28 | procdesc | semmle.label | procdesc | +| passwords.js:156:17:156:27 | process.env | semmle.label | process.env | +| passwords.js:163:14:163:21 | password | semmle.label | password | +| passwords.js:163:14:163:41 | passwor ... g, "*") | semmle.label | passwor ... g, "*") | +| passwords.js:164:14:164:21 | password | semmle.label | password | +| passwords.js:164:14:164:42 | passwor ... g, "*") | semmle.label | passwor ... g, "*") | +| passwords.js:169:17:169:24 | password | semmle.label | password | +| passwords.js:169:17:169:45 | passwor ... g, "*") | semmle.label | passwor ... g, "*") | +| passwords.js:170:11:170:18 | password | semmle.label | password | +| passwords.js:170:11:170:39 | passwor ... g, "*") | semmle.label | passwor ... g, "*") | +| passwords.js:173:17:173:26 | myPassword | semmle.label | myPassword | +| passwords.js:176:17:176:26 | myPasscode | semmle.label | myPasscode | +| passwords_in_browser1.js:2:13:2:20 | password | semmle.label | password | +| passwords_in_browser2.js:2:13:2:20 | password | semmle.label | password | +| passwords_in_server_1.js:6:13:6:20 | password | semmle.label | password | +| passwords_in_server_2.js:3:13:3:20 | password | semmle.label | password | +| passwords_in_server_3.js:2:13:2:20 | password | semmle.label | password | +| passwords_in_server_4.js:2:13:2:20 | password | semmle.label | password | +| passwords_in_server_5.js:4:7:4:24 | req.query.password | semmle.label | req.query.password | +| passwords_in_server_5.js:7:12:7:12 | x | semmle.label | x | +| passwords_in_server_5.js:8:17:8:17 | x | semmle.label | x | +subpaths #select | passwords.js:2:17:2:24 | password | passwords.js:2:17:2:24 | password | passwords.js:2:17:2:24 | password | This logs sensitive data returned by $@ as clear text. | passwords.js:2:17:2:24 | password | an access to password | | passwords.js:3:17:3:26 | o.password | passwords.js:3:17:3:26 | o.password | passwords.js:3:17:3:26 | o.password | This logs sensitive data returned by $@ as clear text. | passwords.js:3:17:3:26 | o.password | an access to password | @@ -304,7 +179,7 @@ edges | passwords.js:12:18:12:25 | password | passwords.js:12:18:12:25 | password | passwords.js:12:18:12:25 | password | This logs sensitive data returned by $@ as clear text. | passwords.js:12:18:12:25 | password | an access to password | | passwords.js:14:17:14:38 | name + ... assword | passwords.js:14:31:14:38 | password | passwords.js:14:17:14:38 | name + ... assword | This logs sensitive data returned by $@ as clear text. | passwords.js:14:31:14:38 | password | an access to password | | passwords.js:16:17:16:38 | `${name ... sword}` | passwords.js:16:29:16:36 | password | passwords.js:16:17:16:38 | `${name ... sword}` | This logs sensitive data returned by $@ as clear text. | passwords.js:16:29:16:36 | password | an access to password | -| passwords.js:21:17:21:20 | obj1 | passwords.js:18:16:20:5 | {\\n ... x\\n } | passwords.js:21:17:21:20 | obj1 | This logs sensitive data returned by $@ as clear text. | passwords.js:18:16:20:5 | {\\n ... x\\n } | an access to password | +| passwords.js:21:17:21:20 | obj1 | passwords.js:19:19:19:19 | x | passwords.js:21:17:21:20 | obj1 | This logs sensitive data returned by $@ as clear text. | passwords.js:19:19:19:19 | x | an access to password | | passwords.js:26:17:26:20 | obj2 | passwords.js:24:12:24:19 | password | passwords.js:26:17:26:20 | obj2 | This logs sensitive data returned by $@ as clear text. | passwords.js:24:12:24:19 | password | an access to password | | passwords.js:29:17:29:20 | obj3 | passwords.js:30:14:30:21 | password | passwords.js:29:17:29:20 | obj3 | This logs sensitive data returned by $@ as clear text. | passwords.js:30:14:30:21 | password | an access to password | | passwords.js:78:17:78:38 | temp.en ... assword | passwords.js:77:37:77:53 | req.body.password | passwords.js:78:17:78:38 | temp.en ... assword | This logs sensitive data returned by $@ as clear text. | passwords.js:77:37:77:53 | req.body.password | an access to password | @@ -317,7 +192,7 @@ edges | passwords.js:119:21:119:46 | "Passwo ... assword | passwords.js:119:39:119:46 | password | passwords.js:119:21:119:46 | "Passwo ... assword | This logs sensitive data returned by $@ as clear text. | passwords.js:119:39:119:46 | password | an access to password | | passwords.js:122:17:122:49 | name + ... tring() | passwords.js:122:31:122:38 | password | passwords.js:122:17:122:49 | name + ... tring() | This logs sensitive data returned by $@ as clear text. | passwords.js:122:31:122:38 | password | an access to password | | passwords.js:123:17:123:48 | name + ... lueOf() | passwords.js:123:31:123:38 | password | passwords.js:123:17:123:48 | name + ... lueOf() | This logs sensitive data returned by $@ as clear text. | passwords.js:123:31:123:38 | password | an access to password | -| passwords.js:135:17:135:22 | config | passwords.js:127:18:132:5 | {\\n ... )\\n } | passwords.js:135:17:135:22 | config | This logs sensitive data returned by $@ as clear text. | passwords.js:127:18:132:5 | {\\n ... )\\n } | an access to password | +| passwords.js:135:17:135:22 | config | passwords.js:128:19:128:19 | x | passwords.js:135:17:135:22 | config | This logs sensitive data returned by $@ as clear text. | passwords.js:128:19:128:19 | x | an access to password | | passwords.js:135:17:135:22 | config | passwords.js:130:12:130:19 | password | passwords.js:135:17:135:22 | config | This logs sensitive data returned by $@ as clear text. | passwords.js:130:12:130:19 | password | an access to password | | passwords.js:135:17:135:22 | config | passwords.js:131:12:131:24 | getPassword() | passwords.js:135:17:135:22 | config | This logs sensitive data returned by $@ as clear text. | passwords.js:131:12:131:24 | getPassword() | a call to getPassword | | passwords.js:136:17:136:24 | config.x | passwords.js:130:12:130:19 | password | passwords.js:136:17:136:24 | config.x | This logs sensitive data returned by $@ as clear text. | passwords.js:130:12:130:19 | password | an access to password | diff --git a/javascript/ql/test/query-tests/Security/CWE-312/CleartextStorage.expected b/javascript/ql/test/query-tests/Security/CWE-312/CleartextStorage.expected index 7016dbbffa89..e6a5f7f551e5 100644 --- a/javascript/ql/test/query-tests/Security/CWE-312/CleartextStorage.expected +++ b/javascript/ql/test/query-tests/Security/CWE-312/CleartextStorage.expected @@ -1,57 +1,26 @@ -nodes -| CleartextStorage2.js:5:7:5:58 | pw | -| CleartextStorage2.js:5:12:5:58 | url.par ... assword | -| CleartextStorage2.js:5:12:5:58 | url.par ... assword | -| CleartextStorage2.js:7:19:7:34 | 'password=' + pw | -| CleartextStorage2.js:7:19:7:34 | 'password=' + pw | -| CleartextStorage2.js:7:33:7:34 | pw | -| CleartextStorage.js:5:7:5:40 | pw | -| CleartextStorage.js:5:12:5:40 | req.par ... sword") | -| CleartextStorage.js:5:12:5:40 | req.par ... sword") | -| CleartextStorage.js:7:26:7:27 | pw | -| CleartextStorage.js:7:26:7:27 | pw | -| tst-angularjs.js:3:32:3:45 | data1.password | -| tst-angularjs.js:3:32:3:45 | data1.password | -| tst-angularjs.js:3:32:3:45 | data1.password | -| tst-angularjs.js:4:33:4:46 | data2.password | -| tst-angularjs.js:4:33:4:46 | data2.password | -| tst-angularjs.js:4:33:4:46 | data2.password | -| tst-angularjs.js:5:27:5:40 | data3.password | -| tst-angularjs.js:5:27:5:40 | data3.password | -| tst-angularjs.js:5:27:5:40 | data3.password | -| tst-angularjs.js:6:33:6:46 | data4.password | -| tst-angularjs.js:6:33:6:46 | data4.password | -| tst-angularjs.js:6:33:6:46 | data4.password | -| tst-webstorage.js:1:18:1:30 | data.password | -| tst-webstorage.js:1:18:1:30 | data.password | -| tst-webstorage.js:1:18:1:30 | data.password | -| tst-webstorage.js:2:27:2:39 | data.password | -| tst-webstorage.js:2:27:2:39 | data.password | -| tst-webstorage.js:2:27:2:39 | data.password | -| tst-webstorage.js:3:20:3:32 | data.password | -| tst-webstorage.js:3:20:3:32 | data.password | -| tst-webstorage.js:3:20:3:32 | data.password | -| tst-webstorage.js:4:29:4:41 | data.password | -| tst-webstorage.js:4:29:4:41 | data.password | -| tst-webstorage.js:4:29:4:41 | data.password | edges -| CleartextStorage2.js:5:7:5:58 | pw | CleartextStorage2.js:7:33:7:34 | pw | -| CleartextStorage2.js:5:12:5:58 | url.par ... assword | CleartextStorage2.js:5:7:5:58 | pw | -| CleartextStorage2.js:5:12:5:58 | url.par ... assword | CleartextStorage2.js:5:7:5:58 | pw | -| CleartextStorage2.js:7:33:7:34 | pw | CleartextStorage2.js:7:19:7:34 | 'password=' + pw | -| CleartextStorage2.js:7:33:7:34 | pw | CleartextStorage2.js:7:19:7:34 | 'password=' + pw | -| CleartextStorage.js:5:7:5:40 | pw | CleartextStorage.js:7:26:7:27 | pw | -| CleartextStorage.js:5:7:5:40 | pw | CleartextStorage.js:7:26:7:27 | pw | -| CleartextStorage.js:5:12:5:40 | req.par ... sword") | CleartextStorage.js:5:7:5:40 | pw | -| CleartextStorage.js:5:12:5:40 | req.par ... sword") | CleartextStorage.js:5:7:5:40 | pw | -| tst-angularjs.js:3:32:3:45 | data1.password | tst-angularjs.js:3:32:3:45 | data1.password | -| tst-angularjs.js:4:33:4:46 | data2.password | tst-angularjs.js:4:33:4:46 | data2.password | -| tst-angularjs.js:5:27:5:40 | data3.password | tst-angularjs.js:5:27:5:40 | data3.password | -| tst-angularjs.js:6:33:6:46 | data4.password | tst-angularjs.js:6:33:6:46 | data4.password | -| tst-webstorage.js:1:18:1:30 | data.password | tst-webstorage.js:1:18:1:30 | data.password | -| tst-webstorage.js:2:27:2:39 | data.password | tst-webstorage.js:2:27:2:39 | data.password | -| tst-webstorage.js:3:20:3:32 | data.password | tst-webstorage.js:3:20:3:32 | data.password | -| tst-webstorage.js:4:29:4:41 | data.password | tst-webstorage.js:4:29:4:41 | data.password | +| CleartextStorage2.js:5:7:5:58 | pw | CleartextStorage2.js:7:33:7:34 | pw | provenance | | +| CleartextStorage2.js:5:12:5:58 | url.par ... assword | CleartextStorage2.js:5:7:5:58 | pw | provenance | | +| CleartextStorage2.js:7:33:7:34 | pw | CleartextStorage2.js:7:19:7:34 | 'password=' + pw | provenance | | +| CleartextStorage.js:5:7:5:40 | pw | CleartextStorage.js:7:26:7:27 | pw | provenance | | +| CleartextStorage.js:5:12:5:40 | req.par ... sword") | CleartextStorage.js:5:7:5:40 | pw | provenance | | +nodes +| CleartextStorage2.js:5:7:5:58 | pw | semmle.label | pw | +| CleartextStorage2.js:5:12:5:58 | url.par ... assword | semmle.label | url.par ... assword | +| CleartextStorage2.js:7:19:7:34 | 'password=' + pw | semmle.label | 'password=' + pw | +| CleartextStorage2.js:7:33:7:34 | pw | semmle.label | pw | +| CleartextStorage.js:5:7:5:40 | pw | semmle.label | pw | +| CleartextStorage.js:5:12:5:40 | req.par ... sword") | semmle.label | req.par ... sword") | +| CleartextStorage.js:7:26:7:27 | pw | semmle.label | pw | +| tst-angularjs.js:3:32:3:45 | data1.password | semmle.label | data1.password | +| tst-angularjs.js:4:33:4:46 | data2.password | semmle.label | data2.password | +| tst-angularjs.js:5:27:5:40 | data3.password | semmle.label | data3.password | +| tst-angularjs.js:6:33:6:46 | data4.password | semmle.label | data4.password | +| tst-webstorage.js:1:18:1:30 | data.password | semmle.label | data.password | +| tst-webstorage.js:2:27:2:39 | data.password | semmle.label | data.password | +| tst-webstorage.js:3:20:3:32 | data.password | semmle.label | data.password | +| tst-webstorage.js:4:29:4:41 | data.password | semmle.label | data.password | +subpaths #select | CleartextStorage2.js:7:19:7:34 | 'password=' + pw | CleartextStorage2.js:5:12:5:58 | url.par ... assword | CleartextStorage2.js:7:19:7:34 | 'password=' + pw | This stores sensitive data returned by $@ as clear text. | CleartextStorage2.js:5:12:5:58 | url.par ... assword | an access to current_password | | CleartextStorage.js:7:26:7:27 | pw | CleartextStorage.js:5:12:5:40 | req.par ... sword") | CleartextStorage.js:7:26:7:27 | pw | This stores sensitive data returned by $@ as clear text. | CleartextStorage.js:5:12:5:40 | req.par ... sword") | a call to param | diff --git a/javascript/ql/test/query-tests/Security/CWE-327/BrokenCryptoAlgorithm.expected b/javascript/ql/test/query-tests/Security/CWE-327/BrokenCryptoAlgorithm.expected index 3b87a7ccd9c8..0b9cb0374515 100644 --- a/javascript/ql/test/query-tests/Security/CWE-327/BrokenCryptoAlgorithm.expected +++ b/javascript/ql/test/query-tests/Security/CWE-327/BrokenCryptoAlgorithm.expected @@ -1,30 +1,15 @@ -nodes -| tst.js:3:5:3:24 | secretText | -| tst.js:3:18:3:24 | trusted | -| tst.js:3:18:3:24 | trusted | -| tst.js:11:17:11:26 | secretText | -| tst.js:11:17:11:26 | secretText | -| tst.js:11:17:11:26 | secretText | -| tst.js:17:17:17:25 | o.trusted | -| tst.js:17:17:17:25 | o.trusted | -| tst.js:17:17:17:25 | o.trusted | -| tst.js:19:17:19:24 | password | -| tst.js:19:17:19:24 | password | -| tst.js:19:17:19:24 | password | -| tst.js:22:21:22:30 | secretText | -| tst.js:22:21:22:30 | secretText | -| tst.js:22:21:22:30 | secretText | edges -| tst.js:3:5:3:24 | secretText | tst.js:11:17:11:26 | secretText | -| tst.js:3:5:3:24 | secretText | tst.js:11:17:11:26 | secretText | -| tst.js:3:5:3:24 | secretText | tst.js:22:21:22:30 | secretText | -| tst.js:3:5:3:24 | secretText | tst.js:22:21:22:30 | secretText | -| tst.js:3:18:3:24 | trusted | tst.js:3:5:3:24 | secretText | -| tst.js:3:18:3:24 | trusted | tst.js:3:5:3:24 | secretText | -| tst.js:11:17:11:26 | secretText | tst.js:11:17:11:26 | secretText | -| tst.js:17:17:17:25 | o.trusted | tst.js:17:17:17:25 | o.trusted | -| tst.js:19:17:19:24 | password | tst.js:19:17:19:24 | password | -| tst.js:22:21:22:30 | secretText | tst.js:22:21:22:30 | secretText | +| tst.js:3:5:3:24 | secretText | tst.js:11:17:11:26 | secretText | provenance | | +| tst.js:3:5:3:24 | secretText | tst.js:22:21:22:30 | secretText | provenance | | +| tst.js:3:18:3:24 | trusted | tst.js:3:5:3:24 | secretText | provenance | | +nodes +| tst.js:3:5:3:24 | secretText | semmle.label | secretText | +| tst.js:3:18:3:24 | trusted | semmle.label | trusted | +| tst.js:11:17:11:26 | secretText | semmle.label | secretText | +| tst.js:17:17:17:25 | o.trusted | semmle.label | o.trusted | +| tst.js:19:17:19:24 | password | semmle.label | password | +| tst.js:22:21:22:30 | secretText | semmle.label | secretText | +subpaths #select | tst.js:11:17:11:26 | secretText | tst.js:3:18:3:24 | trusted | tst.js:11:17:11:26 | secretText | $@ depends on $@. | tst.js:5:19:5:49 | crypto. ... ', key) | A broken or weak cryptographic algorithm | tst.js:3:18:3:24 | trusted | sensitive data from an access to trusted | | tst.js:11:17:11:26 | secretText | tst.js:11:17:11:26 | secretText | tst.js:11:17:11:26 | secretText | $@ depends on $@. | tst.js:5:19:5:49 | crypto. ... ', key) | A broken or weak cryptographic algorithm | tst.js:11:17:11:26 | secretText | sensitive data from an access to secretText | diff --git a/javascript/ql/test/query-tests/Security/CWE-338/InsecureRandomness.expected b/javascript/ql/test/query-tests/Security/CWE-338/InsecureRandomness.expected index a5a06eba7dbf..122cb1ac8761 100644 --- a/javascript/ql/test/query-tests/Security/CWE-338/InsecureRandomness.expected +++ b/javascript/ql/test/query-tests/Security/CWE-338/InsecureRandomness.expected @@ -1,176 +1,93 @@ -nodes -| tst.js:2:20:2:32 | Math.random() | -| tst.js:2:20:2:32 | Math.random() | -| tst.js:2:20:2:32 | Math.random() | -| tst.js:6:20:6:43 | "prefix ... andom() | -| tst.js:6:20:6:43 | "prefix ... andom() | -| tst.js:6:31:6:43 | Math.random() | -| tst.js:6:31:6:43 | Math.random() | -| tst.js:10:20:10:32 | Math.random() | -| tst.js:10:20:10:32 | Math.random() | -| tst.js:10:20:10:32 | Math.random() | -| tst.js:19:9:19:36 | suffix | -| tst.js:19:18:19:30 | Math.random() | -| tst.js:19:18:19:30 | Math.random() | -| tst.js:19:18:19:36 | Math.random() % 255 | -| tst.js:20:20:20:36 | "prefix" + suffix | -| tst.js:20:20:20:36 | "prefix" + suffix | -| tst.js:20:31:20:36 | suffix | -| tst.js:28:9:28:26 | pw | -| tst.js:28:14:28:26 | Math.random() | -| tst.js:28:14:28:26 | Math.random() | -| tst.js:29:20:29:21 | pw | -| tst.js:29:20:29:21 | pw | -| tst.js:41:20:41:33 | !Math.random() | -| tst.js:41:20:41:33 | !Math.random() | -| tst.js:41:21:41:33 | Math.random() | -| tst.js:41:21:41:33 | Math.random() | -| tst.js:45:18:45:30 | Math.random() | -| tst.js:45:18:45:30 | Math.random() | -| tst.js:45:18:45:30 | Math.random() | -| tst.js:50:16:50:28 | Math.random() | -| tst.js:50:16:50:28 | Math.random() | -| tst.js:50:16:50:28 | Math.random() | -| tst.js:55:17:55:29 | Math.random() | -| tst.js:55:17:55:29 | Math.random() | -| tst.js:55:17:55:29 | Math.random() | -| tst.js:61:17:61:34 | '' + Math.random() | -| tst.js:61:17:61:34 | '' + Math.random() | -| tst.js:61:22:61:34 | Math.random() | -| tst.js:61:22:61:34 | Math.random() | -| tst.js:66:18:66:42 | Math.fl ... ndom()) | -| tst.js:66:18:66:42 | Math.fl ... ndom()) | -| tst.js:66:29:66:41 | Math.random() | -| tst.js:66:29:66:41 | Math.random() | -| tst.js:71:9:71:48 | rand | -| tst.js:71:16:71:48 | Math.fl ... 999999) | -| tst.js:71:27:71:39 | Math.random() | -| tst.js:71:27:71:39 | Math.random() | -| tst.js:71:27:71:47 | Math.ra ... 9999999 | -| tst.js:72:9:72:48 | concat | -| tst.js:72:18:72:48 | ts.toSt ... tring() | -| tst.js:72:34:72:37 | rand | -| tst.js:72:34:72:48 | rand.toString() | -| tst.js:73:23:73:28 | concat | -| tst.js:73:23:73:28 | concat | -| tst.js:77:16:77:21 | secret | -| tst.js:77:16:77:21 | secret | -| tst.js:80:7:80:19 | Math.random() | -| tst.js:80:7:80:19 | Math.random() | -| tst.js:84:19:84:31 | Math.random() | -| tst.js:84:19:84:31 | Math.random() | -| tst.js:84:19:84:31 | Math.random() | -| tst.js:90:32:90:44 | Math.random() | -| tst.js:90:32:90:44 | Math.random() | -| tst.js:90:32:90:44 | Math.random() | -| tst.js:95:33:95:45 | Math.random() | -| tst.js:95:33:95:45 | Math.random() | -| tst.js:95:33:95:45 | Math.random() | -| tst.js:115:16:115:56 | Math.fl ... 00_000) | -| tst.js:115:16:115:56 | Math.fl ... 00_000) | -| tst.js:115:27:115:39 | Math.random() | -| tst.js:115:27:115:39 | Math.random() | -| tst.js:115:27:115:55 | Math.ra ... 000_000 | -| tst.js:116:22:116:62 | Math.fl ... 00_000) | -| tst.js:116:22:116:62 | Math.fl ... 00_000) | -| tst.js:116:33:116:45 | Math.random() | -| tst.js:116:33:116:45 | Math.random() | -| tst.js:116:33:116:61 | Math.ra ... 000_000 | -| tst.js:117:15:117:55 | Math.fl ... 00_000) | -| tst.js:117:15:117:55 | Math.fl ... 00_000) | -| tst.js:117:26:117:38 | Math.random() | -| tst.js:117:26:117:38 | Math.random() | -| tst.js:117:26:117:54 | Math.ra ... 000_000 | -| tst.js:118:23:118:63 | Math.fl ... 00_000) | -| tst.js:118:23:118:63 | Math.fl ... 00_000) | -| tst.js:118:34:118:46 | Math.random() | -| tst.js:118:34:118:46 | Math.random() | -| tst.js:118:34:118:62 | Math.ra ... 000_000 | -| tst.js:120:16:120:28 | Math.random() | -| tst.js:120:16:120:28 | Math.random() | -| tst.js:120:16:120:28 | Math.random() | -| tst.js:121:18:121:30 | Math.random() | -| tst.js:121:18:121:30 | Math.random() | -| tst.js:121:18:121:30 | Math.random() | -| tst.js:136:9:136:67 | password | -| tst.js:136:9:136:67 | password | -| tst.js:136:21:136:67 | chars[M ... ength)] | -| tst.js:136:27:136:66 | Math.fl ... length) | -| tst.js:136:38:136:50 | Math.random() | -| tst.js:136:38:136:50 | Math.random() | -| tst.js:136:38:136:65 | Math.ra ... .length | edges -| tst.js:2:20:2:32 | Math.random() | tst.js:2:20:2:32 | Math.random() | -| tst.js:6:31:6:43 | Math.random() | tst.js:6:20:6:43 | "prefix ... andom() | -| tst.js:6:31:6:43 | Math.random() | tst.js:6:20:6:43 | "prefix ... andom() | -| tst.js:6:31:6:43 | Math.random() | tst.js:6:20:6:43 | "prefix ... andom() | -| tst.js:6:31:6:43 | Math.random() | tst.js:6:20:6:43 | "prefix ... andom() | -| tst.js:10:20:10:32 | Math.random() | tst.js:10:20:10:32 | Math.random() | -| tst.js:19:9:19:36 | suffix | tst.js:20:31:20:36 | suffix | -| tst.js:19:18:19:30 | Math.random() | tst.js:19:18:19:36 | Math.random() % 255 | -| tst.js:19:18:19:30 | Math.random() | tst.js:19:18:19:36 | Math.random() % 255 | -| tst.js:19:18:19:36 | Math.random() % 255 | tst.js:19:9:19:36 | suffix | -| tst.js:20:31:20:36 | suffix | tst.js:20:20:20:36 | "prefix" + suffix | -| tst.js:20:31:20:36 | suffix | tst.js:20:20:20:36 | "prefix" + suffix | -| tst.js:28:9:28:26 | pw | tst.js:29:20:29:21 | pw | -| tst.js:28:9:28:26 | pw | tst.js:29:20:29:21 | pw | -| tst.js:28:14:28:26 | Math.random() | tst.js:28:9:28:26 | pw | -| tst.js:28:14:28:26 | Math.random() | tst.js:28:9:28:26 | pw | -| tst.js:41:21:41:33 | Math.random() | tst.js:41:20:41:33 | !Math.random() | -| tst.js:41:21:41:33 | Math.random() | tst.js:41:20:41:33 | !Math.random() | -| tst.js:41:21:41:33 | Math.random() | tst.js:41:20:41:33 | !Math.random() | -| tst.js:41:21:41:33 | Math.random() | tst.js:41:20:41:33 | !Math.random() | -| tst.js:45:18:45:30 | Math.random() | tst.js:45:18:45:30 | Math.random() | -| tst.js:50:16:50:28 | Math.random() | tst.js:50:16:50:28 | Math.random() | -| tst.js:55:17:55:29 | Math.random() | tst.js:55:17:55:29 | Math.random() | -| tst.js:61:22:61:34 | Math.random() | tst.js:61:17:61:34 | '' + Math.random() | -| tst.js:61:22:61:34 | Math.random() | tst.js:61:17:61:34 | '' + Math.random() | -| tst.js:61:22:61:34 | Math.random() | tst.js:61:17:61:34 | '' + Math.random() | -| tst.js:61:22:61:34 | Math.random() | tst.js:61:17:61:34 | '' + Math.random() | -| tst.js:66:29:66:41 | Math.random() | tst.js:66:18:66:42 | Math.fl ... ndom()) | -| tst.js:66:29:66:41 | Math.random() | tst.js:66:18:66:42 | Math.fl ... ndom()) | -| tst.js:66:29:66:41 | Math.random() | tst.js:66:18:66:42 | Math.fl ... ndom()) | -| tst.js:66:29:66:41 | Math.random() | tst.js:66:18:66:42 | Math.fl ... ndom()) | -| tst.js:71:9:71:48 | rand | tst.js:72:34:72:37 | rand | -| tst.js:71:16:71:48 | Math.fl ... 999999) | tst.js:71:9:71:48 | rand | -| tst.js:71:27:71:39 | Math.random() | tst.js:71:27:71:47 | Math.ra ... 9999999 | -| tst.js:71:27:71:39 | Math.random() | tst.js:71:27:71:47 | Math.ra ... 9999999 | -| tst.js:71:27:71:47 | Math.ra ... 9999999 | tst.js:71:16:71:48 | Math.fl ... 999999) | -| tst.js:72:9:72:48 | concat | tst.js:73:23:73:28 | concat | -| tst.js:72:9:72:48 | concat | tst.js:73:23:73:28 | concat | -| tst.js:72:18:72:48 | ts.toSt ... tring() | tst.js:72:9:72:48 | concat | -| tst.js:72:34:72:37 | rand | tst.js:72:34:72:48 | rand.toString() | -| tst.js:72:34:72:48 | rand.toString() | tst.js:72:18:72:48 | ts.toSt ... tring() | -| tst.js:77:16:77:21 | secret | tst.js:77:16:77:21 | secret | -| tst.js:80:7:80:19 | Math.random() | tst.js:77:16:77:21 | secret | -| tst.js:80:7:80:19 | Math.random() | tst.js:77:16:77:21 | secret | -| tst.js:84:19:84:31 | Math.random() | tst.js:84:19:84:31 | Math.random() | -| tst.js:90:32:90:44 | Math.random() | tst.js:90:32:90:44 | Math.random() | -| tst.js:95:33:95:45 | Math.random() | tst.js:95:33:95:45 | Math.random() | -| tst.js:115:27:115:39 | Math.random() | tst.js:115:27:115:55 | Math.ra ... 000_000 | -| tst.js:115:27:115:39 | Math.random() | tst.js:115:27:115:55 | Math.ra ... 000_000 | -| tst.js:115:27:115:55 | Math.ra ... 000_000 | tst.js:115:16:115:56 | Math.fl ... 00_000) | -| tst.js:115:27:115:55 | Math.ra ... 000_000 | tst.js:115:16:115:56 | Math.fl ... 00_000) | -| tst.js:116:33:116:45 | Math.random() | tst.js:116:33:116:61 | Math.ra ... 000_000 | -| tst.js:116:33:116:45 | Math.random() | tst.js:116:33:116:61 | Math.ra ... 000_000 | -| tst.js:116:33:116:61 | Math.ra ... 000_000 | tst.js:116:22:116:62 | Math.fl ... 00_000) | -| tst.js:116:33:116:61 | Math.ra ... 000_000 | tst.js:116:22:116:62 | Math.fl ... 00_000) | -| tst.js:117:26:117:38 | Math.random() | tst.js:117:26:117:54 | Math.ra ... 000_000 | -| tst.js:117:26:117:38 | Math.random() | tst.js:117:26:117:54 | Math.ra ... 000_000 | -| tst.js:117:26:117:54 | Math.ra ... 000_000 | tst.js:117:15:117:55 | Math.fl ... 00_000) | -| tst.js:117:26:117:54 | Math.ra ... 000_000 | tst.js:117:15:117:55 | Math.fl ... 00_000) | -| tst.js:118:34:118:46 | Math.random() | tst.js:118:34:118:62 | Math.ra ... 000_000 | -| tst.js:118:34:118:46 | Math.random() | tst.js:118:34:118:62 | Math.ra ... 000_000 | -| tst.js:118:34:118:62 | Math.ra ... 000_000 | tst.js:118:23:118:63 | Math.fl ... 00_000) | -| tst.js:118:34:118:62 | Math.ra ... 000_000 | tst.js:118:23:118:63 | Math.fl ... 00_000) | -| tst.js:120:16:120:28 | Math.random() | tst.js:120:16:120:28 | Math.random() | -| tst.js:121:18:121:30 | Math.random() | tst.js:121:18:121:30 | Math.random() | -| tst.js:136:21:136:67 | chars[M ... ength)] | tst.js:136:9:136:67 | password | -| tst.js:136:21:136:67 | chars[M ... ength)] | tst.js:136:9:136:67 | password | -| tst.js:136:27:136:66 | Math.fl ... length) | tst.js:136:21:136:67 | chars[M ... ength)] | -| tst.js:136:38:136:50 | Math.random() | tst.js:136:38:136:65 | Math.ra ... .length | -| tst.js:136:38:136:50 | Math.random() | tst.js:136:38:136:65 | Math.ra ... .length | -| tst.js:136:38:136:65 | Math.ra ... .length | tst.js:136:27:136:66 | Math.fl ... length) | +| tst.js:6:31:6:43 | Math.random() | tst.js:6:20:6:43 | "prefix ... andom() | provenance | Config | +| tst.js:19:9:19:36 | suffix | tst.js:20:31:20:36 | suffix | provenance | | +| tst.js:19:18:19:30 | Math.random() | tst.js:19:18:19:36 | Math.random() % 255 | provenance | Config | +| tst.js:19:18:19:36 | Math.random() % 255 | tst.js:19:9:19:36 | suffix | provenance | | +| tst.js:20:31:20:36 | suffix | tst.js:20:20:20:36 | "prefix" + suffix | provenance | Config | +| tst.js:28:9:28:26 | pw | tst.js:29:20:29:21 | pw | provenance | | +| tst.js:28:14:28:26 | Math.random() | tst.js:28:9:28:26 | pw | provenance | | +| tst.js:41:21:41:33 | Math.random() | tst.js:41:20:41:33 | !Math.random() | provenance | Config | +| tst.js:61:22:61:34 | Math.random() | tst.js:61:17:61:34 | '' + Math.random() | provenance | Config | +| tst.js:66:29:66:41 | Math.random() | tst.js:66:18:66:42 | Math.fl ... ndom()) | provenance | Config | +| tst.js:71:9:71:48 | rand | tst.js:72:34:72:37 | rand | provenance | | +| tst.js:71:16:71:48 | Math.fl ... 999999) | tst.js:71:9:71:48 | rand | provenance | | +| tst.js:71:27:71:39 | Math.random() | tst.js:71:27:71:47 | Math.ra ... 9999999 | provenance | Config | +| tst.js:71:27:71:47 | Math.ra ... 9999999 | tst.js:71:16:71:48 | Math.fl ... 999999) | provenance | Config | +| tst.js:72:9:72:48 | concat | tst.js:73:23:73:28 | concat | provenance | | +| tst.js:72:18:72:48 | ts.toSt ... tring() | tst.js:72:9:72:48 | concat | provenance | | +| tst.js:72:34:72:37 | rand | tst.js:72:34:72:48 | rand.toString() | provenance | Config | +| tst.js:72:34:72:48 | rand.toString() | tst.js:72:18:72:48 | ts.toSt ... tring() | provenance | Config | +| tst.js:77:16:77:21 | secret | tst.js:77:16:77:21 | secret | provenance | | +| tst.js:80:7:80:19 | Math.random() | tst.js:77:16:77:21 | secret | provenance | | +| tst.js:115:27:115:39 | Math.random() | tst.js:115:27:115:55 | Math.ra ... 000_000 | provenance | Config | +| tst.js:115:27:115:55 | Math.ra ... 000_000 | tst.js:115:16:115:56 | Math.fl ... 00_000) | provenance | Config | +| tst.js:116:33:116:45 | Math.random() | tst.js:116:33:116:61 | Math.ra ... 000_000 | provenance | Config | +| tst.js:116:33:116:61 | Math.ra ... 000_000 | tst.js:116:22:116:62 | Math.fl ... 00_000) | provenance | Config | +| tst.js:117:26:117:38 | Math.random() | tst.js:117:26:117:54 | Math.ra ... 000_000 | provenance | Config | +| tst.js:117:26:117:54 | Math.ra ... 000_000 | tst.js:117:15:117:55 | Math.fl ... 00_000) | provenance | Config | +| tst.js:118:34:118:46 | Math.random() | tst.js:118:34:118:62 | Math.ra ... 000_000 | provenance | Config | +| tst.js:118:34:118:62 | Math.ra ... 000_000 | tst.js:118:23:118:63 | Math.fl ... 00_000) | provenance | Config | +| tst.js:136:21:136:67 | chars[M ... ength)] | tst.js:136:9:136:67 | password | provenance | Config | +| tst.js:136:27:136:66 | Math.fl ... length) | tst.js:136:21:136:67 | chars[M ... ength)] | provenance | Config | +| tst.js:136:38:136:50 | Math.random() | tst.js:136:38:136:65 | Math.ra ... .length | provenance | Config | +| tst.js:136:38:136:65 | Math.ra ... .length | tst.js:136:27:136:66 | Math.fl ... length) | provenance | Config | +nodes +| tst.js:2:20:2:32 | Math.random() | semmle.label | Math.random() | +| tst.js:6:20:6:43 | "prefix ... andom() | semmle.label | "prefix ... andom() | +| tst.js:6:31:6:43 | Math.random() | semmle.label | Math.random() | +| tst.js:10:20:10:32 | Math.random() | semmle.label | Math.random() | +| tst.js:19:9:19:36 | suffix | semmle.label | suffix | +| tst.js:19:18:19:30 | Math.random() | semmle.label | Math.random() | +| tst.js:19:18:19:36 | Math.random() % 255 | semmle.label | Math.random() % 255 | +| tst.js:20:20:20:36 | "prefix" + suffix | semmle.label | "prefix" + suffix | +| tst.js:20:31:20:36 | suffix | semmle.label | suffix | +| tst.js:28:9:28:26 | pw | semmle.label | pw | +| tst.js:28:14:28:26 | Math.random() | semmle.label | Math.random() | +| tst.js:29:20:29:21 | pw | semmle.label | pw | +| tst.js:41:20:41:33 | !Math.random() | semmle.label | !Math.random() | +| tst.js:41:21:41:33 | Math.random() | semmle.label | Math.random() | +| tst.js:45:18:45:30 | Math.random() | semmle.label | Math.random() | +| tst.js:50:16:50:28 | Math.random() | semmle.label | Math.random() | +| tst.js:55:17:55:29 | Math.random() | semmle.label | Math.random() | +| tst.js:61:17:61:34 | '' + Math.random() | semmle.label | '' + Math.random() | +| tst.js:61:22:61:34 | Math.random() | semmle.label | Math.random() | +| tst.js:66:18:66:42 | Math.fl ... ndom()) | semmle.label | Math.fl ... ndom()) | +| tst.js:66:29:66:41 | Math.random() | semmle.label | Math.random() | +| tst.js:71:9:71:48 | rand | semmle.label | rand | +| tst.js:71:16:71:48 | Math.fl ... 999999) | semmle.label | Math.fl ... 999999) | +| tst.js:71:27:71:39 | Math.random() | semmle.label | Math.random() | +| tst.js:71:27:71:47 | Math.ra ... 9999999 | semmle.label | Math.ra ... 9999999 | +| tst.js:72:9:72:48 | concat | semmle.label | concat | +| tst.js:72:18:72:48 | ts.toSt ... tring() | semmle.label | ts.toSt ... tring() | +| tst.js:72:34:72:37 | rand | semmle.label | rand | +| tst.js:72:34:72:48 | rand.toString() | semmle.label | rand.toString() | +| tst.js:73:23:73:28 | concat | semmle.label | concat | +| tst.js:77:16:77:21 | secret | semmle.label | secret | +| tst.js:77:16:77:21 | secret | semmle.label | secret | +| tst.js:80:7:80:19 | Math.random() | semmle.label | Math.random() | +| tst.js:84:19:84:31 | Math.random() | semmle.label | Math.random() | +| tst.js:90:32:90:44 | Math.random() | semmle.label | Math.random() | +| tst.js:95:33:95:45 | Math.random() | semmle.label | Math.random() | +| tst.js:115:16:115:56 | Math.fl ... 00_000) | semmle.label | Math.fl ... 00_000) | +| tst.js:115:27:115:39 | Math.random() | semmle.label | Math.random() | +| tst.js:115:27:115:55 | Math.ra ... 000_000 | semmle.label | Math.ra ... 000_000 | +| tst.js:116:22:116:62 | Math.fl ... 00_000) | semmle.label | Math.fl ... 00_000) | +| tst.js:116:33:116:45 | Math.random() | semmle.label | Math.random() | +| tst.js:116:33:116:61 | Math.ra ... 000_000 | semmle.label | Math.ra ... 000_000 | +| tst.js:117:15:117:55 | Math.fl ... 00_000) | semmle.label | Math.fl ... 00_000) | +| tst.js:117:26:117:38 | Math.random() | semmle.label | Math.random() | +| tst.js:117:26:117:54 | Math.ra ... 000_000 | semmle.label | Math.ra ... 000_000 | +| tst.js:118:23:118:63 | Math.fl ... 00_000) | semmle.label | Math.fl ... 00_000) | +| tst.js:118:34:118:46 | Math.random() | semmle.label | Math.random() | +| tst.js:118:34:118:62 | Math.ra ... 000_000 | semmle.label | Math.ra ... 000_000 | +| tst.js:120:16:120:28 | Math.random() | semmle.label | Math.random() | +| tst.js:121:18:121:30 | Math.random() | semmle.label | Math.random() | +| tst.js:136:9:136:67 | password | semmle.label | password | +| tst.js:136:21:136:67 | chars[M ... ength)] | semmle.label | chars[M ... ength)] | +| tst.js:136:27:136:66 | Math.fl ... length) | semmle.label | Math.fl ... length) | +| tst.js:136:38:136:50 | Math.random() | semmle.label | Math.random() | +| tst.js:136:38:136:65 | Math.ra ... .length | semmle.label | Math.ra ... .length | +subpaths #select | tst.js:2:20:2:32 | Math.random() | tst.js:2:20:2:32 | Math.random() | tst.js:2:20:2:32 | Math.random() | This uses a cryptographically insecure random number generated at $@ in a security context. | tst.js:2:20:2:32 | Math.random() | Math.random() | | tst.js:6:20:6:43 | "prefix ... andom() | tst.js:6:31:6:43 | Math.random() | tst.js:6:20:6:43 | "prefix ... andom() | This uses a cryptographically insecure random number generated at $@ in a security context. | tst.js:6:31:6:43 | Math.random() | Math.random() | diff --git a/javascript/ql/test/query-tests/Security/CWE-346/CorsMisconfigurationForCredentials.expected b/javascript/ql/test/query-tests/Security/CWE-346/CorsMisconfigurationForCredentials.expected index 83e103f121b3..fd0677de03df 100644 --- a/javascript/ql/test/query-tests/Security/CWE-346/CorsMisconfigurationForCredentials.expected +++ b/javascript/ql/test/query-tests/Security/CWE-346/CorsMisconfigurationForCredentials.expected @@ -1,28 +1,15 @@ -nodes -| tst.js:12:9:12:54 | origin | -| tst.js:12:18:12:41 | url.par ... , true) | -| tst.js:12:18:12:47 | url.par ... ).query | -| tst.js:12:18:12:54 | url.par ... .origin | -| tst.js:12:28:12:34 | req.url | -| tst.js:12:28:12:34 | req.url | -| tst.js:13:50:13:55 | origin | -| tst.js:13:50:13:55 | origin | -| tst.js:18:50:18:53 | null | -| tst.js:18:50:18:53 | null | -| tst.js:18:50:18:53 | null | -| tst.js:23:50:23:55 | "null" | -| tst.js:23:50:23:55 | "null" | -| tst.js:23:50:23:55 | "null" | edges -| tst.js:12:9:12:54 | origin | tst.js:13:50:13:55 | origin | -| tst.js:12:9:12:54 | origin | tst.js:13:50:13:55 | origin | -| tst.js:12:18:12:41 | url.par ... , true) | tst.js:12:18:12:47 | url.par ... ).query | -| tst.js:12:18:12:47 | url.par ... ).query | tst.js:12:18:12:54 | url.par ... .origin | -| tst.js:12:18:12:54 | url.par ... .origin | tst.js:12:9:12:54 | origin | -| tst.js:12:28:12:34 | req.url | tst.js:12:18:12:41 | url.par ... , true) | -| tst.js:12:28:12:34 | req.url | tst.js:12:18:12:41 | url.par ... , true) | -| tst.js:18:50:18:53 | null | tst.js:18:50:18:53 | null | -| tst.js:23:50:23:55 | "null" | tst.js:23:50:23:55 | "null" | +| tst.js:12:9:12:54 | origin | tst.js:13:50:13:55 | origin | provenance | | +| tst.js:12:18:12:41 | url.par ... , true) | tst.js:12:9:12:54 | origin | provenance | | +| tst.js:12:28:12:34 | req.url | tst.js:12:18:12:41 | url.par ... , true) | provenance | | +nodes +| tst.js:12:9:12:54 | origin | semmle.label | origin | +| tst.js:12:18:12:41 | url.par ... , true) | semmle.label | url.par ... , true) | +| tst.js:12:28:12:34 | req.url | semmle.label | req.url | +| tst.js:13:50:13:55 | origin | semmle.label | origin | +| tst.js:18:50:18:53 | null | semmle.label | null | +| tst.js:23:50:23:55 | "null" | semmle.label | "null" | +subpaths #select | tst.js:13:50:13:55 | origin | tst.js:12:28:12:34 | req.url | tst.js:13:50:13:55 | origin | $@ leak vulnerability due to a $@. | tst.js:14:5:14:59 | res.set ... , true) | Credential | tst.js:12:28:12:34 | req.url | misconfigured CORS header value | | tst.js:18:50:18:53 | null | tst.js:18:50:18:53 | null | tst.js:18:50:18:53 | null | $@ leak vulnerability due to a $@. | tst.js:19:5:19:59 | res.set ... , true) | Credential | tst.js:18:50:18:53 | null | misconfigured CORS header value | diff --git a/javascript/ql/test/query-tests/Security/CWE-377/InsecureTemporaryFile.expected b/javascript/ql/test/query-tests/Security/CWE-377/InsecureTemporaryFile.expected index 8952998dd9c5..69dcd04037ad 100644 --- a/javascript/ql/test/query-tests/Security/CWE-377/InsecureTemporaryFile.expected +++ b/javascript/ql/test/query-tests/Security/CWE-377/InsecureTemporaryFile.expected @@ -1,50 +1,33 @@ -nodes -| insecure-temporary-file.js:7:9:11:5 | tmpLocation | -| insecure-temporary-file.js:7:23:11:5 | path.jo ... )\\n ) | -| insecure-temporary-file.js:8:9:8:45 | os.tmpd ... mpDir() | -| insecure-temporary-file.js:8:21:8:31 | os.tmpdir() | -| insecure-temporary-file.js:8:21:8:31 | os.tmpdir() | -| insecure-temporary-file.js:13:22:13:32 | tmpLocation | -| insecure-temporary-file.js:13:22:13:32 | tmpLocation | -| insecure-temporary-file.js:15:9:15:34 | tmpPath | -| insecure-temporary-file.js:15:19:15:34 | "/tmp/something" | -| insecure-temporary-file.js:15:19:15:34 | "/tmp/something" | -| insecure-temporary-file.js:17:22:17:49 | path.jo ... /foo/") | -| insecure-temporary-file.js:17:22:17:49 | path.jo ... /foo/") | -| insecure-temporary-file.js:17:32:17:38 | tmpPath | -| insecure-temporary-file.js:23:22:23:49 | path.jo ... /foo/") | -| insecure-temporary-file.js:23:22:23:49 | path.jo ... /foo/") | -| insecure-temporary-file.js:23:32:23:38 | tmpPath | -| insecure-temporary-file.js:25:11:25:92 | tmpPath2 | -| insecure-temporary-file.js:25:22:25:92 | path.jo ... )}.md`) | -| insecure-temporary-file.js:25:32:25:42 | os.tmpdir() | -| insecure-temporary-file.js:25:32:25:42 | os.tmpdir() | -| insecure-temporary-file.js:26:22:26:29 | tmpPath2 | -| insecure-temporary-file.js:26:22:26:29 | tmpPath2 | -| insecure-temporary-file.js:28:17:28:24 | tmpPath2 | -| insecure-temporary-file.js:28:17:28:24 | tmpPath2 | edges -| insecure-temporary-file.js:7:9:11:5 | tmpLocation | insecure-temporary-file.js:13:22:13:32 | tmpLocation | -| insecure-temporary-file.js:7:9:11:5 | tmpLocation | insecure-temporary-file.js:13:22:13:32 | tmpLocation | -| insecure-temporary-file.js:7:23:11:5 | path.jo ... )\\n ) | insecure-temporary-file.js:7:9:11:5 | tmpLocation | -| insecure-temporary-file.js:8:9:8:45 | os.tmpd ... mpDir() | insecure-temporary-file.js:7:23:11:5 | path.jo ... )\\n ) | -| insecure-temporary-file.js:8:21:8:31 | os.tmpdir() | insecure-temporary-file.js:8:9:8:45 | os.tmpd ... mpDir() | -| insecure-temporary-file.js:8:21:8:31 | os.tmpdir() | insecure-temporary-file.js:8:9:8:45 | os.tmpd ... mpDir() | -| insecure-temporary-file.js:15:9:15:34 | tmpPath | insecure-temporary-file.js:17:32:17:38 | tmpPath | -| insecure-temporary-file.js:15:9:15:34 | tmpPath | insecure-temporary-file.js:23:32:23:38 | tmpPath | -| insecure-temporary-file.js:15:19:15:34 | "/tmp/something" | insecure-temporary-file.js:15:9:15:34 | tmpPath | -| insecure-temporary-file.js:15:19:15:34 | "/tmp/something" | insecure-temporary-file.js:15:9:15:34 | tmpPath | -| insecure-temporary-file.js:17:32:17:38 | tmpPath | insecure-temporary-file.js:17:22:17:49 | path.jo ... /foo/") | -| insecure-temporary-file.js:17:32:17:38 | tmpPath | insecure-temporary-file.js:17:22:17:49 | path.jo ... /foo/") | -| insecure-temporary-file.js:23:32:23:38 | tmpPath | insecure-temporary-file.js:23:22:23:49 | path.jo ... /foo/") | -| insecure-temporary-file.js:23:32:23:38 | tmpPath | insecure-temporary-file.js:23:22:23:49 | path.jo ... /foo/") | -| insecure-temporary-file.js:25:11:25:92 | tmpPath2 | insecure-temporary-file.js:26:22:26:29 | tmpPath2 | -| insecure-temporary-file.js:25:11:25:92 | tmpPath2 | insecure-temporary-file.js:26:22:26:29 | tmpPath2 | -| insecure-temporary-file.js:25:11:25:92 | tmpPath2 | insecure-temporary-file.js:28:17:28:24 | tmpPath2 | -| insecure-temporary-file.js:25:11:25:92 | tmpPath2 | insecure-temporary-file.js:28:17:28:24 | tmpPath2 | -| insecure-temporary-file.js:25:22:25:92 | path.jo ... )}.md`) | insecure-temporary-file.js:25:11:25:92 | tmpPath2 | -| insecure-temporary-file.js:25:32:25:42 | os.tmpdir() | insecure-temporary-file.js:25:22:25:92 | path.jo ... )}.md`) | -| insecure-temporary-file.js:25:32:25:42 | os.tmpdir() | insecure-temporary-file.js:25:22:25:92 | path.jo ... )}.md`) | +| insecure-temporary-file.js:7:9:11:5 | tmpLocation | insecure-temporary-file.js:13:22:13:32 | tmpLocation | provenance | | +| insecure-temporary-file.js:7:23:11:5 | path.jo ... )\\n ) | insecure-temporary-file.js:7:9:11:5 | tmpLocation | provenance | | +| insecure-temporary-file.js:8:21:8:31 | os.tmpdir() | insecure-temporary-file.js:7:23:11:5 | path.jo ... )\\n ) | provenance | | +| insecure-temporary-file.js:15:9:15:34 | tmpPath | insecure-temporary-file.js:17:32:17:38 | tmpPath | provenance | | +| insecure-temporary-file.js:15:9:15:34 | tmpPath | insecure-temporary-file.js:23:32:23:38 | tmpPath | provenance | | +| insecure-temporary-file.js:15:19:15:34 | "/tmp/something" | insecure-temporary-file.js:15:9:15:34 | tmpPath | provenance | | +| insecure-temporary-file.js:17:32:17:38 | tmpPath | insecure-temporary-file.js:17:22:17:49 | path.jo ... /foo/") | provenance | | +| insecure-temporary-file.js:23:32:23:38 | tmpPath | insecure-temporary-file.js:23:22:23:49 | path.jo ... /foo/") | provenance | | +| insecure-temporary-file.js:25:11:25:92 | tmpPath2 | insecure-temporary-file.js:26:22:26:29 | tmpPath2 | provenance | | +| insecure-temporary-file.js:25:11:25:92 | tmpPath2 | insecure-temporary-file.js:28:17:28:24 | tmpPath2 | provenance | | +| insecure-temporary-file.js:25:22:25:92 | path.jo ... )}.md`) | insecure-temporary-file.js:25:11:25:92 | tmpPath2 | provenance | | +| insecure-temporary-file.js:25:32:25:42 | os.tmpdir() | insecure-temporary-file.js:25:22:25:92 | path.jo ... )}.md`) | provenance | | +nodes +| insecure-temporary-file.js:7:9:11:5 | tmpLocation | semmle.label | tmpLocation | +| insecure-temporary-file.js:7:23:11:5 | path.jo ... )\\n ) | semmle.label | path.jo ... )\\n ) | +| insecure-temporary-file.js:8:21:8:31 | os.tmpdir() | semmle.label | os.tmpdir() | +| insecure-temporary-file.js:13:22:13:32 | tmpLocation | semmle.label | tmpLocation | +| insecure-temporary-file.js:15:9:15:34 | tmpPath | semmle.label | tmpPath | +| insecure-temporary-file.js:15:19:15:34 | "/tmp/something" | semmle.label | "/tmp/something" | +| insecure-temporary-file.js:17:22:17:49 | path.jo ... /foo/") | semmle.label | path.jo ... /foo/") | +| insecure-temporary-file.js:17:32:17:38 | tmpPath | semmle.label | tmpPath | +| insecure-temporary-file.js:23:22:23:49 | path.jo ... /foo/") | semmle.label | path.jo ... /foo/") | +| insecure-temporary-file.js:23:32:23:38 | tmpPath | semmle.label | tmpPath | +| insecure-temporary-file.js:25:11:25:92 | tmpPath2 | semmle.label | tmpPath2 | +| insecure-temporary-file.js:25:22:25:92 | path.jo ... )}.md`) | semmle.label | path.jo ... )}.md`) | +| insecure-temporary-file.js:25:32:25:42 | os.tmpdir() | semmle.label | os.tmpdir() | +| insecure-temporary-file.js:26:22:26:29 | tmpPath2 | semmle.label | tmpPath2 | +| insecure-temporary-file.js:28:17:28:24 | tmpPath2 | semmle.label | tmpPath2 | +subpaths #select | insecure-temporary-file.js:13:22:13:32 | tmpLocation | insecure-temporary-file.js:8:21:8:31 | os.tmpdir() | insecure-temporary-file.js:13:22:13:32 | tmpLocation | Insecure creation of file in $@. | insecure-temporary-file.js:8:21:8:31 | os.tmpdir() | the os temp dir | | insecure-temporary-file.js:17:22:17:49 | path.jo ... /foo/") | insecure-temporary-file.js:15:19:15:34 | "/tmp/something" | insecure-temporary-file.js:17:22:17:49 | path.jo ... /foo/") | Insecure creation of file in $@. | insecure-temporary-file.js:15:19:15:34 | "/tmp/something" | the os temp dir | diff --git a/javascript/ql/test/query-tests/Security/CWE-400/DeepObjectResourceExhaustion/DeepObjectResourceExhaustion.expected b/javascript/ql/test/query-tests/Security/CWE-400/DeepObjectResourceExhaustion/DeepObjectResourceExhaustion.expected index 1b6796f21c44..5c3caed81528 100644 --- a/javascript/ql/test/query-tests/Security/CWE-400/DeepObjectResourceExhaustion/DeepObjectResourceExhaustion.expected +++ b/javascript/ql/test/query-tests/Security/CWE-400/DeepObjectResourceExhaustion/DeepObjectResourceExhaustion.expected @@ -1,8 +1,6 @@ nodes -| tst.js:9:29:9:36 | req.body | -| tst.js:9:29:9:36 | req.body | -| tst.js:9:29:9:36 | req.body | +| tst.js:9:29:9:36 | req.body | semmle.label | req.body | edges -| tst.js:9:29:9:36 | req.body | tst.js:9:29:9:36 | req.body | +subpaths #select | tst.js:9:29:9:36 | req.body | tst.js:9:29:9:36 | req.body | tst.js:9:29:9:36 | req.body | Denial of service caused by processing $@ with $@. | tst.js:9:29:9:36 | req.body | user input | tst.js:4:21:4:35 | allErrors: true | allErrors: true | diff --git a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/PolynomialReDoS.expected b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/PolynomialReDoS.expected index 4c534fffe134..2d21c3324824 100644 --- a/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/PolynomialReDoS.expected +++ b/javascript/ql/test/query-tests/Security/CWE-400/ReDoS/PolynomialReDoS.expected @@ -1,496 +1,577 @@ -nodes -| lib/closure.js:3:21:3:21 | x | -| lib/closure.js:3:21:3:21 | x | -| lib/closure.js:4:16:4:16 | x | -| lib/closure.js:4:16:4:16 | x | -| lib/indirect.js:1:32:1:32 | x | -| lib/indirect.js:1:32:1:32 | x | -| lib/indirect.js:2:16:2:16 | x | -| lib/indirect.js:2:16:2:16 | x | -| lib/lib.js:3:28:3:31 | name | -| lib/lib.js:3:28:3:31 | name | -| lib/lib.js:4:14:4:17 | name | -| lib/lib.js:4:14:4:17 | name | -| lib/lib.js:7:19:7:22 | name | -| lib/lib.js:7:19:7:22 | name | -| lib/lib.js:8:13:8:16 | name | -| lib/lib.js:8:13:8:16 | name | -| lib/lib.js:21:14:21:14 | x | -| lib/lib.js:21:14:21:14 | x | -| lib/lib.js:22:9:22:9 | x | -| lib/lib.js:27:6:27:19 | y | -| lib/lib.js:27:10:27:19 | id("safe") | -| lib/lib.js:28:13:28:13 | y | -| lib/lib.js:28:13:28:13 | y | -| lib/lib.js:32:32:32:40 | arguments | -| lib/lib.js:32:32:32:40 | arguments | -| lib/lib.js:35:1:37:1 | 'arguments' object of function usedWithArguments | -| lib/lib.js:35:28:35:31 | name | -| lib/lib.js:36:13:36:16 | name | -| lib/lib.js:36:13:36:16 | name | -| lib/lib.js:41:32:41:35 | name | -| lib/lib.js:41:32:41:35 | name | -| lib/lib.js:42:17:42:20 | name | -| lib/lib.js:42:17:42:20 | name | -| lib/lib.js:44:5:44:25 | name | -| lib/lib.js:44:12:44:15 | name | -| lib/lib.js:44:12:44:25 | name.substr(1) | -| lib/lib.js:45:17:45:20 | name | -| lib/lib.js:45:17:45:20 | name | -| lib/lib.js:52:22:52:25 | name | -| lib/lib.js:52:22:52:25 | name | -| lib/lib.js:53:16:53:19 | name | -| lib/lib.js:53:16:53:19 | name | -| lib/moduleLib/moduleLib.js:1:28:1:31 | name | -| lib/moduleLib/moduleLib.js:1:28:1:31 | name | -| lib/moduleLib/moduleLib.js:2:13:2:16 | name | -| lib/moduleLib/moduleLib.js:2:13:2:16 | name | -| lib/otherLib/js/src/index.js:1:28:1:31 | name | -| lib/otherLib/js/src/index.js:1:28:1:31 | name | -| lib/otherLib/js/src/index.js:2:13:2:16 | name | -| lib/otherLib/js/src/index.js:2:13:2:16 | name | -| lib/snapdragon.js:3:34:3:38 | input | -| lib/snapdragon.js:3:34:3:38 | input | -| lib/snapdragon.js:7:15:7:18 | this | -| lib/snapdragon.js:7:15:7:18 | this | -| lib/snapdragon.js:9:12:9:16 | input | -| lib/snapdragon.js:12:34:12:38 | input | -| lib/snapdragon.js:12:34:12:38 | input | -| lib/snapdragon.js:15:13:15:16 | this | -| lib/snapdragon.js:15:13:15:16 | this | -| lib/snapdragon.js:17:20:17:24 | input | -| lib/snapdragon.js:20:34:20:38 | input | -| lib/snapdragon.js:20:34:20:38 | input | -| lib/snapdragon.js:22:44:22:47 | node | -| lib/snapdragon.js:23:5:23:8 | node | -| lib/snapdragon.js:23:5:23:12 | node.val | -| lib/snapdragon.js:23:5:23:12 | node.val | -| lib/snapdragon.js:25:22:25:26 | input | -| lib/subLib4/factory.js:7:27:7:30 | name | -| lib/subLib4/factory.js:7:27:7:30 | name | -| lib/subLib4/factory.js:8:13:8:16 | name | -| lib/subLib4/factory.js:8:13:8:16 | name | -| lib/subLib5/feature.js:1:28:1:31 | name | -| lib/subLib5/feature.js:1:28:1:31 | name | -| lib/subLib5/feature.js:2:13:2:16 | name | -| lib/subLib5/feature.js:2:13:2:16 | name | -| lib/subLib5/main.js:1:28:1:31 | name | -| lib/subLib5/main.js:1:28:1:31 | name | -| lib/subLib5/main.js:2:13:2:16 | name | -| lib/subLib5/main.js:2:13:2:16 | name | -| lib/subLib5/subclass.js:4:10:4:13 | name | -| lib/subLib5/subclass.js:4:10:4:13 | name | -| lib/subLib5/subclass.js:5:16:5:19 | name | -| lib/subLib5/subclass.js:5:16:5:19 | name | -| lib/subLib6/index.js:1:32:1:35 | name | -| lib/subLib6/index.js:1:32:1:35 | name | -| lib/subLib6/index.js:2:14:2:17 | name | -| lib/subLib6/index.js:2:14:2:17 | name | -| lib/sublib/factory.js:12:26:12:29 | name | -| lib/sublib/factory.js:12:26:12:29 | name | -| lib/sublib/factory.js:13:24:13:27 | name | -| lib/sublib/factory.js:13:24:13:27 | name | -| polynomial-redos.js:5:6:5:32 | tainted | -| polynomial-redos.js:5:16:5:32 | req.query.tainted | -| polynomial-redos.js:5:16:5:32 | req.query.tainted | -| polynomial-redos.js:7:2:7:8 | tainted | -| polynomial-redos.js:7:2:7:8 | tainted | -| polynomial-redos.js:8:2:8:8 | tainted | -| polynomial-redos.js:8:2:8:8 | tainted | -| polynomial-redos.js:9:2:9:8 | tainted | -| polynomial-redos.js:9:2:9:8 | tainted | -| polynomial-redos.js:11:2:11:8 | tainted | -| polynomial-redos.js:11:2:11:8 | tainted | -| polynomial-redos.js:12:2:12:8 | tainted | -| polynomial-redos.js:12:2:12:8 | tainted | -| polynomial-redos.js:15:2:15:8 | tainted | -| polynomial-redos.js:15:2:15:8 | tainted | -| polynomial-redos.js:16:2:16:8 | tainted | -| polynomial-redos.js:16:2:16:8 | tainted | -| polynomial-redos.js:17:23:17:29 | tainted | -| polynomial-redos.js:17:23:17:29 | tainted | -| polynomial-redos.js:18:2:18:8 | tainted | -| polynomial-redos.js:18:2:18:8 | tainted | -| polynomial-redos.js:19:2:19:8 | tainted | -| polynomial-redos.js:19:2:19:8 | tainted | -| polynomial-redos.js:20:2:20:8 | tainted | -| polynomial-redos.js:20:2:20:8 | tainted | -| polynomial-redos.js:25:2:25:8 | tainted | -| polynomial-redos.js:25:2:25:8 | tainted | -| polynomial-redos.js:30:2:30:8 | tainted | -| polynomial-redos.js:30:2:30:8 | tainted | -| polynomial-redos.js:33:2:33:8 | tainted | -| polynomial-redos.js:33:2:33:8 | tainted | -| polynomial-redos.js:36:2:36:8 | tainted | -| polynomial-redos.js:36:2:36:8 | tainted | -| polynomial-redos.js:37:2:37:8 | tainted | -| polynomial-redos.js:37:2:37:8 | tainted | -| polynomial-redos.js:38:2:38:8 | tainted | -| polynomial-redos.js:38:2:38:8 | tainted | -| polynomial-redos.js:40:2:40:8 | tainted | -| polynomial-redos.js:40:2:40:8 | tainted | -| polynomial-redos.js:43:2:43:8 | tainted | -| polynomial-redos.js:43:2:43:8 | tainted | -| polynomial-redos.js:48:2:48:8 | tainted | -| polynomial-redos.js:48:2:48:8 | tainted | -| polynomial-redos.js:50:14:50:20 | tainted | -| polynomial-redos.js:50:14:50:20 | tainted | -| polynomial-redos.js:51:26:51:32 | tainted | -| polynomial-redos.js:51:26:51:32 | tainted | -| polynomial-redos.js:52:22:52:28 | tainted | -| polynomial-redos.js:52:22:52:28 | tainted | -| polynomial-redos.js:53:21:53:27 | tainted | -| polynomial-redos.js:53:21:53:27 | tainted | -| polynomial-redos.js:54:22:54:28 | tainted | -| polynomial-redos.js:54:22:54:28 | tainted | -| polynomial-redos.js:55:23:55:29 | tainted | -| polynomial-redos.js:55:23:55:29 | tainted | -| polynomial-redos.js:56:22:56:28 | tainted | -| polynomial-redos.js:56:22:56:28 | tainted | -| polynomial-redos.js:57:25:57:31 | tainted | -| polynomial-redos.js:57:25:57:31 | tainted | -| polynomial-redos.js:58:21:58:27 | tainted | -| polynomial-redos.js:58:21:58:27 | tainted | -| polynomial-redos.js:59:23:59:29 | tainted | -| polynomial-redos.js:59:23:59:29 | tainted | -| polynomial-redos.js:62:17:62:23 | tainted | -| polynomial-redos.js:62:17:62:23 | tainted | -| polynomial-redos.js:63:21:63:27 | tainted | -| polynomial-redos.js:63:21:63:27 | tainted | -| polynomial-redos.js:64:24:64:30 | tainted | -| polynomial-redos.js:64:24:64:30 | tainted | -| polynomial-redos.js:65:24:65:30 | tainted | -| polynomial-redos.js:65:24:65:30 | tainted | -| polynomial-redos.js:66:19:66:25 | tainted | -| polynomial-redos.js:66:19:66:25 | tainted | -| polynomial-redos.js:67:18:67:24 | tainted | -| polynomial-redos.js:67:18:67:24 | tainted | -| polynomial-redos.js:68:18:68:24 | req.url | -| polynomial-redos.js:68:18:68:24 | req.url | -| polynomial-redos.js:68:18:68:24 | req.url | -| polynomial-redos.js:69:18:69:25 | req.body | -| polynomial-redos.js:69:18:69:25 | req.body | -| polynomial-redos.js:69:18:69:25 | req.body | -| polynomial-redos.js:71:2:71:8 | tainted | -| polynomial-redos.js:71:2:71:8 | tainted | -| polynomial-redos.js:73:2:73:8 | tainted | -| polynomial-redos.js:73:2:73:8 | tainted | -| polynomial-redos.js:75:2:75:8 | tainted | -| polynomial-redos.js:75:2:75:8 | tainted | -| polynomial-redos.js:77:2:77:8 | tainted | -| polynomial-redos.js:77:2:77:8 | tainted | -| polynomial-redos.js:80:2:80:8 | tainted | -| polynomial-redos.js:80:2:80:8 | tainted | -| polynomial-redos.js:81:2:81:8 | tainted | -| polynomial-redos.js:81:2:81:8 | tainted | -| polynomial-redos.js:86:2:86:8 | tainted | -| polynomial-redos.js:86:2:86:8 | tainted | -| polynomial-redos.js:88:2:88:8 | tainted | -| polynomial-redos.js:88:2:88:8 | tainted | -| polynomial-redos.js:89:2:89:8 | tainted | -| polynomial-redos.js:89:2:89:8 | tainted | -| polynomial-redos.js:90:2:90:8 | tainted | -| polynomial-redos.js:90:2:90:8 | tainted | -| polynomial-redos.js:94:2:94:8 | tainted | -| polynomial-redos.js:94:2:94:8 | tainted | -| polynomial-redos.js:95:2:95:8 | tainted | -| polynomial-redos.js:95:2:95:8 | tainted | -| polynomial-redos.js:96:2:96:8 | tainted | -| polynomial-redos.js:96:2:96:8 | tainted | -| polynomial-redos.js:98:2:98:8 | tainted | -| polynomial-redos.js:98:2:98:8 | tainted | -| polynomial-redos.js:100:2:100:8 | tainted | -| polynomial-redos.js:100:2:100:8 | tainted | -| polynomial-redos.js:101:2:101:8 | tainted | -| polynomial-redos.js:101:2:101:8 | tainted | -| polynomial-redos.js:102:2:102:8 | tainted | -| polynomial-redos.js:102:2:102:8 | tainted | -| polynomial-redos.js:103:2:103:8 | tainted | -| polynomial-redos.js:103:2:103:8 | tainted | -| polynomial-redos.js:104:2:104:8 | tainted | -| polynomial-redos.js:104:2:104:8 | tainted | -| polynomial-redos.js:107:2:107:8 | tainted | -| polynomial-redos.js:107:2:107:8 | tainted | -| polynomial-redos.js:108:2:108:8 | tainted | -| polynomial-redos.js:108:2:108:8 | tainted | -| polynomial-redos.js:109:2:109:8 | tainted | -| polynomial-redos.js:109:2:109:8 | tainted | -| polynomial-redos.js:111:2:111:8 | tainted | -| polynomial-redos.js:111:2:111:8 | tainted | -| polynomial-redos.js:112:2:112:8 | tainted | -| polynomial-redos.js:112:2:112:8 | tainted | -| polynomial-redos.js:114:2:114:8 | tainted | -| polynomial-redos.js:114:2:114:8 | tainted | -| polynomial-redos.js:116:2:116:8 | tainted | -| polynomial-redos.js:116:2:116:8 | tainted | -| polynomial-redos.js:118:2:118:8 | tainted | -| polynomial-redos.js:118:2:118:8 | tainted | -| polynomial-redos.js:121:7:121:55 | replaced | -| polynomial-redos.js:121:18:121:24 | tainted | -| polynomial-redos.js:121:18:121:55 | tainted ... /g, '') | -| polynomial-redos.js:123:3:123:20 | result | -| polynomial-redos.js:123:13:123:20 | replaced | -| polynomial-redos.js:124:12:124:17 | result | -| polynomial-redos.js:124:12:124:17 | result | -| polynomial-redos.js:129:6:129:42 | modified | -| polynomial-redos.js:129:17:129:23 | tainted | -| polynomial-redos.js:129:17:129:42 | tainted ... g, "b") | -| polynomial-redos.js:130:2:130:9 | modified | -| polynomial-redos.js:130:2:130:9 | modified | -| polynomial-redos.js:132:6:132:50 | modified2 | -| polynomial-redos.js:132:18:132:24 | tainted | -| polynomial-redos.js:132:18:132:50 | tainted ... g, "e") | -| polynomial-redos.js:133:2:133:10 | modified2 | -| polynomial-redos.js:133:2:133:10 | modified2 | -| polynomial-redos.js:135:9:135:47 | modified3 | -| polynomial-redos.js:135:21:135:27 | tainted | -| polynomial-redos.js:135:21:135:47 | tainted ... /g, "") | -| polynomial-redos.js:136:5:136:13 | modified3 | -| polynomial-redos.js:136:5:136:13 | modified3 | -| polynomial-redos.js:138:5:138:11 | tainted | -| polynomial-redos.js:138:5:138:11 | tainted | edges -| lib/closure.js:3:21:3:21 | x | lib/closure.js:4:16:4:16 | x | -| lib/closure.js:3:21:3:21 | x | lib/closure.js:4:16:4:16 | x | -| lib/closure.js:3:21:3:21 | x | lib/closure.js:4:16:4:16 | x | -| lib/closure.js:3:21:3:21 | x | lib/closure.js:4:16:4:16 | x | -| lib/indirect.js:1:32:1:32 | x | lib/indirect.js:2:16:2:16 | x | -| lib/indirect.js:1:32:1:32 | x | lib/indirect.js:2:16:2:16 | x | -| lib/indirect.js:1:32:1:32 | x | lib/indirect.js:2:16:2:16 | x | -| lib/indirect.js:1:32:1:32 | x | lib/indirect.js:2:16:2:16 | x | -| lib/lib.js:3:28:3:31 | name | lib/lib.js:4:14:4:17 | name | -| lib/lib.js:3:28:3:31 | name | lib/lib.js:4:14:4:17 | name | -| lib/lib.js:3:28:3:31 | name | lib/lib.js:4:14:4:17 | name | -| lib/lib.js:3:28:3:31 | name | lib/lib.js:4:14:4:17 | name | -| lib/lib.js:7:19:7:22 | name | lib/lib.js:8:13:8:16 | name | -| lib/lib.js:7:19:7:22 | name | lib/lib.js:8:13:8:16 | name | -| lib/lib.js:7:19:7:22 | name | lib/lib.js:8:13:8:16 | name | -| lib/lib.js:7:19:7:22 | name | lib/lib.js:8:13:8:16 | name | -| lib/lib.js:21:14:21:14 | x | lib/lib.js:22:9:22:9 | x | -| lib/lib.js:21:14:21:14 | x | lib/lib.js:22:9:22:9 | x | -| lib/lib.js:22:9:22:9 | x | lib/lib.js:27:10:27:19 | id("safe") | -| lib/lib.js:27:6:27:19 | y | lib/lib.js:28:13:28:13 | y | -| lib/lib.js:27:6:27:19 | y | lib/lib.js:28:13:28:13 | y | -| lib/lib.js:27:10:27:19 | id("safe") | lib/lib.js:27:6:27:19 | y | -| lib/lib.js:32:32:32:40 | arguments | lib/lib.js:35:1:37:1 | 'arguments' object of function usedWithArguments | -| lib/lib.js:32:32:32:40 | arguments | lib/lib.js:35:1:37:1 | 'arguments' object of function usedWithArguments | -| lib/lib.js:35:1:37:1 | 'arguments' object of function usedWithArguments | lib/lib.js:35:28:35:31 | name | -| lib/lib.js:35:28:35:31 | name | lib/lib.js:36:13:36:16 | name | -| lib/lib.js:35:28:35:31 | name | lib/lib.js:36:13:36:16 | name | -| lib/lib.js:41:32:41:35 | name | lib/lib.js:42:17:42:20 | name | -| lib/lib.js:41:32:41:35 | name | lib/lib.js:42:17:42:20 | name | -| lib/lib.js:41:32:41:35 | name | lib/lib.js:42:17:42:20 | name | -| lib/lib.js:41:32:41:35 | name | lib/lib.js:42:17:42:20 | name | -| lib/lib.js:41:32:41:35 | name | lib/lib.js:44:12:44:15 | name | -| lib/lib.js:41:32:41:35 | name | lib/lib.js:44:12:44:15 | name | -| lib/lib.js:44:5:44:25 | name | lib/lib.js:45:17:45:20 | name | -| lib/lib.js:44:5:44:25 | name | lib/lib.js:45:17:45:20 | name | -| lib/lib.js:44:12:44:15 | name | lib/lib.js:44:12:44:25 | name.substr(1) | -| lib/lib.js:44:12:44:25 | name.substr(1) | lib/lib.js:44:5:44:25 | name | -| lib/lib.js:52:22:52:25 | name | lib/lib.js:53:16:53:19 | name | -| lib/lib.js:52:22:52:25 | name | lib/lib.js:53:16:53:19 | name | -| lib/lib.js:52:22:52:25 | name | lib/lib.js:53:16:53:19 | name | -| lib/lib.js:52:22:52:25 | name | lib/lib.js:53:16:53:19 | name | -| lib/moduleLib/moduleLib.js:1:28:1:31 | name | lib/moduleLib/moduleLib.js:2:13:2:16 | name | -| lib/moduleLib/moduleLib.js:1:28:1:31 | name | lib/moduleLib/moduleLib.js:2:13:2:16 | name | -| lib/moduleLib/moduleLib.js:1:28:1:31 | name | lib/moduleLib/moduleLib.js:2:13:2:16 | name | -| lib/moduleLib/moduleLib.js:1:28:1:31 | name | lib/moduleLib/moduleLib.js:2:13:2:16 | name | -| lib/otherLib/js/src/index.js:1:28:1:31 | name | lib/otherLib/js/src/index.js:2:13:2:16 | name | -| lib/otherLib/js/src/index.js:1:28:1:31 | name | lib/otherLib/js/src/index.js:2:13:2:16 | name | -| lib/otherLib/js/src/index.js:1:28:1:31 | name | lib/otherLib/js/src/index.js:2:13:2:16 | name | -| lib/otherLib/js/src/index.js:1:28:1:31 | name | lib/otherLib/js/src/index.js:2:13:2:16 | name | -| lib/snapdragon.js:3:34:3:38 | input | lib/snapdragon.js:9:12:9:16 | input | -| lib/snapdragon.js:3:34:3:38 | input | lib/snapdragon.js:9:12:9:16 | input | -| lib/snapdragon.js:9:12:9:16 | input | lib/snapdragon.js:7:15:7:18 | this | -| lib/snapdragon.js:9:12:9:16 | input | lib/snapdragon.js:7:15:7:18 | this | -| lib/snapdragon.js:12:34:12:38 | input | lib/snapdragon.js:17:20:17:24 | input | -| lib/snapdragon.js:12:34:12:38 | input | lib/snapdragon.js:17:20:17:24 | input | -| lib/snapdragon.js:17:20:17:24 | input | lib/snapdragon.js:15:13:15:16 | this | -| lib/snapdragon.js:17:20:17:24 | input | lib/snapdragon.js:15:13:15:16 | this | -| lib/snapdragon.js:20:34:20:38 | input | lib/snapdragon.js:25:22:25:26 | input | -| lib/snapdragon.js:20:34:20:38 | input | lib/snapdragon.js:25:22:25:26 | input | -| lib/snapdragon.js:22:44:22:47 | node | lib/snapdragon.js:23:5:23:8 | node | -| lib/snapdragon.js:23:5:23:8 | node | lib/snapdragon.js:23:5:23:12 | node.val | -| lib/snapdragon.js:23:5:23:8 | node | lib/snapdragon.js:23:5:23:12 | node.val | -| lib/snapdragon.js:25:22:25:26 | input | lib/snapdragon.js:22:44:22:47 | node | -| lib/subLib4/factory.js:7:27:7:30 | name | lib/subLib4/factory.js:8:13:8:16 | name | -| lib/subLib4/factory.js:7:27:7:30 | name | lib/subLib4/factory.js:8:13:8:16 | name | -| lib/subLib4/factory.js:7:27:7:30 | name | lib/subLib4/factory.js:8:13:8:16 | name | -| lib/subLib4/factory.js:7:27:7:30 | name | lib/subLib4/factory.js:8:13:8:16 | name | -| lib/subLib5/feature.js:1:28:1:31 | name | lib/subLib5/feature.js:2:13:2:16 | name | -| lib/subLib5/feature.js:1:28:1:31 | name | lib/subLib5/feature.js:2:13:2:16 | name | -| lib/subLib5/feature.js:1:28:1:31 | name | lib/subLib5/feature.js:2:13:2:16 | name | -| lib/subLib5/feature.js:1:28:1:31 | name | lib/subLib5/feature.js:2:13:2:16 | name | -| lib/subLib5/main.js:1:28:1:31 | name | lib/subLib5/main.js:2:13:2:16 | name | -| lib/subLib5/main.js:1:28:1:31 | name | lib/subLib5/main.js:2:13:2:16 | name | -| lib/subLib5/main.js:1:28:1:31 | name | lib/subLib5/main.js:2:13:2:16 | name | -| lib/subLib5/main.js:1:28:1:31 | name | lib/subLib5/main.js:2:13:2:16 | name | -| lib/subLib5/subclass.js:4:10:4:13 | name | lib/subLib5/subclass.js:5:16:5:19 | name | -| lib/subLib5/subclass.js:4:10:4:13 | name | lib/subLib5/subclass.js:5:16:5:19 | name | -| lib/subLib5/subclass.js:4:10:4:13 | name | lib/subLib5/subclass.js:5:16:5:19 | name | -| lib/subLib5/subclass.js:4:10:4:13 | name | lib/subLib5/subclass.js:5:16:5:19 | name | -| lib/subLib6/index.js:1:32:1:35 | name | lib/subLib6/index.js:2:14:2:17 | name | -| lib/subLib6/index.js:1:32:1:35 | name | lib/subLib6/index.js:2:14:2:17 | name | -| lib/subLib6/index.js:1:32:1:35 | name | lib/subLib6/index.js:2:14:2:17 | name | -| lib/subLib6/index.js:1:32:1:35 | name | lib/subLib6/index.js:2:14:2:17 | name | -| lib/sublib/factory.js:12:26:12:29 | name | lib/sublib/factory.js:13:24:13:27 | name | -| lib/sublib/factory.js:12:26:12:29 | name | lib/sublib/factory.js:13:24:13:27 | name | -| lib/sublib/factory.js:12:26:12:29 | name | lib/sublib/factory.js:13:24:13:27 | name | -| lib/sublib/factory.js:12:26:12:29 | name | lib/sublib/factory.js:13:24:13:27 | name | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:7:2:7:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:7:2:7:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:8:2:8:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:8:2:8:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:9:2:9:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:9:2:9:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:11:2:11:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:11:2:11:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:12:2:12:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:12:2:12:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:15:2:15:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:15:2:15:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:16:2:16:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:16:2:16:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:17:23:17:29 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:17:23:17:29 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:18:2:18:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:18:2:18:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:19:2:19:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:19:2:19:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:20:2:20:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:20:2:20:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:25:2:25:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:25:2:25:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:30:2:30:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:30:2:30:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:33:2:33:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:33:2:33:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:36:2:36:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:36:2:36:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:37:2:37:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:37:2:37:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:38:2:38:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:38:2:38:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:40:2:40:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:40:2:40:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:43:2:43:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:43:2:43:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:48:2:48:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:48:2:48:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:50:14:50:20 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:50:14:50:20 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:51:26:51:32 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:51:26:51:32 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:52:22:52:28 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:52:22:52:28 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:53:21:53:27 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:53:21:53:27 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:54:22:54:28 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:54:22:54:28 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:55:23:55:29 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:55:23:55:29 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:56:22:56:28 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:56:22:56:28 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:57:25:57:31 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:57:25:57:31 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:58:21:58:27 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:58:21:58:27 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:59:23:59:29 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:59:23:59:29 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:62:17:62:23 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:62:17:62:23 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:63:21:63:27 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:63:21:63:27 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:64:24:64:30 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:64:24:64:30 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:65:24:65:30 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:65:24:65:30 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:66:19:66:25 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:66:19:66:25 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:67:18:67:24 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:67:18:67:24 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:71:2:71:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:71:2:71:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:73:2:73:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:73:2:73:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:75:2:75:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:75:2:75:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:77:2:77:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:77:2:77:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:80:2:80:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:80:2:80:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:81:2:81:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:81:2:81:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:86:2:86:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:86:2:86:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:88:2:88:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:88:2:88:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:89:2:89:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:89:2:89:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:90:2:90:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:90:2:90:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:94:2:94:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:94:2:94:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:95:2:95:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:95:2:95:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:96:2:96:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:96:2:96:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:98:2:98:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:98:2:98:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:100:2:100:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:100:2:100:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:101:2:101:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:101:2:101:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:102:2:102:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:102:2:102:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:103:2:103:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:103:2:103:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:104:2:104:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:104:2:104:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:107:2:107:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:107:2:107:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:108:2:108:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:108:2:108:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:109:2:109:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:109:2:109:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:111:2:111:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:111:2:111:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:112:2:112:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:112:2:112:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:114:2:114:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:114:2:114:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:116:2:116:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:116:2:116:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:118:2:118:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:118:2:118:8 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:121:18:121:24 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:129:17:129:23 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:132:18:132:24 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:135:21:135:27 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:138:5:138:11 | tainted | -| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:138:5:138:11 | tainted | -| polynomial-redos.js:5:16:5:32 | req.query.tainted | polynomial-redos.js:5:6:5:32 | tainted | -| polynomial-redos.js:5:16:5:32 | req.query.tainted | polynomial-redos.js:5:6:5:32 | tainted | -| polynomial-redos.js:68:18:68:24 | req.url | polynomial-redos.js:68:18:68:24 | req.url | -| polynomial-redos.js:69:18:69:25 | req.body | polynomial-redos.js:69:18:69:25 | req.body | -| polynomial-redos.js:121:7:121:55 | replaced | polynomial-redos.js:123:13:123:20 | replaced | -| polynomial-redos.js:121:18:121:24 | tainted | polynomial-redos.js:121:18:121:55 | tainted ... /g, '') | -| polynomial-redos.js:121:18:121:55 | tainted ... /g, '') | polynomial-redos.js:121:7:121:55 | replaced | -| polynomial-redos.js:123:3:123:20 | result | polynomial-redos.js:124:12:124:17 | result | -| polynomial-redos.js:123:3:123:20 | result | polynomial-redos.js:124:12:124:17 | result | -| polynomial-redos.js:123:13:123:20 | replaced | polynomial-redos.js:123:3:123:20 | result | -| polynomial-redos.js:129:6:129:42 | modified | polynomial-redos.js:130:2:130:9 | modified | -| polynomial-redos.js:129:6:129:42 | modified | polynomial-redos.js:130:2:130:9 | modified | -| polynomial-redos.js:129:17:129:23 | tainted | polynomial-redos.js:129:17:129:42 | tainted ... g, "b") | -| polynomial-redos.js:129:17:129:42 | tainted ... g, "b") | polynomial-redos.js:129:6:129:42 | modified | -| polynomial-redos.js:132:6:132:50 | modified2 | polynomial-redos.js:133:2:133:10 | modified2 | -| polynomial-redos.js:132:6:132:50 | modified2 | polynomial-redos.js:133:2:133:10 | modified2 | -| polynomial-redos.js:132:18:132:24 | tainted | polynomial-redos.js:132:18:132:50 | tainted ... g, "e") | -| polynomial-redos.js:132:18:132:50 | tainted ... g, "e") | polynomial-redos.js:132:6:132:50 | modified2 | -| polynomial-redos.js:135:9:135:47 | modified3 | polynomial-redos.js:136:5:136:13 | modified3 | -| polynomial-redos.js:135:9:135:47 | modified3 | polynomial-redos.js:136:5:136:13 | modified3 | -| polynomial-redos.js:135:21:135:27 | tainted | polynomial-redos.js:135:21:135:47 | tainted ... /g, "") | -| polynomial-redos.js:135:21:135:47 | tainted ... /g, "") | polynomial-redos.js:135:9:135:47 | modified3 | +| lib/closure.js:3:21:3:21 | x | lib/closure.js:4:16:4:16 | x | provenance | | +| lib/indirect.js:1:32:1:32 | x | lib/indirect.js:2:16:2:16 | x | provenance | | +| lib/lib.js:3:28:3:31 | name | lib/lib.js:4:14:4:17 | name | provenance | | +| lib/lib.js:7:19:7:22 | name | lib/lib.js:8:13:8:16 | name | provenance | | +| lib/lib.js:32:32:32:40 | arguments | lib/lib.js:35:1:37:1 | 'arguments' object of function usedWithArguments | provenance | | +| lib/lib.js:35:1:37:1 | 'arguments' object of function usedWithArguments | lib/lib.js:35:28:35:31 | name | provenance | | +| lib/lib.js:35:28:35:31 | name | lib/lib.js:36:13:36:16 | name | provenance | | +| lib/lib.js:41:32:41:35 | name | lib/lib.js:42:17:42:20 | name | provenance | | +| lib/lib.js:41:32:41:35 | name | lib/lib.js:44:12:44:15 | name | provenance | | +| lib/lib.js:44:5:44:25 | name | lib/lib.js:45:17:45:20 | name | provenance | | +| lib/lib.js:44:12:44:15 | name | lib/lib.js:44:12:44:25 | name.substr(1) | provenance | | +| lib/lib.js:44:12:44:25 | name.substr(1) | lib/lib.js:44:5:44:25 | name | provenance | | +| lib/lib.js:52:22:52:25 | name | lib/lib.js:53:16:53:19 | name | provenance | | +| lib/moduleLib/moduleLib.js:1:28:1:31 | name | lib/moduleLib/moduleLib.js:2:13:2:16 | name | provenance | | +| lib/otherLib/js/src/index.js:1:28:1:31 | name | lib/otherLib/js/src/index.js:2:13:2:16 | name | provenance | | +| lib/snapdragon.js:3:34:3:38 | input | lib/snapdragon.js:9:12:9:16 | input | provenance | | +| lib/snapdragon.js:9:12:9:16 | input | lib/snapdragon.js:7:15:7:18 | this | provenance | | +| lib/snapdragon.js:12:34:12:38 | input | lib/snapdragon.js:17:20:17:24 | input | provenance | | +| lib/snapdragon.js:17:20:17:24 | input | lib/snapdragon.js:15:13:15:16 | this | provenance | | +| lib/snapdragon.js:20:34:20:38 | input | lib/snapdragon.js:25:22:25:26 | input | provenance | | +| lib/snapdragon.js:22:44:22:47 | node | lib/snapdragon.js:23:5:23:8 | node | provenance | | +| lib/snapdragon.js:23:5:23:8 | node | lib/snapdragon.js:23:5:23:12 | node.val | provenance | | +| lib/snapdragon.js:25:22:25:26 | input | lib/snapdragon.js:22:44:22:47 | node | provenance | | +| lib/subLib4/factory.js:7:27:7:30 | name | lib/subLib4/factory.js:8:13:8:16 | name | provenance | | +| lib/subLib5/feature.js:1:28:1:31 | name | lib/subLib5/feature.js:2:13:2:16 | name | provenance | | +| lib/subLib5/main.js:1:28:1:31 | name | lib/subLib5/main.js:2:13:2:16 | name | provenance | | +| lib/subLib5/subclass.js:4:10:4:13 | name | lib/subLib5/subclass.js:5:16:5:19 | name | provenance | | +| lib/subLib6/index.js:1:32:1:35 | name | lib/subLib6/index.js:2:14:2:17 | name | provenance | | +| lib/sublib/factory.js:12:26:12:29 | name | lib/sublib/factory.js:13:24:13:27 | name | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:7:2:7:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:7:2:7:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:8:2:8:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:8:2:8:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:9:2:9:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:9:2:9:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:10:2:10:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:11:2:11:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:11:2:11:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:12:2:12:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:12:2:12:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:13:2:13:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:14:2:14:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:15:2:15:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:15:2:15:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:16:2:16:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:16:2:16:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:17:23:17:29 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:17:23:17:29 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:18:2:18:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:18:2:18:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:19:2:19:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:19:2:19:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:20:2:20:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:20:2:20:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:21:6:21:12 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:25:2:25:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:25:2:25:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:26:2:26:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:27:77:27:83 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:28:76:28:82 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:30:2:30:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:30:2:30:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:31:2:31:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:32:2:32:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:33:2:33:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:33:2:33:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:34:2:34:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:36:2:36:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:36:2:36:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:37:2:37:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:37:2:37:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:38:2:38:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:38:2:38:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:40:2:40:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:40:2:40:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:41:2:41:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:43:2:43:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:43:2:43:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:44:2:44:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:46:2:46:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:47:2:47:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:48:2:48:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:48:2:48:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:50:14:50:20 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:50:14:50:20 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:51:26:51:32 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:51:26:51:32 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:52:22:52:28 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:52:22:52:28 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:53:21:53:27 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:53:21:53:27 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:54:22:54:28 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:54:22:54:28 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:55:23:55:29 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:55:23:55:29 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:56:22:56:28 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:56:22:56:28 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:57:25:57:31 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:57:25:57:31 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:58:21:58:27 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:58:21:58:27 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:59:23:59:29 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:59:23:59:29 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:60:17:60:23 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:61:18:61:24 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:62:17:62:23 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:62:17:62:23 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:63:21:63:27 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:63:21:63:27 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:64:24:64:30 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:64:24:64:30 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:65:24:65:30 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:65:24:65:30 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:66:19:66:25 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:66:19:66:25 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:67:18:67:24 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:67:18:67:24 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:71:2:71:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:71:2:71:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:73:2:73:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:73:2:73:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:75:2:75:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:75:2:75:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:77:2:77:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:77:2:77:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:80:2:80:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:80:2:80:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:81:2:81:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:81:2:81:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:82:2:82:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:83:2:83:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:84:2:84:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:86:2:86:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:86:2:86:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:88:2:88:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:88:2:88:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:89:2:89:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:89:2:89:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:90:2:90:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:90:2:90:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:91:2:91:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:92:2:92:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:94:2:94:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:94:2:94:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:95:2:95:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:95:2:95:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:96:2:96:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:96:2:96:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:98:2:98:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:98:2:98:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:100:2:100:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:100:2:100:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:101:2:101:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:101:2:101:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:102:2:102:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:102:2:102:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:103:2:103:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:103:2:103:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:104:2:104:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:104:2:104:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:105:2:105:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:107:2:107:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:107:2:107:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:108:2:108:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:108:2:108:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:109:2:109:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:109:2:109:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:111:2:111:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:111:2:111:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:112:2:112:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:112:2:112:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:114:2:114:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:114:2:114:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:116:2:116:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:116:2:116:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:118:2:118:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:118:2:118:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:127:2:127:8 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:129:17:129:23 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:132:18:132:24 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:135:21:135:27 | tainted | provenance | | +| polynomial-redos.js:5:6:5:32 | tainted | polynomial-redos.js:138:5:138:11 | tainted | provenance | | +| polynomial-redos.js:5:16:5:32 | req.query.tainted | polynomial-redos.js:5:6:5:32 | tainted | provenance | | +| polynomial-redos.js:7:2:7:8 | tainted | polynomial-redos.js:8:2:8:8 | tainted | provenance | | +| polynomial-redos.js:7:2:7:8 | tainted | polynomial-redos.js:8:2:8:8 | tainted | provenance | | +| polynomial-redos.js:8:2:8:8 | tainted | polynomial-redos.js:9:2:9:8 | tainted | provenance | | +| polynomial-redos.js:8:2:8:8 | tainted | polynomial-redos.js:9:2:9:8 | tainted | provenance | | +| polynomial-redos.js:9:2:9:8 | tainted | polynomial-redos.js:10:2:10:8 | tainted | provenance | | +| polynomial-redos.js:10:2:10:8 | tainted | polynomial-redos.js:11:2:11:8 | tainted | provenance | | +| polynomial-redos.js:10:2:10:8 | tainted | polynomial-redos.js:11:2:11:8 | tainted | provenance | | +| polynomial-redos.js:11:2:11:8 | tainted | polynomial-redos.js:12:2:12:8 | tainted | provenance | | +| polynomial-redos.js:11:2:11:8 | tainted | polynomial-redos.js:12:2:12:8 | tainted | provenance | | +| polynomial-redos.js:12:2:12:8 | tainted | polynomial-redos.js:13:2:13:8 | tainted | provenance | | +| polynomial-redos.js:13:2:13:8 | tainted | polynomial-redos.js:14:2:14:8 | tainted | provenance | | +| polynomial-redos.js:14:2:14:8 | tainted | polynomial-redos.js:15:2:15:8 | tainted | provenance | | +| polynomial-redos.js:14:2:14:8 | tainted | polynomial-redos.js:15:2:15:8 | tainted | provenance | | +| polynomial-redos.js:15:2:15:8 | tainted | polynomial-redos.js:16:2:16:8 | tainted | provenance | | +| polynomial-redos.js:15:2:15:8 | tainted | polynomial-redos.js:16:2:16:8 | tainted | provenance | | +| polynomial-redos.js:16:2:16:8 | tainted | polynomial-redos.js:17:23:17:29 | tainted | provenance | | +| polynomial-redos.js:16:2:16:8 | tainted | polynomial-redos.js:17:23:17:29 | tainted | provenance | | +| polynomial-redos.js:17:23:17:29 | tainted | polynomial-redos.js:18:2:18:8 | tainted | provenance | | +| polynomial-redos.js:17:23:17:29 | tainted | polynomial-redos.js:18:2:18:8 | tainted | provenance | | +| polynomial-redos.js:18:2:18:8 | tainted | polynomial-redos.js:19:2:19:8 | tainted | provenance | | +| polynomial-redos.js:18:2:18:8 | tainted | polynomial-redos.js:19:2:19:8 | tainted | provenance | | +| polynomial-redos.js:19:2:19:8 | tainted | polynomial-redos.js:20:2:20:8 | tainted | provenance | | +| polynomial-redos.js:19:2:19:8 | tainted | polynomial-redos.js:20:2:20:8 | tainted | provenance | | +| polynomial-redos.js:20:2:20:8 | tainted | polynomial-redos.js:21:6:21:12 | tainted | provenance | | +| polynomial-redos.js:21:6:21:12 | tainted | polynomial-redos.js:25:2:25:8 | tainted | provenance | | +| polynomial-redos.js:21:6:21:12 | tainted | polynomial-redos.js:25:2:25:8 | tainted | provenance | | +| polynomial-redos.js:25:2:25:8 | tainted | polynomial-redos.js:26:2:26:8 | tainted | provenance | | +| polynomial-redos.js:26:2:26:8 | tainted | polynomial-redos.js:27:77:27:83 | tainted | provenance | | +| polynomial-redos.js:27:77:27:83 | tainted | polynomial-redos.js:28:76:28:82 | tainted | provenance | | +| polynomial-redos.js:28:76:28:82 | tainted | polynomial-redos.js:30:2:30:8 | tainted | provenance | | +| polynomial-redos.js:28:76:28:82 | tainted | polynomial-redos.js:30:2:30:8 | tainted | provenance | | +| polynomial-redos.js:30:2:30:8 | tainted | polynomial-redos.js:31:2:31:8 | tainted | provenance | | +| polynomial-redos.js:31:2:31:8 | tainted | polynomial-redos.js:32:2:32:8 | tainted | provenance | | +| polynomial-redos.js:32:2:32:8 | tainted | polynomial-redos.js:33:2:33:8 | tainted | provenance | | +| polynomial-redos.js:32:2:32:8 | tainted | polynomial-redos.js:33:2:33:8 | tainted | provenance | | +| polynomial-redos.js:33:2:33:8 | tainted | polynomial-redos.js:34:2:34:8 | tainted | provenance | | +| polynomial-redos.js:34:2:34:8 | tainted | polynomial-redos.js:36:2:36:8 | tainted | provenance | | +| polynomial-redos.js:34:2:34:8 | tainted | polynomial-redos.js:36:2:36:8 | tainted | provenance | | +| polynomial-redos.js:36:2:36:8 | tainted | polynomial-redos.js:37:2:37:8 | tainted | provenance | | +| polynomial-redos.js:36:2:36:8 | tainted | polynomial-redos.js:37:2:37:8 | tainted | provenance | | +| polynomial-redos.js:37:2:37:8 | tainted | polynomial-redos.js:38:2:38:8 | tainted | provenance | | +| polynomial-redos.js:37:2:37:8 | tainted | polynomial-redos.js:38:2:38:8 | tainted | provenance | | +| polynomial-redos.js:38:2:38:8 | tainted | polynomial-redos.js:40:2:40:8 | tainted | provenance | | +| polynomial-redos.js:38:2:38:8 | tainted | polynomial-redos.js:40:2:40:8 | tainted | provenance | | +| polynomial-redos.js:40:2:40:8 | tainted | polynomial-redos.js:41:2:41:8 | tainted | provenance | | +| polynomial-redos.js:41:2:41:8 | tainted | polynomial-redos.js:43:2:43:8 | tainted | provenance | | +| polynomial-redos.js:41:2:41:8 | tainted | polynomial-redos.js:43:2:43:8 | tainted | provenance | | +| polynomial-redos.js:43:2:43:8 | tainted | polynomial-redos.js:44:2:44:8 | tainted | provenance | | +| polynomial-redos.js:44:2:44:8 | tainted | polynomial-redos.js:46:2:46:8 | tainted | provenance | | +| polynomial-redos.js:46:2:46:8 | tainted | polynomial-redos.js:47:2:47:8 | tainted | provenance | | +| polynomial-redos.js:47:2:47:8 | tainted | polynomial-redos.js:48:2:48:8 | tainted | provenance | | +| polynomial-redos.js:47:2:47:8 | tainted | polynomial-redos.js:48:2:48:8 | tainted | provenance | | +| polynomial-redos.js:48:2:48:8 | tainted | polynomial-redos.js:50:14:50:20 | tainted | provenance | | +| polynomial-redos.js:48:2:48:8 | tainted | polynomial-redos.js:50:14:50:20 | tainted | provenance | | +| polynomial-redos.js:50:14:50:20 | tainted | polynomial-redos.js:51:26:51:32 | tainted | provenance | | +| polynomial-redos.js:50:14:50:20 | tainted | polynomial-redos.js:51:26:51:32 | tainted | provenance | | +| polynomial-redos.js:51:26:51:32 | tainted | polynomial-redos.js:52:22:52:28 | tainted | provenance | | +| polynomial-redos.js:51:26:51:32 | tainted | polynomial-redos.js:52:22:52:28 | tainted | provenance | | +| polynomial-redos.js:52:22:52:28 | tainted | polynomial-redos.js:53:21:53:27 | tainted | provenance | | +| polynomial-redos.js:52:22:52:28 | tainted | polynomial-redos.js:53:21:53:27 | tainted | provenance | | +| polynomial-redos.js:53:21:53:27 | tainted | polynomial-redos.js:54:22:54:28 | tainted | provenance | | +| polynomial-redos.js:53:21:53:27 | tainted | polynomial-redos.js:54:22:54:28 | tainted | provenance | | +| polynomial-redos.js:54:22:54:28 | tainted | polynomial-redos.js:55:23:55:29 | tainted | provenance | | +| polynomial-redos.js:54:22:54:28 | tainted | polynomial-redos.js:55:23:55:29 | tainted | provenance | | +| polynomial-redos.js:55:23:55:29 | tainted | polynomial-redos.js:56:22:56:28 | tainted | provenance | | +| polynomial-redos.js:55:23:55:29 | tainted | polynomial-redos.js:56:22:56:28 | tainted | provenance | | +| polynomial-redos.js:56:22:56:28 | tainted | polynomial-redos.js:57:25:57:31 | tainted | provenance | | +| polynomial-redos.js:56:22:56:28 | tainted | polynomial-redos.js:57:25:57:31 | tainted | provenance | | +| polynomial-redos.js:57:25:57:31 | tainted | polynomial-redos.js:58:21:58:27 | tainted | provenance | | +| polynomial-redos.js:57:25:57:31 | tainted | polynomial-redos.js:58:21:58:27 | tainted | provenance | | +| polynomial-redos.js:58:21:58:27 | tainted | polynomial-redos.js:59:23:59:29 | tainted | provenance | | +| polynomial-redos.js:58:21:58:27 | tainted | polynomial-redos.js:59:23:59:29 | tainted | provenance | | +| polynomial-redos.js:59:23:59:29 | tainted | polynomial-redos.js:60:17:60:23 | tainted | provenance | | +| polynomial-redos.js:60:17:60:23 | tainted | polynomial-redos.js:61:18:61:24 | tainted | provenance | | +| polynomial-redos.js:61:18:61:24 | tainted | polynomial-redos.js:62:17:62:23 | tainted | provenance | | +| polynomial-redos.js:61:18:61:24 | tainted | polynomial-redos.js:62:17:62:23 | tainted | provenance | | +| polynomial-redos.js:62:17:62:23 | tainted | polynomial-redos.js:63:21:63:27 | tainted | provenance | | +| polynomial-redos.js:62:17:62:23 | tainted | polynomial-redos.js:63:21:63:27 | tainted | provenance | | +| polynomial-redos.js:63:21:63:27 | tainted | polynomial-redos.js:64:24:64:30 | tainted | provenance | | +| polynomial-redos.js:63:21:63:27 | tainted | polynomial-redos.js:64:24:64:30 | tainted | provenance | | +| polynomial-redos.js:64:24:64:30 | tainted | polynomial-redos.js:65:24:65:30 | tainted | provenance | | +| polynomial-redos.js:64:24:64:30 | tainted | polynomial-redos.js:65:24:65:30 | tainted | provenance | | +| polynomial-redos.js:65:24:65:30 | tainted | polynomial-redos.js:66:19:66:25 | tainted | provenance | | +| polynomial-redos.js:65:24:65:30 | tainted | polynomial-redos.js:66:19:66:25 | tainted | provenance | | +| polynomial-redos.js:66:19:66:25 | tainted | polynomial-redos.js:67:18:67:24 | tainted | provenance | | +| polynomial-redos.js:66:19:66:25 | tainted | polynomial-redos.js:67:18:67:24 | tainted | provenance | | +| polynomial-redos.js:67:18:67:24 | tainted | polynomial-redos.js:71:2:71:8 | tainted | provenance | | +| polynomial-redos.js:67:18:67:24 | tainted | polynomial-redos.js:71:2:71:8 | tainted | provenance | | +| polynomial-redos.js:71:2:71:8 | tainted | polynomial-redos.js:73:2:73:8 | tainted | provenance | | +| polynomial-redos.js:71:2:71:8 | tainted | polynomial-redos.js:73:2:73:8 | tainted | provenance | | +| polynomial-redos.js:73:2:73:8 | tainted | polynomial-redos.js:75:2:75:8 | tainted | provenance | | +| polynomial-redos.js:73:2:73:8 | tainted | polynomial-redos.js:75:2:75:8 | tainted | provenance | | +| polynomial-redos.js:75:2:75:8 | tainted | polynomial-redos.js:77:2:77:8 | tainted | provenance | | +| polynomial-redos.js:75:2:75:8 | tainted | polynomial-redos.js:77:2:77:8 | tainted | provenance | | +| polynomial-redos.js:77:2:77:8 | tainted | polynomial-redos.js:80:2:80:8 | tainted | provenance | | +| polynomial-redos.js:77:2:77:8 | tainted | polynomial-redos.js:80:2:80:8 | tainted | provenance | | +| polynomial-redos.js:80:2:80:8 | tainted | polynomial-redos.js:81:2:81:8 | tainted | provenance | | +| polynomial-redos.js:80:2:80:8 | tainted | polynomial-redos.js:81:2:81:8 | tainted | provenance | | +| polynomial-redos.js:81:2:81:8 | tainted | polynomial-redos.js:82:2:82:8 | tainted | provenance | | +| polynomial-redos.js:82:2:82:8 | tainted | polynomial-redos.js:83:2:83:8 | tainted | provenance | | +| polynomial-redos.js:83:2:83:8 | tainted | polynomial-redos.js:84:2:84:8 | tainted | provenance | | +| polynomial-redos.js:84:2:84:8 | tainted | polynomial-redos.js:86:2:86:8 | tainted | provenance | | +| polynomial-redos.js:84:2:84:8 | tainted | polynomial-redos.js:86:2:86:8 | tainted | provenance | | +| polynomial-redos.js:86:2:86:8 | tainted | polynomial-redos.js:88:2:88:8 | tainted | provenance | | +| polynomial-redos.js:86:2:86:8 | tainted | polynomial-redos.js:88:2:88:8 | tainted | provenance | | +| polynomial-redos.js:88:2:88:8 | tainted | polynomial-redos.js:89:2:89:8 | tainted | provenance | | +| polynomial-redos.js:88:2:88:8 | tainted | polynomial-redos.js:89:2:89:8 | tainted | provenance | | +| polynomial-redos.js:89:2:89:8 | tainted | polynomial-redos.js:90:2:90:8 | tainted | provenance | | +| polynomial-redos.js:89:2:89:8 | tainted | polynomial-redos.js:90:2:90:8 | tainted | provenance | | +| polynomial-redos.js:90:2:90:8 | tainted | polynomial-redos.js:91:2:91:8 | tainted | provenance | | +| polynomial-redos.js:91:2:91:8 | tainted | polynomial-redos.js:92:2:92:8 | tainted | provenance | | +| polynomial-redos.js:92:2:92:8 | tainted | polynomial-redos.js:94:2:94:8 | tainted | provenance | | +| polynomial-redos.js:92:2:92:8 | tainted | polynomial-redos.js:94:2:94:8 | tainted | provenance | | +| polynomial-redos.js:94:2:94:8 | tainted | polynomial-redos.js:95:2:95:8 | tainted | provenance | | +| polynomial-redos.js:94:2:94:8 | tainted | polynomial-redos.js:95:2:95:8 | tainted | provenance | | +| polynomial-redos.js:95:2:95:8 | tainted | polynomial-redos.js:96:2:96:8 | tainted | provenance | | +| polynomial-redos.js:95:2:95:8 | tainted | polynomial-redos.js:96:2:96:8 | tainted | provenance | | +| polynomial-redos.js:96:2:96:8 | tainted | polynomial-redos.js:98:2:98:8 | tainted | provenance | | +| polynomial-redos.js:96:2:96:8 | tainted | polynomial-redos.js:98:2:98:8 | tainted | provenance | | +| polynomial-redos.js:98:2:98:8 | tainted | polynomial-redos.js:100:2:100:8 | tainted | provenance | | +| polynomial-redos.js:98:2:98:8 | tainted | polynomial-redos.js:100:2:100:8 | tainted | provenance | | +| polynomial-redos.js:100:2:100:8 | tainted | polynomial-redos.js:101:2:101:8 | tainted | provenance | | +| polynomial-redos.js:100:2:100:8 | tainted | polynomial-redos.js:101:2:101:8 | tainted | provenance | | +| polynomial-redos.js:101:2:101:8 | tainted | polynomial-redos.js:102:2:102:8 | tainted | provenance | | +| polynomial-redos.js:101:2:101:8 | tainted | polynomial-redos.js:102:2:102:8 | tainted | provenance | | +| polynomial-redos.js:102:2:102:8 | tainted | polynomial-redos.js:103:2:103:8 | tainted | provenance | | +| polynomial-redos.js:102:2:102:8 | tainted | polynomial-redos.js:103:2:103:8 | tainted | provenance | | +| polynomial-redos.js:103:2:103:8 | tainted | polynomial-redos.js:104:2:104:8 | tainted | provenance | | +| polynomial-redos.js:103:2:103:8 | tainted | polynomial-redos.js:104:2:104:8 | tainted | provenance | | +| polynomial-redos.js:104:2:104:8 | tainted | polynomial-redos.js:105:2:105:8 | tainted | provenance | | +| polynomial-redos.js:105:2:105:8 | tainted | polynomial-redos.js:107:2:107:8 | tainted | provenance | | +| polynomial-redos.js:105:2:105:8 | tainted | polynomial-redos.js:107:2:107:8 | tainted | provenance | | +| polynomial-redos.js:107:2:107:8 | tainted | polynomial-redos.js:108:2:108:8 | tainted | provenance | | +| polynomial-redos.js:107:2:107:8 | tainted | polynomial-redos.js:108:2:108:8 | tainted | provenance | | +| polynomial-redos.js:108:2:108:8 | tainted | polynomial-redos.js:109:2:109:8 | tainted | provenance | | +| polynomial-redos.js:108:2:108:8 | tainted | polynomial-redos.js:109:2:109:8 | tainted | provenance | | +| polynomial-redos.js:109:2:109:8 | tainted | polynomial-redos.js:111:2:111:8 | tainted | provenance | | +| polynomial-redos.js:109:2:109:8 | tainted | polynomial-redos.js:111:2:111:8 | tainted | provenance | | +| polynomial-redos.js:111:2:111:8 | tainted | polynomial-redos.js:112:2:112:8 | tainted | provenance | | +| polynomial-redos.js:111:2:111:8 | tainted | polynomial-redos.js:112:2:112:8 | tainted | provenance | | +| polynomial-redos.js:112:2:112:8 | tainted | polynomial-redos.js:114:2:114:8 | tainted | provenance | | +| polynomial-redos.js:112:2:112:8 | tainted | polynomial-redos.js:114:2:114:8 | tainted | provenance | | +| polynomial-redos.js:114:2:114:8 | tainted | polynomial-redos.js:116:2:116:8 | tainted | provenance | | +| polynomial-redos.js:114:2:114:8 | tainted | polynomial-redos.js:116:2:116:8 | tainted | provenance | | +| polynomial-redos.js:116:2:116:8 | tainted | polynomial-redos.js:118:2:118:8 | tainted | provenance | | +| polynomial-redos.js:116:2:116:8 | tainted | polynomial-redos.js:118:2:118:8 | tainted | provenance | | +| polynomial-redos.js:118:2:118:8 | tainted | polynomial-redos.js:120:2:125:3 | (functi ... OK\\n\\t}) [tainted] | provenance | | +| polynomial-redos.js:118:2:118:8 | tainted | polynomial-redos.js:121:18:121:24 | tainted | provenance | | +| polynomial-redos.js:118:2:118:8 | tainted | polynomial-redos.js:127:2:127:8 | tainted | provenance | | +| polynomial-redos.js:120:2:125:3 | (functi ... OK\\n\\t}) [tainted] | polynomial-redos.js:121:18:121:24 | tainted | provenance | | +| polynomial-redos.js:121:7:121:55 | replaced | polynomial-redos.js:123:13:123:20 | replaced | provenance | | +| polynomial-redos.js:121:18:121:24 | tainted | polynomial-redos.js:121:18:121:55 | tainted ... /g, '') | provenance | | +| polynomial-redos.js:121:18:121:55 | tainted ... /g, '') | polynomial-redos.js:121:7:121:55 | replaced | provenance | | +| polynomial-redos.js:123:3:123:20 | result | polynomial-redos.js:124:12:124:17 | result | provenance | | +| polynomial-redos.js:123:13:123:20 | replaced | polynomial-redos.js:123:3:123:20 | result | provenance | | +| polynomial-redos.js:127:2:127:8 | tainted | polynomial-redos.js:129:17:129:23 | tainted | provenance | | +| polynomial-redos.js:129:6:129:42 | modified | polynomial-redos.js:130:2:130:9 | modified | provenance | | +| polynomial-redos.js:129:17:129:23 | tainted | polynomial-redos.js:129:17:129:42 | tainted ... g, "b") | provenance | | +| polynomial-redos.js:129:17:129:23 | tainted | polynomial-redos.js:132:18:132:24 | tainted | provenance | | +| polynomial-redos.js:129:17:129:42 | tainted ... g, "b") | polynomial-redos.js:129:6:129:42 | modified | provenance | | +| polynomial-redos.js:132:6:132:50 | modified2 | polynomial-redos.js:133:2:133:10 | modified2 | provenance | | +| polynomial-redos.js:132:18:132:24 | tainted | polynomial-redos.js:132:18:132:50 | tainted ... g, "e") | provenance | | +| polynomial-redos.js:132:18:132:24 | tainted | polynomial-redos.js:135:21:135:27 | tainted | provenance | | +| polynomial-redos.js:132:18:132:50 | tainted ... g, "e") | polynomial-redos.js:132:6:132:50 | modified2 | provenance | | +| polynomial-redos.js:135:9:135:47 | modified3 | polynomial-redos.js:136:5:136:13 | modified3 | provenance | | +| polynomial-redos.js:135:21:135:27 | tainted | polynomial-redos.js:135:21:135:47 | tainted ... /g, "") | provenance | | +| polynomial-redos.js:135:21:135:27 | tainted | polynomial-redos.js:138:5:138:11 | tainted | provenance | | +| polynomial-redos.js:135:21:135:47 | tainted ... /g, "") | polynomial-redos.js:135:9:135:47 | modified3 | provenance | | +nodes +| lib/closure.js:3:21:3:21 | x | semmle.label | x | +| lib/closure.js:4:16:4:16 | x | semmle.label | x | +| lib/indirect.js:1:32:1:32 | x | semmle.label | x | +| lib/indirect.js:2:16:2:16 | x | semmle.label | x | +| lib/lib.js:3:28:3:31 | name | semmle.label | name | +| lib/lib.js:4:14:4:17 | name | semmle.label | name | +| lib/lib.js:7:19:7:22 | name | semmle.label | name | +| lib/lib.js:8:13:8:16 | name | semmle.label | name | +| lib/lib.js:32:32:32:40 | arguments | semmle.label | arguments | +| lib/lib.js:35:1:37:1 | 'arguments' object of function usedWithArguments | semmle.label | 'arguments' object of function usedWithArguments | +| lib/lib.js:35:28:35:31 | name | semmle.label | name | +| lib/lib.js:36:13:36:16 | name | semmle.label | name | +| lib/lib.js:41:32:41:35 | name | semmle.label | name | +| lib/lib.js:42:17:42:20 | name | semmle.label | name | +| lib/lib.js:44:5:44:25 | name | semmle.label | name | +| lib/lib.js:44:12:44:15 | name | semmle.label | name | +| lib/lib.js:44:12:44:25 | name.substr(1) | semmle.label | name.substr(1) | +| lib/lib.js:45:17:45:20 | name | semmle.label | name | +| lib/lib.js:52:22:52:25 | name | semmle.label | name | +| lib/lib.js:53:16:53:19 | name | semmle.label | name | +| lib/moduleLib/moduleLib.js:1:28:1:31 | name | semmle.label | name | +| lib/moduleLib/moduleLib.js:2:13:2:16 | name | semmle.label | name | +| lib/otherLib/js/src/index.js:1:28:1:31 | name | semmle.label | name | +| lib/otherLib/js/src/index.js:2:13:2:16 | name | semmle.label | name | +| lib/snapdragon.js:3:34:3:38 | input | semmle.label | input | +| lib/snapdragon.js:7:15:7:18 | this | semmle.label | this | +| lib/snapdragon.js:9:12:9:16 | input | semmle.label | input | +| lib/snapdragon.js:12:34:12:38 | input | semmle.label | input | +| lib/snapdragon.js:15:13:15:16 | this | semmle.label | this | +| lib/snapdragon.js:17:20:17:24 | input | semmle.label | input | +| lib/snapdragon.js:20:34:20:38 | input | semmle.label | input | +| lib/snapdragon.js:22:44:22:47 | node | semmle.label | node | +| lib/snapdragon.js:23:5:23:8 | node | semmle.label | node | +| lib/snapdragon.js:23:5:23:12 | node.val | semmle.label | node.val | +| lib/snapdragon.js:25:22:25:26 | input | semmle.label | input | +| lib/subLib4/factory.js:7:27:7:30 | name | semmle.label | name | +| lib/subLib4/factory.js:8:13:8:16 | name | semmle.label | name | +| lib/subLib5/feature.js:1:28:1:31 | name | semmle.label | name | +| lib/subLib5/feature.js:2:13:2:16 | name | semmle.label | name | +| lib/subLib5/main.js:1:28:1:31 | name | semmle.label | name | +| lib/subLib5/main.js:2:13:2:16 | name | semmle.label | name | +| lib/subLib5/subclass.js:4:10:4:13 | name | semmle.label | name | +| lib/subLib5/subclass.js:5:16:5:19 | name | semmle.label | name | +| lib/subLib6/index.js:1:32:1:35 | name | semmle.label | name | +| lib/subLib6/index.js:2:14:2:17 | name | semmle.label | name | +| lib/sublib/factory.js:12:26:12:29 | name | semmle.label | name | +| lib/sublib/factory.js:13:24:13:27 | name | semmle.label | name | +| polynomial-redos.js:5:6:5:32 | tainted | semmle.label | tainted | +| polynomial-redos.js:5:16:5:32 | req.query.tainted | semmle.label | req.query.tainted | +| polynomial-redos.js:7:2:7:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:7:2:7:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:8:2:8:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:8:2:8:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:9:2:9:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:9:2:9:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:10:2:10:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:11:2:11:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:11:2:11:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:12:2:12:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:12:2:12:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:13:2:13:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:14:2:14:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:15:2:15:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:15:2:15:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:16:2:16:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:16:2:16:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:17:23:17:29 | tainted | semmle.label | tainted | +| polynomial-redos.js:17:23:17:29 | tainted | semmle.label | tainted | +| polynomial-redos.js:18:2:18:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:18:2:18:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:19:2:19:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:19:2:19:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:20:2:20:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:20:2:20:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:21:6:21:12 | tainted | semmle.label | tainted | +| polynomial-redos.js:25:2:25:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:25:2:25:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:26:2:26:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:27:77:27:83 | tainted | semmle.label | tainted | +| polynomial-redos.js:28:76:28:82 | tainted | semmle.label | tainted | +| polynomial-redos.js:30:2:30:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:30:2:30:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:31:2:31:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:32:2:32:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:33:2:33:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:33:2:33:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:34:2:34:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:36:2:36:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:36:2:36:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:37:2:37:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:37:2:37:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:38:2:38:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:38:2:38:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:40:2:40:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:40:2:40:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:41:2:41:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:43:2:43:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:43:2:43:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:44:2:44:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:46:2:46:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:47:2:47:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:48:2:48:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:48:2:48:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:50:14:50:20 | tainted | semmle.label | tainted | +| polynomial-redos.js:50:14:50:20 | tainted | semmle.label | tainted | +| polynomial-redos.js:51:26:51:32 | tainted | semmle.label | tainted | +| polynomial-redos.js:51:26:51:32 | tainted | semmle.label | tainted | +| polynomial-redos.js:52:22:52:28 | tainted | semmle.label | tainted | +| polynomial-redos.js:52:22:52:28 | tainted | semmle.label | tainted | +| polynomial-redos.js:53:21:53:27 | tainted | semmle.label | tainted | +| polynomial-redos.js:53:21:53:27 | tainted | semmle.label | tainted | +| polynomial-redos.js:54:22:54:28 | tainted | semmle.label | tainted | +| polynomial-redos.js:54:22:54:28 | tainted | semmle.label | tainted | +| polynomial-redos.js:55:23:55:29 | tainted | semmle.label | tainted | +| polynomial-redos.js:55:23:55:29 | tainted | semmle.label | tainted | +| polynomial-redos.js:56:22:56:28 | tainted | semmle.label | tainted | +| polynomial-redos.js:56:22:56:28 | tainted | semmle.label | tainted | +| polynomial-redos.js:57:25:57:31 | tainted | semmle.label | tainted | +| polynomial-redos.js:57:25:57:31 | tainted | semmle.label | tainted | +| polynomial-redos.js:58:21:58:27 | tainted | semmle.label | tainted | +| polynomial-redos.js:58:21:58:27 | tainted | semmle.label | tainted | +| polynomial-redos.js:59:23:59:29 | tainted | semmle.label | tainted | +| polynomial-redos.js:59:23:59:29 | tainted | semmle.label | tainted | +| polynomial-redos.js:60:17:60:23 | tainted | semmle.label | tainted | +| polynomial-redos.js:61:18:61:24 | tainted | semmle.label | tainted | +| polynomial-redos.js:62:17:62:23 | tainted | semmle.label | tainted | +| polynomial-redos.js:62:17:62:23 | tainted | semmle.label | tainted | +| polynomial-redos.js:63:21:63:27 | tainted | semmle.label | tainted | +| polynomial-redos.js:63:21:63:27 | tainted | semmle.label | tainted | +| polynomial-redos.js:64:24:64:30 | tainted | semmle.label | tainted | +| polynomial-redos.js:64:24:64:30 | tainted | semmle.label | tainted | +| polynomial-redos.js:65:24:65:30 | tainted | semmle.label | tainted | +| polynomial-redos.js:65:24:65:30 | tainted | semmle.label | tainted | +| polynomial-redos.js:66:19:66:25 | tainted | semmle.label | tainted | +| polynomial-redos.js:66:19:66:25 | tainted | semmle.label | tainted | +| polynomial-redos.js:67:18:67:24 | tainted | semmle.label | tainted | +| polynomial-redos.js:67:18:67:24 | tainted | semmle.label | tainted | +| polynomial-redos.js:68:18:68:24 | req.url | semmle.label | req.url | +| polynomial-redos.js:69:18:69:25 | req.body | semmle.label | req.body | +| polynomial-redos.js:71:2:71:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:71:2:71:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:73:2:73:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:73:2:73:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:75:2:75:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:75:2:75:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:77:2:77:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:77:2:77:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:80:2:80:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:80:2:80:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:81:2:81:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:81:2:81:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:82:2:82:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:83:2:83:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:84:2:84:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:86:2:86:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:86:2:86:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:88:2:88:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:88:2:88:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:89:2:89:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:89:2:89:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:90:2:90:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:90:2:90:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:91:2:91:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:92:2:92:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:94:2:94:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:94:2:94:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:95:2:95:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:95:2:95:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:96:2:96:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:96:2:96:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:98:2:98:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:98:2:98:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:100:2:100:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:100:2:100:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:101:2:101:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:101:2:101:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:102:2:102:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:102:2:102:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:103:2:103:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:103:2:103:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:104:2:104:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:104:2:104:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:105:2:105:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:107:2:107:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:107:2:107:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:108:2:108:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:108:2:108:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:109:2:109:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:109:2:109:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:111:2:111:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:111:2:111:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:112:2:112:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:112:2:112:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:114:2:114:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:114:2:114:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:116:2:116:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:116:2:116:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:118:2:118:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:118:2:118:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:120:2:125:3 | (functi ... OK\\n\\t}) [tainted] | semmle.label | (functi ... OK\\n\\t}) [tainted] | +| polynomial-redos.js:121:7:121:55 | replaced | semmle.label | replaced | +| polynomial-redos.js:121:18:121:24 | tainted | semmle.label | tainted | +| polynomial-redos.js:121:18:121:55 | tainted ... /g, '') | semmle.label | tainted ... /g, '') | +| polynomial-redos.js:123:3:123:20 | result | semmle.label | result | +| polynomial-redos.js:123:13:123:20 | replaced | semmle.label | replaced | +| polynomial-redos.js:124:12:124:17 | result | semmle.label | result | +| polynomial-redos.js:127:2:127:8 | tainted | semmle.label | tainted | +| polynomial-redos.js:129:6:129:42 | modified | semmle.label | modified | +| polynomial-redos.js:129:17:129:23 | tainted | semmle.label | tainted | +| polynomial-redos.js:129:17:129:42 | tainted ... g, "b") | semmle.label | tainted ... g, "b") | +| polynomial-redos.js:130:2:130:9 | modified | semmle.label | modified | +| polynomial-redos.js:132:6:132:50 | modified2 | semmle.label | modified2 | +| polynomial-redos.js:132:18:132:24 | tainted | semmle.label | tainted | +| polynomial-redos.js:132:18:132:50 | tainted ... g, "e") | semmle.label | tainted ... g, "e") | +| polynomial-redos.js:133:2:133:10 | modified2 | semmle.label | modified2 | +| polynomial-redos.js:135:9:135:47 | modified3 | semmle.label | modified3 | +| polynomial-redos.js:135:21:135:27 | tainted | semmle.label | tainted | +| polynomial-redos.js:135:21:135:47 | tainted ... /g, "") | semmle.label | tainted ... /g, "") | +| polynomial-redos.js:136:5:136:13 | modified3 | semmle.label | modified3 | +| polynomial-redos.js:138:5:138:11 | tainted | semmle.label | tainted | +subpaths #select | lib/closure.js:4:5:4:17 | /u*o/.test(x) | lib/closure.js:3:21:3:21 | x | lib/closure.js:4:16:4:16 | x | This $@ that depends on $@ may run slow on strings with many repetitions of 'u'. | lib/closure.js:4:6:4:7 | u* | regular expression | lib/closure.js:3:21:3:21 | x | library input | | lib/indirect.js:2:5:2:17 | /k*h/.test(x) | lib/indirect.js:1:32:1:32 | x | lib/indirect.js:2:16:2:16 | x | This $@ that depends on $@ may run slow on strings with many repetitions of 'k'. | lib/indirect.js:2:6:2:7 | k* | regular expression | lib/indirect.js:1:32:1:32 | x | library input | diff --git a/javascript/ql/test/query-tests/Security/CWE-400/RemovePropertyInjection/RemotePropertyInjection.expected b/javascript/ql/test/query-tests/Security/CWE-400/RemovePropertyInjection/RemotePropertyInjection.expected index 7907cc417260..2f21ec2ca3d2 100644 --- a/javascript/ql/test/query-tests/Security/CWE-400/RemovePropertyInjection/RemotePropertyInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-400/RemovePropertyInjection/RemotePropertyInjection.expected @@ -1,37 +1,35 @@ -nodes -| tst.js:8:6:8:52 | prop | -| tst.js:8:13:8:52 | myCoolL ... rolled) | -| tst.js:8:28:8:51 | req.que ... trolled | -| tst.js:8:28:8:51 | req.que ... trolled | -| tst.js:9:8:9:11 | prop | -| tst.js:9:8:9:11 | prop | -| tst.js:13:15:13:18 | prop | -| tst.js:13:15:13:18 | prop | -| tst.js:14:31:14:34 | prop | -| tst.js:14:31:14:34 | prop | -| tst.js:16:10:16:13 | prop | -| tst.js:16:10:16:13 | prop | -| tstNonExpr.js:5:7:5:23 | userVal | -| tstNonExpr.js:5:17:5:23 | req.url | -| tstNonExpr.js:5:17:5:23 | req.url | -| tstNonExpr.js:8:17:8:23 | userVal | -| tstNonExpr.js:8:17:8:23 | userVal | edges -| tst.js:8:6:8:52 | prop | tst.js:9:8:9:11 | prop | -| tst.js:8:6:8:52 | prop | tst.js:9:8:9:11 | prop | -| tst.js:8:6:8:52 | prop | tst.js:13:15:13:18 | prop | -| tst.js:8:6:8:52 | prop | tst.js:13:15:13:18 | prop | -| tst.js:8:6:8:52 | prop | tst.js:14:31:14:34 | prop | -| tst.js:8:6:8:52 | prop | tst.js:14:31:14:34 | prop | -| tst.js:8:6:8:52 | prop | tst.js:16:10:16:13 | prop | -| tst.js:8:6:8:52 | prop | tst.js:16:10:16:13 | prop | -| tst.js:8:13:8:52 | myCoolL ... rolled) | tst.js:8:6:8:52 | prop | -| tst.js:8:28:8:51 | req.que ... trolled | tst.js:8:13:8:52 | myCoolL ... rolled) | -| tst.js:8:28:8:51 | req.que ... trolled | tst.js:8:13:8:52 | myCoolL ... rolled) | -| tstNonExpr.js:5:7:5:23 | userVal | tstNonExpr.js:8:17:8:23 | userVal | -| tstNonExpr.js:5:7:5:23 | userVal | tstNonExpr.js:8:17:8:23 | userVal | -| tstNonExpr.js:5:17:5:23 | req.url | tstNonExpr.js:5:7:5:23 | userVal | -| tstNonExpr.js:5:17:5:23 | req.url | tstNonExpr.js:5:7:5:23 | userVal | +| tst.js:8:6:8:52 | prop | tst.js:9:8:9:11 | prop | provenance | | +| tst.js:8:6:8:52 | prop | tst.js:13:15:13:18 | prop | provenance | | +| tst.js:8:6:8:52 | prop | tst.js:14:31:14:34 | prop | provenance | | +| tst.js:8:6:8:52 | prop | tst.js:16:10:16:13 | prop | provenance | | +| tst.js:8:13:8:52 | myCoolL ... rolled) | tst.js:8:6:8:52 | prop | provenance | | +| tst.js:8:28:8:51 | req.que ... trolled | tst.js:8:13:8:52 | myCoolL ... rolled) | provenance | | +| tst.js:8:28:8:51 | req.que ... trolled | tst.js:21:25:21:25 | x | provenance | | +| tst.js:21:25:21:25 | x | tst.js:22:15:22:15 | x | provenance | | +| tst.js:22:6:22:15 | result | tst.js:23:9:23:14 | result | provenance | | +| tst.js:22:15:22:15 | x | tst.js:22:6:22:15 | result | provenance | | +| tst.js:23:9:23:14 | result | tst.js:23:9:23:42 | result. ... length) | provenance | | +| tstNonExpr.js:5:7:5:23 | userVal | tstNonExpr.js:8:17:8:23 | userVal | provenance | | +| tstNonExpr.js:5:17:5:23 | req.url | tstNonExpr.js:5:7:5:23 | userVal | provenance | | +nodes +| tst.js:8:6:8:52 | prop | semmle.label | prop | +| tst.js:8:13:8:52 | myCoolL ... rolled) | semmle.label | myCoolL ... rolled) | +| tst.js:8:28:8:51 | req.que ... trolled | semmle.label | req.que ... trolled | +| tst.js:9:8:9:11 | prop | semmle.label | prop | +| tst.js:13:15:13:18 | prop | semmle.label | prop | +| tst.js:14:31:14:34 | prop | semmle.label | prop | +| tst.js:16:10:16:13 | prop | semmle.label | prop | +| tst.js:21:25:21:25 | x | semmle.label | x | +| tst.js:22:6:22:15 | result | semmle.label | result | +| tst.js:22:15:22:15 | x | semmle.label | x | +| tst.js:23:9:23:14 | result | semmle.label | result | +| tst.js:23:9:23:42 | result. ... length) | semmle.label | result. ... length) | +| tstNonExpr.js:5:7:5:23 | userVal | semmle.label | userVal | +| tstNonExpr.js:5:17:5:23 | req.url | semmle.label | req.url | +| tstNonExpr.js:8:17:8:23 | userVal | semmle.label | userVal | +subpaths +| tst.js:8:28:8:51 | req.que ... trolled | tst.js:21:25:21:25 | x | tst.js:23:9:23:42 | result. ... length) | tst.js:8:13:8:52 | myCoolL ... rolled) | #select | tst.js:9:8:9:11 | prop | tst.js:8:28:8:51 | req.que ... trolled | tst.js:9:8:9:11 | prop | A property name to write to depends on a $@. | tst.js:8:28:8:51 | req.que ... trolled | user-provided value | | tst.js:13:15:13:18 | prop | tst.js:8:28:8:51 | req.que ... trolled | tst.js:13:15:13:18 | prop | A property name to write to depends on a $@. | tst.js:8:28:8:51 | req.que ... trolled | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-502/UnsafeDeserialization.expected b/javascript/ql/test/query-tests/Security/CWE-502/UnsafeDeserialization.expected index 7abe0b7f559d..dbd2e399114f 100644 --- a/javascript/ql/test/query-tests/Security/CWE-502/UnsafeDeserialization.expected +++ b/javascript/ql/test/query-tests/Security/CWE-502/UnsafeDeserialization.expected @@ -1,37 +1,14 @@ -nodes -| tst.js:13:22:13:36 | req.params.data | -| tst.js:13:22:13:36 | req.params.data | -| tst.js:13:22:13:36 | req.params.data | -| tst.js:14:25:14:39 | req.params.data | -| tst.js:14:25:14:39 | req.params.data | -| tst.js:14:25:14:39 | req.params.data | -| tst.js:15:26:15:40 | req.params.data | -| tst.js:15:26:15:40 | req.params.data | -| tst.js:15:26:15:40 | req.params.data | -| tst.js:16:29:16:43 | req.params.data | -| tst.js:16:29:16:43 | req.params.data | -| tst.js:16:29:16:43 | req.params.data | -| tst.js:20:22:20:36 | req.params.data | -| tst.js:20:22:20:36 | req.params.data | -| tst.js:20:22:20:36 | req.params.data | -| tst.js:21:22:21:36 | req.params.data | -| tst.js:21:22:21:36 | req.params.data | -| tst.js:21:22:21:36 | req.params.data | -| tst.js:24:22:24:36 | req.params.data | -| tst.js:24:22:24:36 | req.params.data | -| tst.js:24:22:24:36 | req.params.data | -| tst.js:25:22:25:36 | req.params.data | -| tst.js:25:22:25:36 | req.params.data | -| tst.js:25:22:25:36 | req.params.data | edges -| tst.js:13:22:13:36 | req.params.data | tst.js:13:22:13:36 | req.params.data | -| tst.js:14:25:14:39 | req.params.data | tst.js:14:25:14:39 | req.params.data | -| tst.js:15:26:15:40 | req.params.data | tst.js:15:26:15:40 | req.params.data | -| tst.js:16:29:16:43 | req.params.data | tst.js:16:29:16:43 | req.params.data | -| tst.js:20:22:20:36 | req.params.data | tst.js:20:22:20:36 | req.params.data | -| tst.js:21:22:21:36 | req.params.data | tst.js:21:22:21:36 | req.params.data | -| tst.js:24:22:24:36 | req.params.data | tst.js:24:22:24:36 | req.params.data | -| tst.js:25:22:25:36 | req.params.data | tst.js:25:22:25:36 | req.params.data | +nodes +| tst.js:13:22:13:36 | req.params.data | semmle.label | req.params.data | +| tst.js:14:25:14:39 | req.params.data | semmle.label | req.params.data | +| tst.js:15:26:15:40 | req.params.data | semmle.label | req.params.data | +| tst.js:16:29:16:43 | req.params.data | semmle.label | req.params.data | +| tst.js:20:22:20:36 | req.params.data | semmle.label | req.params.data | +| tst.js:21:22:21:36 | req.params.data | semmle.label | req.params.data | +| tst.js:24:22:24:36 | req.params.data | semmle.label | req.params.data | +| tst.js:25:22:25:36 | req.params.data | semmle.label | req.params.data | +subpaths #select | tst.js:13:22:13:36 | req.params.data | tst.js:13:22:13:36 | req.params.data | tst.js:13:22:13:36 | req.params.data | Unsafe deserialization depends on a $@. | tst.js:13:22:13:36 | req.params.data | user-provided value | | tst.js:14:25:14:39 | req.params.data | tst.js:14:25:14:39 | req.params.data | tst.js:14:25:14:39 | req.params.data | Unsafe deserialization depends on a $@. | tst.js:14:25:14:39 | req.params.data | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-506/HardcodedDataInterpretedAsCode.expected b/javascript/ql/test/query-tests/Security/CWE-506/HardcodedDataInterpretedAsCode.expected index 76c630812c5e..bf0f97e28da7 100644 --- a/javascript/ql/test/query-tests/Security/CWE-506/HardcodedDataInterpretedAsCode.expected +++ b/javascript/ql/test/query-tests/Security/CWE-506/HardcodedDataInterpretedAsCode.expected @@ -1,45 +1,46 @@ nodes -| event-stream-orig.js:96:15:96:41 | e("2e2f ... 17461") | -| event-stream-orig.js:96:15:96:41 | e("2e2f ... 17461") | -| event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" | -| event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" | -| event-stream.js:9:11:9:37 | e("2e2f ... 17461") | -| event-stream.js:9:11:9:37 | e("2e2f ... 17461") | -| event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | -| event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | -| tst.js:1:5:1:88 | totallyHarmlessString | -| tst.js:1:29:1:88 | '636f6e ... 6e2729' | -| tst.js:1:29:1:88 | '636f6e ... 6e2729' | -| tst.js:2:6:2:46 | Buffer. ... 'hex') | -| tst.js:2:6:2:57 | Buffer. ... tring() | -| tst.js:2:6:2:57 | Buffer. ... tring() | -| tst.js:2:18:2:38 | totally ... sString | -| tst.js:5:5:5:23 | test | -| tst.js:5:12:5:23 | "0123456789" | -| tst.js:5:12:5:23 | "0123456789" | -| tst.js:7:8:7:11 | test | -| tst.js:7:8:7:15 | test+"n" | -| tst.js:7:8:7:15 | test+"n" | +| event-stream-orig.js:93:16:93:16 | r | semmle.label | r | +| event-stream-orig.js:94:14:94:34 | Buffer. ... "hex") | semmle.label | Buffer. ... "hex") | +| event-stream-orig.js:94:14:94:45 | Buffer. ... tring() | semmle.label | Buffer. ... tring() | +| event-stream-orig.js:94:26:94:26 | r | semmle.label | r | +| event-stream-orig.js:96:15:96:41 | e("2e2f ... 17461") | semmle.label | e("2e2f ... 17461") | +| event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" | semmle.label | "2e2f74 ... 617461" | +| event-stream.js:5:12:5:12 | r | semmle.label | r | +| event-stream.js:6:10:6:30 | Buffer. ... "hex") | semmle.label | Buffer. ... "hex") | +| event-stream.js:6:10:6:41 | Buffer. ... tring() | semmle.label | Buffer. ... tring() | +| event-stream.js:6:22:6:22 | r | semmle.label | r | +| event-stream.js:9:11:9:37 | e("2e2f ... 17461") | semmle.label | e("2e2f ... 17461") | +| event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | semmle.label | "2e2f74 ... 617461" | +| tst.js:1:5:1:88 | totallyHarmlessString | semmle.label | totallyHarmlessString | +| tst.js:1:29:1:88 | '636f6e ... 6e2729' | semmle.label | '636f6e ... 6e2729' | +| tst.js:2:6:2:46 | Buffer. ... 'hex') | semmle.label | Buffer. ... 'hex') | +| tst.js:2:6:2:57 | Buffer. ... tring() | semmle.label | Buffer. ... tring() | +| tst.js:2:18:2:38 | totally ... sString | semmle.label | totally ... sString | +| tst.js:5:5:5:23 | test | semmle.label | test | +| tst.js:5:12:5:23 | "0123456789" | semmle.label | "0123456789" | +| tst.js:7:8:7:11 | test | semmle.label | test | +| tst.js:7:8:7:15 | test+"n" | semmle.label | test+"n" | edges -| event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" | event-stream-orig.js:96:15:96:41 | e("2e2f ... 17461") | -| event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" | event-stream-orig.js:96:15:96:41 | e("2e2f ... 17461") | -| event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" | event-stream-orig.js:96:15:96:41 | e("2e2f ... 17461") | -| event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" | event-stream-orig.js:96:15:96:41 | e("2e2f ... 17461") | -| event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | event-stream.js:9:11:9:37 | e("2e2f ... 17461") | -| event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | event-stream.js:9:11:9:37 | e("2e2f ... 17461") | -| event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | event-stream.js:9:11:9:37 | e("2e2f ... 17461") | -| event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | event-stream.js:9:11:9:37 | e("2e2f ... 17461") | -| tst.js:1:5:1:88 | totallyHarmlessString | tst.js:2:18:2:38 | totally ... sString | -| tst.js:1:29:1:88 | '636f6e ... 6e2729' | tst.js:1:5:1:88 | totallyHarmlessString | -| tst.js:1:29:1:88 | '636f6e ... 6e2729' | tst.js:1:5:1:88 | totallyHarmlessString | -| tst.js:2:6:2:46 | Buffer. ... 'hex') | tst.js:2:6:2:57 | Buffer. ... tring() | -| tst.js:2:6:2:46 | Buffer. ... 'hex') | tst.js:2:6:2:57 | Buffer. ... tring() | -| tst.js:2:18:2:38 | totally ... sString | tst.js:2:6:2:46 | Buffer. ... 'hex') | -| tst.js:5:5:5:23 | test | tst.js:7:8:7:11 | test | -| tst.js:5:12:5:23 | "0123456789" | tst.js:5:5:5:23 | test | -| tst.js:5:12:5:23 | "0123456789" | tst.js:5:5:5:23 | test | -| tst.js:7:8:7:11 | test | tst.js:7:8:7:15 | test+"n" | -| tst.js:7:8:7:11 | test | tst.js:7:8:7:15 | test+"n" | +| event-stream-orig.js:93:16:93:16 | r | event-stream-orig.js:94:26:94:26 | r | provenance | | +| event-stream-orig.js:94:14:94:34 | Buffer. ... "hex") | event-stream-orig.js:94:14:94:45 | Buffer. ... tring() | provenance | Config | +| event-stream-orig.js:94:26:94:26 | r | event-stream-orig.js:94:14:94:34 | Buffer. ... "hex") | provenance | Config | +| event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" | event-stream-orig.js:93:16:93:16 | r | provenance | | +| event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" | event-stream-orig.js:96:15:96:41 | e("2e2f ... 17461") | provenance | Config | +| event-stream.js:5:12:5:12 | r | event-stream.js:6:22:6:22 | r | provenance | | +| event-stream.js:6:10:6:30 | Buffer. ... "hex") | event-stream.js:6:10:6:41 | Buffer. ... tring() | provenance | Config | +| event-stream.js:6:22:6:22 | r | event-stream.js:6:10:6:30 | Buffer. ... "hex") | provenance | Config | +| event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | event-stream.js:5:12:5:12 | r | provenance | | +| event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | event-stream.js:9:11:9:37 | e("2e2f ... 17461") | provenance | Config | +| tst.js:1:5:1:88 | totallyHarmlessString | tst.js:2:18:2:38 | totally ... sString | provenance | | +| tst.js:1:29:1:88 | '636f6e ... 6e2729' | tst.js:1:5:1:88 | totallyHarmlessString | provenance | | +| tst.js:2:6:2:46 | Buffer. ... 'hex') | tst.js:2:6:2:57 | Buffer. ... tring() | provenance | Config | +| tst.js:2:18:2:38 | totally ... sString | tst.js:2:6:2:46 | Buffer. ... 'hex') | provenance | Config | +| tst.js:5:5:5:23 | test | tst.js:7:8:7:11 | test | provenance | | +| tst.js:5:12:5:23 | "0123456789" | tst.js:5:5:5:23 | test | provenance | | +| tst.js:7:8:7:11 | test | tst.js:7:8:7:15 | test+"n" | provenance | Config | +subpaths +| event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" | event-stream-orig.js:93:16:93:16 | r | event-stream-orig.js:94:14:94:45 | Buffer. ... tring() | event-stream-orig.js:96:15:96:41 | e("2e2f ... 17461") | +| event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | event-stream.js:5:12:5:12 | r | event-stream.js:6:10:6:41 | Buffer. ... tring() | event-stream.js:9:11:9:37 | e("2e2f ... 17461") | #select | event-stream-orig.js:96:15:96:41 | e("2e2f ... 17461") | event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" | event-stream-orig.js:96:15:96:41 | e("2e2f ... 17461") | $@ is interpreted as An import path. | event-stream-orig.js:96:17:96:40 | "2e2f74 ... 617461" | Hard-coded data | | event-stream.js:9:11:9:37 | e("2e2f ... 17461") | event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | event-stream.js:9:11:9:37 | e("2e2f ... 17461") | $@ is interpreted as An import path. | event-stream.js:9:13:9:36 | "2e2f74 ... 617461" | Hard-coded data | diff --git a/javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/ClientSideUrlRedirect.expected b/javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/ClientSideUrlRedirect.expected index 20114c9aa539..c245c3e3a107 100644 --- a/javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/ClientSideUrlRedirect.expected +++ b/javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/ClientSideUrlRedirect.expected @@ -1,435 +1,210 @@ nodes -| electron.js:4:12:4:22 | window.name | -| electron.js:4:12:4:22 | window.name | -| electron.js:7:20:7:29 | getTaint() | -| electron.js:7:20:7:29 | getTaint() | -| react.js:10:60:10:81 | documen ... on.hash | -| react.js:10:60:10:81 | documen ... on.hash | -| react.js:10:60:10:81 | documen ... on.hash | -| react.js:21:24:21:45 | documen ... on.hash | -| react.js:21:24:21:45 | documen ... on.hash | -| react.js:21:24:21:45 | documen ... on.hash | -| react.js:28:43:28:64 | documen ... on.hash | -| react.js:28:43:28:64 | documen ... on.hash | -| react.js:28:43:28:74 | documen ... bstr(1) | -| react.js:28:43:28:74 | documen ... bstr(1) | -| react.js:34:43:34:64 | documen ... on.hash | -| react.js:34:43:34:64 | documen ... on.hash | -| react.js:34:43:34:74 | documen ... bstr(1) | -| react.js:34:43:34:74 | documen ... bstr(1) | -| react.js:40:19:40:40 | documen ... on.hash | -| react.js:40:19:40:40 | documen ... on.hash | -| react.js:40:19:40:50 | documen ... bstr(1) | -| react.js:40:19:40:50 | documen ... bstr(1) | -| sanitizer.js:2:9:2:25 | url | -| sanitizer.js:2:15:2:25 | window.name | -| sanitizer.js:2:15:2:25 | window.name | -| sanitizer.js:4:27:4:29 | url | -| sanitizer.js:4:27:4:29 | url | -| sanitizer.js:16:27:16:29 | url | -| sanitizer.js:16:27:16:29 | url | -| sanitizer.js:19:27:19:29 | url | -| sanitizer.js:19:27:19:29 | url | -| sanitizer.js:22:27:22:29 | url | -| sanitizer.js:22:27:22:29 | url | -| sanitizer.js:25:27:25:29 | url | -| sanitizer.js:25:27:25:29 | url | -| sanitizer.js:28:27:28:29 | url | -| sanitizer.js:28:27:28:29 | url | -| sanitizer.js:31:27:31:29 | url | -| sanitizer.js:31:27:31:29 | url | -| sanitizer.js:37:27:37:29 | url | -| sanitizer.js:37:27:37:29 | url | -| tst2.js:2:7:2:33 | href | -| tst2.js:2:14:2:28 | window.location | -| tst2.js:2:14:2:28 | window.location | -| tst2.js:2:14:2:33 | window.location.href | -| tst2.js:2:14:2:33 | window.location.href | -| tst2.js:4:21:4:24 | href | -| tst2.js:4:21:4:55 | href.su ... '?')+1) | -| tst2.js:4:21:4:55 | href.su ... '?')+1) | -| tst6.js:2:7:2:45 | redirect | -| tst6.js:2:18:2:45 | $locati ... irect') | -| tst6.js:2:18:2:45 | $locati ... irect') | -| tst6.js:4:21:4:28 | redirect | -| tst6.js:4:21:4:28 | redirect | -| tst6.js:6:17:6:24 | redirect | -| tst6.js:6:17:6:24 | redirect | -| tst6.js:8:21:8:48 | $locati ... irect') | -| tst6.js:8:21:8:48 | $locati ... irect') | -| tst6.js:8:21:8:56 | $locati ... + "foo" | -| tst6.js:8:21:8:56 | $locati ... + "foo" | -| tst7.js:2:12:2:35 | documen ... .search | -| tst7.js:2:12:2:35 | documen ... .search | -| tst7.js:2:12:2:35 | documen ... .search | -| tst7.js:5:27:5:50 | documen ... .search | -| tst7.js:5:27:5:50 | documen ... .search | -| tst7.js:5:27:5:50 | documen ... .search | -| tst9.js:2:21:2:42 | documen ... on.hash | -| tst9.js:2:21:2:42 | documen ... on.hash | -| tst9.js:2:21:2:55 | documen ... ring(1) | -| tst9.js:2:21:2:55 | documen ... ring(1) | -| tst10.js:5:17:5:46 | '/' + d ... .search | -| tst10.js:5:17:5:46 | '/' + d ... .search | -| tst10.js:5:23:5:46 | documen ... .search | -| tst10.js:5:23:5:46 | documen ... .search | -| tst10.js:8:17:8:47 | '//' + ... .search | -| tst10.js:8:17:8:47 | '//' + ... .search | -| tst10.js:8:24:8:47 | documen ... .search | -| tst10.js:8:24:8:47 | documen ... .search | -| tst10.js:11:17:11:50 | '//foo' ... .search | -| tst10.js:11:17:11:50 | '//foo' ... .search | -| tst10.js:11:27:11:50 | documen ... .search | -| tst10.js:11:27:11:50 | documen ... .search | -| tst10.js:14:17:14:56 | 'https: ... .search | -| tst10.js:14:17:14:56 | 'https: ... .search | -| tst10.js:14:33:14:56 | documen ... .search | -| tst10.js:14:33:14:56 | documen ... .search | -| tst12.js:3:9:3:50 | urlParts | -| tst12.js:3:20:3:39 | window.location.hash | -| tst12.js:3:20:3:39 | window.location.hash | -| tst12.js:3:20:3:50 | window. ... it('?') | -| tst12.js:4:9:4:45 | loc | -| tst12.js:4:15:4:22 | urlParts | -| tst12.js:4:15:4:25 | urlParts[0] | -| tst12.js:4:15:4:45 | urlPart ... s.value | -| tst12.js:5:23:5:25 | loc | -| tst12.js:5:23:5:25 | loc | -| tst13.js:2:9:2:52 | payload | -| tst13.js:2:19:2:42 | documen ... .search | -| tst13.js:2:19:2:42 | documen ... .search | -| tst13.js:2:19:2:52 | documen ... bstr(1) | -| tst13.js:4:15:4:21 | payload | -| tst13.js:4:15:4:21 | payload | -| tst13.js:8:21:8:27 | payload | -| tst13.js:8:21:8:27 | payload | -| tst13.js:12:14:12:20 | payload | -| tst13.js:12:14:12:20 | payload | -| tst13.js:16:17:16:23 | payload | -| tst13.js:16:17:16:23 | payload | -| tst13.js:20:14:20:20 | payload | -| tst13.js:20:14:20:20 | payload | -| tst13.js:24:14:24:20 | payload | -| tst13.js:24:14:24:20 | payload | -| tst13.js:28:21:28:27 | payload | -| tst13.js:28:21:28:27 | payload | -| tst13.js:32:17:32:23 | payload | -| tst13.js:32:17:32:23 | payload | -| tst13.js:36:21:36:27 | payload | -| tst13.js:36:21:36:27 | payload | -| tst13.js:40:15:40:21 | payload | -| tst13.js:40:15:40:21 | payload | -| tst13.js:44:14:44:20 | payload | -| tst13.js:44:14:44:20 | payload | -| tst13.js:49:32:49:32 | e | -| tst13.js:49:32:49:32 | e | -| tst13.js:50:23:50:23 | e | -| tst13.js:50:23:50:23 | e | -| tst13.js:52:34:52:34 | e | -| tst13.js:52:34:52:34 | e | -| tst13.js:53:28:53:28 | e | -| tst13.js:53:28:53:28 | e | -| tst13.js:59:9:59:52 | payload | -| tst13.js:59:19:59:42 | documen ... .search | -| tst13.js:59:19:59:42 | documen ... .search | -| tst13.js:59:19:59:52 | documen ... bstr(1) | -| tst13.js:61:18:61:24 | payload | -| tst13.js:61:18:61:24 | payload | -| tst13.js:65:9:65:49 | payload | -| tst13.js:65:19:65:39 | history ... on.hash | -| tst13.js:65:19:65:39 | history ... on.hash | -| tst13.js:65:19:65:49 | history ... bstr(1) | -| tst13.js:67:21:67:27 | payload | -| tst13.js:67:21:67:27 | payload | -| tst13.js:72:9:72:49 | payload | -| tst13.js:72:19:72:39 | history ... on.hash | -| tst13.js:72:19:72:39 | history ... on.hash | -| tst13.js:72:19:72:49 | history ... bstr(1) | -| tst13.js:74:21:74:27 | payload | -| tst13.js:74:21:74:27 | payload | -| tst13.js:78:9:78:48 | url | -| tst13.js:78:15:78:38 | documen ... .search | -| tst13.js:78:15:78:38 | documen ... .search | -| tst13.js:78:15:78:48 | documen ... bstr(1) | -| tst13.js:80:21:80:23 | url | -| tst13.js:80:21:80:23 | url | -| tst13.js:81:28:81:30 | url | -| tst13.js:81:28:81:30 | url | -| tst13.js:82:27:82:29 | url | -| tst13.js:82:27:82:29 | url | -| tst13.js:83:22:83:24 | url | -| tst13.js:83:22:83:24 | url | -| tst.js:2:19:2:69 | /.*redi ... n.href) | -| tst.js:2:19:2:72 | /.*redi ... ref)[1] | -| tst.js:2:19:2:72 | /.*redi ... ref)[1] | -| tst.js:2:47:2:63 | document.location | -| tst.js:2:47:2:63 | document.location | -| tst.js:2:47:2:68 | documen ... on.href | -| tst.js:2:47:2:68 | documen ... on.href | -| tst.js:6:20:6:56 | indirec ... n.href) | -| tst.js:6:20:6:59 | indirec ... ref)[1] | -| tst.js:6:20:6:59 | indirec ... ref)[1] | -| tst.js:6:34:6:50 | document.location | -| tst.js:6:34:6:50 | document.location | -| tst.js:6:34:6:55 | documen ... on.href | -| tst.js:6:34:6:55 | documen ... on.href | -| tst.js:10:19:10:81 | new Reg ... n.href) | -| tst.js:10:19:10:84 | new Reg ... ref)[1] | -| tst.js:10:19:10:84 | new Reg ... ref)[1] | -| tst.js:10:59:10:75 | document.location | -| tst.js:10:59:10:75 | document.location | -| tst.js:10:59:10:80 | documen ... on.href | -| tst.js:10:59:10:80 | documen ... on.href | -| tst.js:14:20:14:56 | indirec ... n.href) | -| tst.js:14:20:14:59 | indirec ... ref)[1] | -| tst.js:14:20:14:59 | indirec ... ref)[1] | -| tst.js:14:34:14:50 | document.location | -| tst.js:14:34:14:50 | document.location | -| tst.js:14:34:14:55 | documen ... on.href | -| tst.js:14:34:14:55 | documen ... on.href | -| tst.js:18:19:18:81 | new Reg ... n.href) | -| tst.js:18:19:18:84 | new Reg ... ref)[1] | -| tst.js:18:19:18:84 | new Reg ... ref)[1] | -| tst.js:18:59:18:75 | document.location | -| tst.js:18:59:18:75 | document.location | -| tst.js:18:59:18:80 | documen ... on.href | -| tst.js:18:59:18:80 | documen ... on.href | -| tst.js:22:20:22:56 | indirec ... n.href) | -| tst.js:22:20:22:59 | indirec ... ref)[1] | -| tst.js:22:20:22:59 | indirec ... ref)[1] | -| tst.js:22:34:22:50 | document.location | -| tst.js:22:34:22:50 | document.location | -| tst.js:22:34:22:55 | documen ... on.href | -| tst.js:22:34:22:55 | documen ... on.href | -| tst.js:26:22:26:79 | new Reg ... n.href) | -| tst.js:26:22:26:82 | new Reg ... ref)[1] | -| tst.js:26:22:26:82 | new Reg ... ref)[1] | -| tst.js:26:62:26:78 | win.location.href | -| tst.js:26:62:26:78 | win.location.href | -| typed.ts:4:13:4:36 | params | -| typed.ts:4:22:4:36 | location.search | -| typed.ts:4:22:4:36 | location.search | -| typed.ts:5:25:5:30 | params | -| typed.ts:7:24:7:34 | redirectUri | -| typed.ts:8:33:8:43 | redirectUri | -| typed.ts:8:33:8:43 | redirectUri | -| typed.ts:25:25:25:34 | loc.search | -| typed.ts:25:25:25:34 | loc.search | -| typed.ts:28:24:28:34 | redirectUri | -| typed.ts:29:33:29:43 | redirectUri | -| typed.ts:29:33:29:43 | redirectUri | -| typed.ts:47:25:47:34 | loc.search | -| typed.ts:47:25:47:34 | loc.search | -| typed.ts:48:26:48:36 | loc2.search | -| typed.ts:48:26:48:36 | loc2.search | -| typed.ts:51:24:51:34 | redirectUri | -| typed.ts:52:33:52:43 | redirectUri | -| typed.ts:52:33:52:43 | redirectUri | -| typed.ts:55:25:55:35 | redirectUri | -| typed.ts:56:33:56:43 | redirectUri | -| typed.ts:56:33:56:43 | redirectUri | +| electron.js:4:12:4:22 | window.name | semmle.label | window.name | +| electron.js:7:20:7:29 | getTaint() | semmle.label | getTaint() | +| react.js:10:60:10:81 | documen ... on.hash | semmle.label | documen ... on.hash | +| react.js:21:24:21:45 | documen ... on.hash | semmle.label | documen ... on.hash | +| react.js:28:43:28:64 | documen ... on.hash | semmle.label | documen ... on.hash | +| react.js:28:43:28:74 | documen ... bstr(1) | semmle.label | documen ... bstr(1) | +| react.js:34:43:34:64 | documen ... on.hash | semmle.label | documen ... on.hash | +| react.js:34:43:34:74 | documen ... bstr(1) | semmle.label | documen ... bstr(1) | +| react.js:40:19:40:40 | documen ... on.hash | semmle.label | documen ... on.hash | +| react.js:40:19:40:50 | documen ... bstr(1) | semmle.label | documen ... bstr(1) | +| sanitizer.js:2:9:2:25 | url | semmle.label | url | +| sanitizer.js:2:15:2:25 | window.name | semmle.label | window.name | +| sanitizer.js:4:27:4:29 | url | semmle.label | url | +| sanitizer.js:16:27:16:29 | url | semmle.label | url | +| sanitizer.js:19:27:19:29 | url | semmle.label | url | +| sanitizer.js:22:27:22:29 | url | semmle.label | url | +| sanitizer.js:25:27:25:29 | url | semmle.label | url | +| sanitizer.js:28:27:28:29 | url | semmle.label | url | +| sanitizer.js:31:27:31:29 | url | semmle.label | url | +| sanitizer.js:37:27:37:29 | url | semmle.label | url | +| tst2.js:2:7:2:33 | href | semmle.label | href | +| tst2.js:2:14:2:33 | window.location.href | semmle.label | window.location.href | +| tst2.js:4:21:4:24 | href | semmle.label | href | +| tst2.js:4:21:4:55 | href.su ... '?')+1) | semmle.label | href.su ... '?')+1) | +| tst6.js:2:7:2:45 | redirect | semmle.label | redirect | +| tst6.js:2:18:2:45 | $locati ... irect') | semmle.label | $locati ... irect') | +| tst6.js:4:21:4:28 | redirect | semmle.label | redirect | +| tst6.js:6:17:6:24 | redirect | semmle.label | redirect | +| tst6.js:8:21:8:48 | $locati ... irect') | semmle.label | $locati ... irect') | +| tst6.js:8:21:8:56 | $locati ... + "foo" | semmle.label | $locati ... + "foo" | +| tst7.js:2:12:2:35 | documen ... .search | semmle.label | documen ... .search | +| tst7.js:5:27:5:50 | documen ... .search | semmle.label | documen ... .search | +| tst9.js:2:21:2:42 | documen ... on.hash | semmle.label | documen ... on.hash | +| tst9.js:2:21:2:55 | documen ... ring(1) | semmle.label | documen ... ring(1) | +| tst10.js:5:17:5:46 | '/' + d ... .search | semmle.label | '/' + d ... .search | +| tst10.js:5:23:5:46 | documen ... .search | semmle.label | documen ... .search | +| tst10.js:8:17:8:47 | '//' + ... .search | semmle.label | '//' + ... .search | +| tst10.js:8:24:8:47 | documen ... .search | semmle.label | documen ... .search | +| tst10.js:11:17:11:50 | '//foo' ... .search | semmle.label | '//foo' ... .search | +| tst10.js:11:27:11:50 | documen ... .search | semmle.label | documen ... .search | +| tst10.js:14:17:14:56 | 'https: ... .search | semmle.label | 'https: ... .search | +| tst10.js:14:33:14:56 | documen ... .search | semmle.label | documen ... .search | +| tst12.js:3:9:3:50 | urlParts | semmle.label | urlParts | +| tst12.js:3:20:3:39 | window.location.hash | semmle.label | window.location.hash | +| tst12.js:3:20:3:50 | window. ... it('?') | semmle.label | window. ... it('?') | +| tst12.js:4:9:4:45 | loc | semmle.label | loc | +| tst12.js:4:15:4:22 | urlParts | semmle.label | urlParts | +| tst12.js:5:23:5:25 | loc | semmle.label | loc | +| tst13.js:2:9:2:52 | payload | semmle.label | payload | +| tst13.js:2:19:2:42 | documen ... .search | semmle.label | documen ... .search | +| tst13.js:2:19:2:52 | documen ... bstr(1) | semmle.label | documen ... bstr(1) | +| tst13.js:4:15:4:21 | payload | semmle.label | payload | +| tst13.js:8:21:8:27 | payload | semmle.label | payload | +| tst13.js:12:14:12:20 | payload | semmle.label | payload | +| tst13.js:16:17:16:23 | payload | semmle.label | payload | +| tst13.js:20:14:20:20 | payload | semmle.label | payload | +| tst13.js:24:14:24:20 | payload | semmle.label | payload | +| tst13.js:28:21:28:27 | payload | semmle.label | payload | +| tst13.js:32:17:32:23 | payload | semmle.label | payload | +| tst13.js:36:21:36:27 | payload | semmle.label | payload | +| tst13.js:40:15:40:21 | payload | semmle.label | payload | +| tst13.js:44:14:44:20 | payload | semmle.label | payload | +| tst13.js:49:32:49:32 | e | semmle.label | e | +| tst13.js:50:23:50:23 | e | semmle.label | e | +| tst13.js:52:34:52:34 | e | semmle.label | e | +| tst13.js:53:28:53:28 | e | semmle.label | e | +| tst13.js:59:9:59:52 | payload | semmle.label | payload | +| tst13.js:59:19:59:42 | documen ... .search | semmle.label | documen ... .search | +| tst13.js:59:19:59:52 | documen ... bstr(1) | semmle.label | documen ... bstr(1) | +| tst13.js:61:18:61:24 | payload | semmle.label | payload | +| tst13.js:65:9:65:49 | payload | semmle.label | payload | +| tst13.js:65:19:65:39 | history ... on.hash | semmle.label | history ... on.hash | +| tst13.js:65:19:65:49 | history ... bstr(1) | semmle.label | history ... bstr(1) | +| tst13.js:67:21:67:27 | payload | semmle.label | payload | +| tst13.js:72:9:72:49 | payload | semmle.label | payload | +| tst13.js:72:19:72:39 | history ... on.hash | semmle.label | history ... on.hash | +| tst13.js:72:19:72:49 | history ... bstr(1) | semmle.label | history ... bstr(1) | +| tst13.js:74:21:74:27 | payload | semmle.label | payload | +| tst13.js:78:9:78:48 | url | semmle.label | url | +| tst13.js:78:15:78:38 | documen ... .search | semmle.label | documen ... .search | +| tst13.js:78:15:78:48 | documen ... bstr(1) | semmle.label | documen ... bstr(1) | +| tst13.js:80:21:80:23 | url | semmle.label | url | +| tst13.js:81:28:81:30 | url | semmle.label | url | +| tst13.js:82:27:82:29 | url | semmle.label | url | +| tst13.js:83:22:83:24 | url | semmle.label | url | +| tst.js:2:19:2:69 | /.*redi ... n.href) | semmle.label | /.*redi ... n.href) | +| tst.js:2:19:2:72 | /.*redi ... ref)[1] | semmle.label | /.*redi ... ref)[1] | +| tst.js:2:47:2:68 | documen ... on.href | semmle.label | documen ... on.href | +| tst.js:6:20:6:56 | indirec ... n.href) | semmle.label | indirec ... n.href) | +| tst.js:6:20:6:59 | indirec ... ref)[1] | semmle.label | indirec ... ref)[1] | +| tst.js:6:34:6:55 | documen ... on.href | semmle.label | documen ... on.href | +| tst.js:10:19:10:81 | new Reg ... n.href) | semmle.label | new Reg ... n.href) | +| tst.js:10:19:10:84 | new Reg ... ref)[1] | semmle.label | new Reg ... ref)[1] | +| tst.js:10:59:10:80 | documen ... on.href | semmle.label | documen ... on.href | +| tst.js:14:20:14:56 | indirec ... n.href) | semmle.label | indirec ... n.href) | +| tst.js:14:20:14:59 | indirec ... ref)[1] | semmle.label | indirec ... ref)[1] | +| tst.js:14:34:14:55 | documen ... on.href | semmle.label | documen ... on.href | +| tst.js:18:19:18:81 | new Reg ... n.href) | semmle.label | new Reg ... n.href) | +| tst.js:18:19:18:84 | new Reg ... ref)[1] | semmle.label | new Reg ... ref)[1] | +| tst.js:18:59:18:80 | documen ... on.href | semmle.label | documen ... on.href | +| tst.js:22:20:22:56 | indirec ... n.href) | semmle.label | indirec ... n.href) | +| tst.js:22:20:22:59 | indirec ... ref)[1] | semmle.label | indirec ... ref)[1] | +| tst.js:22:34:22:55 | documen ... on.href | semmle.label | documen ... on.href | +| tst.js:26:22:26:79 | new Reg ... n.href) | semmle.label | new Reg ... n.href) | +| tst.js:26:22:26:82 | new Reg ... ref)[1] | semmle.label | new Reg ... ref)[1] | +| tst.js:26:62:26:78 | win.location.href | semmle.label | win.location.href | +| typed.ts:4:13:4:36 | params | semmle.label | params | +| typed.ts:4:22:4:36 | location.search | semmle.label | location.search | +| typed.ts:5:25:5:30 | params | semmle.label | params | +| typed.ts:7:24:7:34 | redirectUri | semmle.label | redirectUri | +| typed.ts:8:33:8:43 | redirectUri | semmle.label | redirectUri | +| typed.ts:25:25:25:34 | loc.search | semmle.label | loc.search | +| typed.ts:28:24:28:34 | redirectUri | semmle.label | redirectUri | +| typed.ts:29:33:29:43 | redirectUri | semmle.label | redirectUri | +| typed.ts:47:25:47:34 | loc.search | semmle.label | loc.search | +| typed.ts:48:26:48:36 | loc2.search | semmle.label | loc2.search | +| typed.ts:51:24:51:34 | redirectUri | semmle.label | redirectUri | +| typed.ts:52:33:52:43 | redirectUri | semmle.label | redirectUri | +| typed.ts:55:25:55:35 | redirectUri | semmle.label | redirectUri | +| typed.ts:56:33:56:43 | redirectUri | semmle.label | redirectUri | edges -| electron.js:4:12:4:22 | window.name | electron.js:7:20:7:29 | getTaint() | -| electron.js:4:12:4:22 | window.name | electron.js:7:20:7:29 | getTaint() | -| electron.js:4:12:4:22 | window.name | electron.js:7:20:7:29 | getTaint() | -| electron.js:4:12:4:22 | window.name | electron.js:7:20:7:29 | getTaint() | -| react.js:10:60:10:81 | documen ... on.hash | react.js:10:60:10:81 | documen ... on.hash | -| react.js:21:24:21:45 | documen ... on.hash | react.js:21:24:21:45 | documen ... on.hash | -| react.js:28:43:28:64 | documen ... on.hash | react.js:28:43:28:74 | documen ... bstr(1) | -| react.js:28:43:28:64 | documen ... on.hash | react.js:28:43:28:74 | documen ... bstr(1) | -| react.js:28:43:28:64 | documen ... on.hash | react.js:28:43:28:74 | documen ... bstr(1) | -| react.js:28:43:28:64 | documen ... on.hash | react.js:28:43:28:74 | documen ... bstr(1) | -| react.js:34:43:34:64 | documen ... on.hash | react.js:34:43:34:74 | documen ... bstr(1) | -| react.js:34:43:34:64 | documen ... on.hash | react.js:34:43:34:74 | documen ... bstr(1) | -| react.js:34:43:34:64 | documen ... on.hash | react.js:34:43:34:74 | documen ... bstr(1) | -| react.js:34:43:34:64 | documen ... on.hash | react.js:34:43:34:74 | documen ... bstr(1) | -| react.js:40:19:40:40 | documen ... on.hash | react.js:40:19:40:50 | documen ... bstr(1) | -| react.js:40:19:40:40 | documen ... on.hash | react.js:40:19:40:50 | documen ... bstr(1) | -| react.js:40:19:40:40 | documen ... on.hash | react.js:40:19:40:50 | documen ... bstr(1) | -| react.js:40:19:40:40 | documen ... on.hash | react.js:40:19:40:50 | documen ... bstr(1) | -| sanitizer.js:2:9:2:25 | url | sanitizer.js:4:27:4:29 | url | -| sanitizer.js:2:9:2:25 | url | sanitizer.js:4:27:4:29 | url | -| sanitizer.js:2:9:2:25 | url | sanitizer.js:16:27:16:29 | url | -| sanitizer.js:2:9:2:25 | url | sanitizer.js:16:27:16:29 | url | -| sanitizer.js:2:9:2:25 | url | sanitizer.js:19:27:19:29 | url | -| sanitizer.js:2:9:2:25 | url | sanitizer.js:19:27:19:29 | url | -| sanitizer.js:2:9:2:25 | url | sanitizer.js:22:27:22:29 | url | -| sanitizer.js:2:9:2:25 | url | sanitizer.js:22:27:22:29 | url | -| sanitizer.js:2:9:2:25 | url | sanitizer.js:25:27:25:29 | url | -| sanitizer.js:2:9:2:25 | url | sanitizer.js:25:27:25:29 | url | -| sanitizer.js:2:9:2:25 | url | sanitizer.js:28:27:28:29 | url | -| sanitizer.js:2:9:2:25 | url | sanitizer.js:28:27:28:29 | url | -| sanitizer.js:2:9:2:25 | url | sanitizer.js:31:27:31:29 | url | -| sanitizer.js:2:9:2:25 | url | sanitizer.js:31:27:31:29 | url | -| sanitizer.js:2:9:2:25 | url | sanitizer.js:37:27:37:29 | url | -| sanitizer.js:2:9:2:25 | url | sanitizer.js:37:27:37:29 | url | -| sanitizer.js:2:15:2:25 | window.name | sanitizer.js:2:9:2:25 | url | -| sanitizer.js:2:15:2:25 | window.name | sanitizer.js:2:9:2:25 | url | -| tst2.js:2:7:2:33 | href | tst2.js:4:21:4:24 | href | -| tst2.js:2:14:2:28 | window.location | tst2.js:2:14:2:33 | window.location.href | -| tst2.js:2:14:2:28 | window.location | tst2.js:2:14:2:33 | window.location.href | -| tst2.js:2:14:2:33 | window.location.href | tst2.js:2:7:2:33 | href | -| tst2.js:2:14:2:33 | window.location.href | tst2.js:2:7:2:33 | href | -| tst2.js:4:21:4:24 | href | tst2.js:4:21:4:55 | href.su ... '?')+1) | -| tst2.js:4:21:4:24 | href | tst2.js:4:21:4:55 | href.su ... '?')+1) | -| tst6.js:2:7:2:45 | redirect | tst6.js:4:21:4:28 | redirect | -| tst6.js:2:7:2:45 | redirect | tst6.js:4:21:4:28 | redirect | -| tst6.js:2:7:2:45 | redirect | tst6.js:6:17:6:24 | redirect | -| tst6.js:2:7:2:45 | redirect | tst6.js:6:17:6:24 | redirect | -| tst6.js:2:18:2:45 | $locati ... irect') | tst6.js:2:7:2:45 | redirect | -| tst6.js:2:18:2:45 | $locati ... irect') | tst6.js:2:7:2:45 | redirect | -| tst6.js:8:21:8:48 | $locati ... irect') | tst6.js:8:21:8:56 | $locati ... + "foo" | -| tst6.js:8:21:8:48 | $locati ... irect') | tst6.js:8:21:8:56 | $locati ... + "foo" | -| tst6.js:8:21:8:48 | $locati ... irect') | tst6.js:8:21:8:56 | $locati ... + "foo" | -| tst6.js:8:21:8:48 | $locati ... irect') | tst6.js:8:21:8:56 | $locati ... + "foo" | -| tst7.js:2:12:2:35 | documen ... .search | tst7.js:2:12:2:35 | documen ... .search | -| tst7.js:5:27:5:50 | documen ... .search | tst7.js:5:27:5:50 | documen ... .search | -| tst9.js:2:21:2:42 | documen ... on.hash | tst9.js:2:21:2:55 | documen ... ring(1) | -| tst9.js:2:21:2:42 | documen ... on.hash | tst9.js:2:21:2:55 | documen ... ring(1) | -| tst9.js:2:21:2:42 | documen ... on.hash | tst9.js:2:21:2:55 | documen ... ring(1) | -| tst9.js:2:21:2:42 | documen ... on.hash | tst9.js:2:21:2:55 | documen ... ring(1) | -| tst10.js:5:23:5:46 | documen ... .search | tst10.js:5:17:5:46 | '/' + d ... .search | -| tst10.js:5:23:5:46 | documen ... .search | tst10.js:5:17:5:46 | '/' + d ... .search | -| tst10.js:5:23:5:46 | documen ... .search | tst10.js:5:17:5:46 | '/' + d ... .search | -| tst10.js:5:23:5:46 | documen ... .search | tst10.js:5:17:5:46 | '/' + d ... .search | -| tst10.js:8:24:8:47 | documen ... .search | tst10.js:8:17:8:47 | '//' + ... .search | -| tst10.js:8:24:8:47 | documen ... .search | tst10.js:8:17:8:47 | '//' + ... .search | -| tst10.js:8:24:8:47 | documen ... .search | tst10.js:8:17:8:47 | '//' + ... .search | -| tst10.js:8:24:8:47 | documen ... .search | tst10.js:8:17:8:47 | '//' + ... .search | -| tst10.js:11:27:11:50 | documen ... .search | tst10.js:11:17:11:50 | '//foo' ... .search | -| tst10.js:11:27:11:50 | documen ... .search | tst10.js:11:17:11:50 | '//foo' ... .search | -| tst10.js:11:27:11:50 | documen ... .search | tst10.js:11:17:11:50 | '//foo' ... .search | -| tst10.js:11:27:11:50 | documen ... .search | tst10.js:11:17:11:50 | '//foo' ... .search | -| tst10.js:14:33:14:56 | documen ... .search | tst10.js:14:17:14:56 | 'https: ... .search | -| tst10.js:14:33:14:56 | documen ... .search | tst10.js:14:17:14:56 | 'https: ... .search | -| tst10.js:14:33:14:56 | documen ... .search | tst10.js:14:17:14:56 | 'https: ... .search | -| tst10.js:14:33:14:56 | documen ... .search | tst10.js:14:17:14:56 | 'https: ... .search | -| tst12.js:3:9:3:50 | urlParts | tst12.js:4:15:4:22 | urlParts | -| tst12.js:3:20:3:39 | window.location.hash | tst12.js:3:20:3:50 | window. ... it('?') | -| tst12.js:3:20:3:39 | window.location.hash | tst12.js:3:20:3:50 | window. ... it('?') | -| tst12.js:3:20:3:50 | window. ... it('?') | tst12.js:3:9:3:50 | urlParts | -| tst12.js:4:9:4:45 | loc | tst12.js:5:23:5:25 | loc | -| tst12.js:4:9:4:45 | loc | tst12.js:5:23:5:25 | loc | -| tst12.js:4:15:4:22 | urlParts | tst12.js:4:15:4:25 | urlParts[0] | -| tst12.js:4:15:4:25 | urlParts[0] | tst12.js:4:15:4:45 | urlPart ... s.value | -| tst12.js:4:15:4:45 | urlPart ... s.value | tst12.js:4:9:4:45 | loc | -| tst13.js:2:9:2:52 | payload | tst13.js:4:15:4:21 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:4:15:4:21 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:8:21:8:27 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:8:21:8:27 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:12:14:12:20 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:12:14:12:20 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:16:17:16:23 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:16:17:16:23 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:20:14:20:20 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:20:14:20:20 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:24:14:24:20 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:24:14:24:20 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:28:21:28:27 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:28:21:28:27 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:32:17:32:23 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:32:17:32:23 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:36:21:36:27 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:36:21:36:27 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:40:15:40:21 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:40:15:40:21 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:44:14:44:20 | payload | -| tst13.js:2:9:2:52 | payload | tst13.js:44:14:44:20 | payload | -| tst13.js:2:19:2:42 | documen ... .search | tst13.js:2:19:2:52 | documen ... bstr(1) | -| tst13.js:2:19:2:42 | documen ... .search | tst13.js:2:19:2:52 | documen ... bstr(1) | -| tst13.js:2:19:2:52 | documen ... bstr(1) | tst13.js:2:9:2:52 | payload | -| tst13.js:49:32:49:32 | e | tst13.js:50:23:50:23 | e | -| tst13.js:49:32:49:32 | e | tst13.js:50:23:50:23 | e | -| tst13.js:49:32:49:32 | e | tst13.js:50:23:50:23 | e | -| tst13.js:49:32:49:32 | e | tst13.js:50:23:50:23 | e | -| tst13.js:52:34:52:34 | e | tst13.js:53:28:53:28 | e | -| tst13.js:52:34:52:34 | e | tst13.js:53:28:53:28 | e | -| tst13.js:52:34:52:34 | e | tst13.js:53:28:53:28 | e | -| tst13.js:52:34:52:34 | e | tst13.js:53:28:53:28 | e | -| tst13.js:59:9:59:52 | payload | tst13.js:61:18:61:24 | payload | -| tst13.js:59:9:59:52 | payload | tst13.js:61:18:61:24 | payload | -| tst13.js:59:19:59:42 | documen ... .search | tst13.js:59:19:59:52 | documen ... bstr(1) | -| tst13.js:59:19:59:42 | documen ... .search | tst13.js:59:19:59:52 | documen ... bstr(1) | -| tst13.js:59:19:59:52 | documen ... bstr(1) | tst13.js:59:9:59:52 | payload | -| tst13.js:65:9:65:49 | payload | tst13.js:67:21:67:27 | payload | -| tst13.js:65:9:65:49 | payload | tst13.js:67:21:67:27 | payload | -| tst13.js:65:19:65:39 | history ... on.hash | tst13.js:65:19:65:49 | history ... bstr(1) | -| tst13.js:65:19:65:39 | history ... on.hash | tst13.js:65:19:65:49 | history ... bstr(1) | -| tst13.js:65:19:65:49 | history ... bstr(1) | tst13.js:65:9:65:49 | payload | -| tst13.js:72:9:72:49 | payload | tst13.js:74:21:74:27 | payload | -| tst13.js:72:9:72:49 | payload | tst13.js:74:21:74:27 | payload | -| tst13.js:72:19:72:39 | history ... on.hash | tst13.js:72:19:72:49 | history ... bstr(1) | -| tst13.js:72:19:72:39 | history ... on.hash | tst13.js:72:19:72:49 | history ... bstr(1) | -| tst13.js:72:19:72:49 | history ... bstr(1) | tst13.js:72:9:72:49 | payload | -| tst13.js:78:9:78:48 | url | tst13.js:80:21:80:23 | url | -| tst13.js:78:9:78:48 | url | tst13.js:80:21:80:23 | url | -| tst13.js:78:9:78:48 | url | tst13.js:81:28:81:30 | url | -| tst13.js:78:9:78:48 | url | tst13.js:81:28:81:30 | url | -| tst13.js:78:9:78:48 | url | tst13.js:82:27:82:29 | url | -| tst13.js:78:9:78:48 | url | tst13.js:82:27:82:29 | url | -| tst13.js:78:9:78:48 | url | tst13.js:83:22:83:24 | url | -| tst13.js:78:9:78:48 | url | tst13.js:83:22:83:24 | url | -| tst13.js:78:15:78:38 | documen ... .search | tst13.js:78:15:78:48 | documen ... bstr(1) | -| tst13.js:78:15:78:38 | documen ... .search | tst13.js:78:15:78:48 | documen ... bstr(1) | -| tst13.js:78:15:78:48 | documen ... bstr(1) | tst13.js:78:9:78:48 | url | -| tst.js:2:19:2:69 | /.*redi ... n.href) | tst.js:2:19:2:72 | /.*redi ... ref)[1] | -| tst.js:2:19:2:69 | /.*redi ... n.href) | tst.js:2:19:2:72 | /.*redi ... ref)[1] | -| tst.js:2:47:2:63 | document.location | tst.js:2:47:2:68 | documen ... on.href | -| tst.js:2:47:2:63 | document.location | tst.js:2:47:2:68 | documen ... on.href | -| tst.js:2:47:2:68 | documen ... on.href | tst.js:2:19:2:69 | /.*redi ... n.href) | -| tst.js:2:47:2:68 | documen ... on.href | tst.js:2:19:2:69 | /.*redi ... n.href) | -| tst.js:6:20:6:56 | indirec ... n.href) | tst.js:6:20:6:59 | indirec ... ref)[1] | -| tst.js:6:20:6:56 | indirec ... n.href) | tst.js:6:20:6:59 | indirec ... ref)[1] | -| tst.js:6:34:6:50 | document.location | tst.js:6:34:6:55 | documen ... on.href | -| tst.js:6:34:6:50 | document.location | tst.js:6:34:6:55 | documen ... on.href | -| tst.js:6:34:6:55 | documen ... on.href | tst.js:6:20:6:56 | indirec ... n.href) | -| tst.js:6:34:6:55 | documen ... on.href | tst.js:6:20:6:56 | indirec ... n.href) | -| tst.js:10:19:10:81 | new Reg ... n.href) | tst.js:10:19:10:84 | new Reg ... ref)[1] | -| tst.js:10:19:10:81 | new Reg ... n.href) | tst.js:10:19:10:84 | new Reg ... ref)[1] | -| tst.js:10:59:10:75 | document.location | tst.js:10:59:10:80 | documen ... on.href | -| tst.js:10:59:10:75 | document.location | tst.js:10:59:10:80 | documen ... on.href | -| tst.js:10:59:10:80 | documen ... on.href | tst.js:10:19:10:81 | new Reg ... n.href) | -| tst.js:10:59:10:80 | documen ... on.href | tst.js:10:19:10:81 | new Reg ... n.href) | -| tst.js:14:20:14:56 | indirec ... n.href) | tst.js:14:20:14:59 | indirec ... ref)[1] | -| tst.js:14:20:14:56 | indirec ... n.href) | tst.js:14:20:14:59 | indirec ... ref)[1] | -| tst.js:14:34:14:50 | document.location | tst.js:14:34:14:55 | documen ... on.href | -| tst.js:14:34:14:50 | document.location | tst.js:14:34:14:55 | documen ... on.href | -| tst.js:14:34:14:55 | documen ... on.href | tst.js:14:20:14:56 | indirec ... n.href) | -| tst.js:14:34:14:55 | documen ... on.href | tst.js:14:20:14:56 | indirec ... n.href) | -| tst.js:18:19:18:81 | new Reg ... n.href) | tst.js:18:19:18:84 | new Reg ... ref)[1] | -| tst.js:18:19:18:81 | new Reg ... n.href) | tst.js:18:19:18:84 | new Reg ... ref)[1] | -| tst.js:18:59:18:75 | document.location | tst.js:18:59:18:80 | documen ... on.href | -| tst.js:18:59:18:75 | document.location | tst.js:18:59:18:80 | documen ... on.href | -| tst.js:18:59:18:80 | documen ... on.href | tst.js:18:19:18:81 | new Reg ... n.href) | -| tst.js:18:59:18:80 | documen ... on.href | tst.js:18:19:18:81 | new Reg ... n.href) | -| tst.js:22:20:22:56 | indirec ... n.href) | tst.js:22:20:22:59 | indirec ... ref)[1] | -| tst.js:22:20:22:56 | indirec ... n.href) | tst.js:22:20:22:59 | indirec ... ref)[1] | -| tst.js:22:34:22:50 | document.location | tst.js:22:34:22:55 | documen ... on.href | -| tst.js:22:34:22:50 | document.location | tst.js:22:34:22:55 | documen ... on.href | -| tst.js:22:34:22:55 | documen ... on.href | tst.js:22:20:22:56 | indirec ... n.href) | -| tst.js:22:34:22:55 | documen ... on.href | tst.js:22:20:22:56 | indirec ... n.href) | -| tst.js:26:22:26:79 | new Reg ... n.href) | tst.js:26:22:26:82 | new Reg ... ref)[1] | -| tst.js:26:22:26:79 | new Reg ... n.href) | tst.js:26:22:26:82 | new Reg ... ref)[1] | -| tst.js:26:62:26:78 | win.location.href | tst.js:26:22:26:79 | new Reg ... n.href) | -| tst.js:26:62:26:78 | win.location.href | tst.js:26:22:26:79 | new Reg ... n.href) | -| typed.ts:4:13:4:36 | params | typed.ts:5:25:5:30 | params | -| typed.ts:4:22:4:36 | location.search | typed.ts:4:13:4:36 | params | -| typed.ts:4:22:4:36 | location.search | typed.ts:4:13:4:36 | params | -| typed.ts:5:25:5:30 | params | typed.ts:7:24:7:34 | redirectUri | -| typed.ts:7:24:7:34 | redirectUri | typed.ts:8:33:8:43 | redirectUri | -| typed.ts:7:24:7:34 | redirectUri | typed.ts:8:33:8:43 | redirectUri | -| typed.ts:25:25:25:34 | loc.search | typed.ts:28:24:28:34 | redirectUri | -| typed.ts:25:25:25:34 | loc.search | typed.ts:28:24:28:34 | redirectUri | -| typed.ts:28:24:28:34 | redirectUri | typed.ts:29:33:29:43 | redirectUri | -| typed.ts:28:24:28:34 | redirectUri | typed.ts:29:33:29:43 | redirectUri | -| typed.ts:47:25:47:34 | loc.search | typed.ts:51:24:51:34 | redirectUri | -| typed.ts:47:25:47:34 | loc.search | typed.ts:51:24:51:34 | redirectUri | -| typed.ts:48:26:48:36 | loc2.search | typed.ts:55:25:55:35 | redirectUri | -| typed.ts:48:26:48:36 | loc2.search | typed.ts:55:25:55:35 | redirectUri | -| typed.ts:51:24:51:34 | redirectUri | typed.ts:52:33:52:43 | redirectUri | -| typed.ts:51:24:51:34 | redirectUri | typed.ts:52:33:52:43 | redirectUri | -| typed.ts:55:25:55:35 | redirectUri | typed.ts:56:33:56:43 | redirectUri | -| typed.ts:55:25:55:35 | redirectUri | typed.ts:56:33:56:43 | redirectUri | +| electron.js:4:12:4:22 | window.name | electron.js:7:20:7:29 | getTaint() | provenance | | +| react.js:28:43:28:64 | documen ... on.hash | react.js:28:43:28:74 | documen ... bstr(1) | provenance | | +| react.js:34:43:34:64 | documen ... on.hash | react.js:34:43:34:74 | documen ... bstr(1) | provenance | | +| react.js:40:19:40:40 | documen ... on.hash | react.js:40:19:40:50 | documen ... bstr(1) | provenance | | +| sanitizer.js:2:9:2:25 | url | sanitizer.js:4:27:4:29 | url | provenance | | +| sanitizer.js:2:9:2:25 | url | sanitizer.js:16:27:16:29 | url | provenance | | +| sanitizer.js:2:9:2:25 | url | sanitizer.js:19:27:19:29 | url | provenance | | +| sanitizer.js:2:9:2:25 | url | sanitizer.js:22:27:22:29 | url | provenance | | +| sanitizer.js:2:9:2:25 | url | sanitizer.js:25:27:25:29 | url | provenance | | +| sanitizer.js:2:9:2:25 | url | sanitizer.js:28:27:28:29 | url | provenance | | +| sanitizer.js:2:9:2:25 | url | sanitizer.js:31:27:31:29 | url | provenance | | +| sanitizer.js:2:9:2:25 | url | sanitizer.js:37:27:37:29 | url | provenance | | +| sanitizer.js:2:15:2:25 | window.name | sanitizer.js:2:9:2:25 | url | provenance | | +| tst2.js:2:7:2:33 | href | tst2.js:4:21:4:24 | href | provenance | | +| tst2.js:2:14:2:33 | window.location.href | tst2.js:2:7:2:33 | href | provenance | | +| tst2.js:4:21:4:24 | href | tst2.js:4:21:4:55 | href.su ... '?')+1) | provenance | Config | +| tst6.js:2:7:2:45 | redirect | tst6.js:4:21:4:28 | redirect | provenance | | +| tst6.js:2:7:2:45 | redirect | tst6.js:6:17:6:24 | redirect | provenance | | +| tst6.js:2:18:2:45 | $locati ... irect') | tst6.js:2:7:2:45 | redirect | provenance | | +| tst6.js:8:21:8:48 | $locati ... irect') | tst6.js:8:21:8:56 | $locati ... + "foo" | provenance | | +| tst9.js:2:21:2:42 | documen ... on.hash | tst9.js:2:21:2:55 | documen ... ring(1) | provenance | | +| tst10.js:5:23:5:46 | documen ... .search | tst10.js:5:17:5:46 | '/' + d ... .search | provenance | | +| tst10.js:8:24:8:47 | documen ... .search | tst10.js:8:17:8:47 | '//' + ... .search | provenance | | +| tst10.js:11:27:11:50 | documen ... .search | tst10.js:11:17:11:50 | '//foo' ... .search | provenance | | +| tst10.js:14:33:14:56 | documen ... .search | tst10.js:14:17:14:56 | 'https: ... .search | provenance | | +| tst12.js:3:9:3:50 | urlParts | tst12.js:4:15:4:22 | urlParts | provenance | | +| tst12.js:3:20:3:39 | window.location.hash | tst12.js:3:20:3:50 | window. ... it('?') | provenance | | +| tst12.js:3:20:3:50 | window. ... it('?') | tst12.js:3:9:3:50 | urlParts | provenance | | +| tst12.js:4:9:4:45 | loc | tst12.js:5:23:5:25 | loc | provenance | | +| tst12.js:4:15:4:22 | urlParts | tst12.js:4:9:4:45 | loc | provenance | | +| tst13.js:2:9:2:52 | payload | tst13.js:4:15:4:21 | payload | provenance | | +| tst13.js:2:9:2:52 | payload | tst13.js:8:21:8:27 | payload | provenance | | +| tst13.js:2:9:2:52 | payload | tst13.js:12:14:12:20 | payload | provenance | | +| tst13.js:2:9:2:52 | payload | tst13.js:16:17:16:23 | payload | provenance | | +| tst13.js:2:9:2:52 | payload | tst13.js:20:14:20:20 | payload | provenance | | +| tst13.js:2:9:2:52 | payload | tst13.js:24:14:24:20 | payload | provenance | | +| tst13.js:2:9:2:52 | payload | tst13.js:28:21:28:27 | payload | provenance | | +| tst13.js:2:9:2:52 | payload | tst13.js:32:17:32:23 | payload | provenance | | +| tst13.js:2:9:2:52 | payload | tst13.js:36:21:36:27 | payload | provenance | | +| tst13.js:2:9:2:52 | payload | tst13.js:40:15:40:21 | payload | provenance | | +| tst13.js:2:9:2:52 | payload | tst13.js:44:14:44:20 | payload | provenance | | +| tst13.js:2:19:2:42 | documen ... .search | tst13.js:2:19:2:52 | documen ... bstr(1) | provenance | | +| tst13.js:2:19:2:52 | documen ... bstr(1) | tst13.js:2:9:2:52 | payload | provenance | | +| tst13.js:49:32:49:32 | e | tst13.js:50:23:50:23 | e | provenance | | +| tst13.js:52:34:52:34 | e | tst13.js:53:28:53:28 | e | provenance | | +| tst13.js:59:9:59:52 | payload | tst13.js:61:18:61:24 | payload | provenance | | +| tst13.js:59:19:59:42 | documen ... .search | tst13.js:59:19:59:52 | documen ... bstr(1) | provenance | | +| tst13.js:59:19:59:52 | documen ... bstr(1) | tst13.js:59:9:59:52 | payload | provenance | | +| tst13.js:65:9:65:49 | payload | tst13.js:67:21:67:27 | payload | provenance | | +| tst13.js:65:19:65:39 | history ... on.hash | tst13.js:65:19:65:49 | history ... bstr(1) | provenance | | +| tst13.js:65:19:65:49 | history ... bstr(1) | tst13.js:65:9:65:49 | payload | provenance | | +| tst13.js:72:9:72:49 | payload | tst13.js:74:21:74:27 | payload | provenance | | +| tst13.js:72:19:72:39 | history ... on.hash | tst13.js:72:19:72:49 | history ... bstr(1) | provenance | | +| tst13.js:72:19:72:49 | history ... bstr(1) | tst13.js:72:9:72:49 | payload | provenance | | +| tst13.js:78:9:78:48 | url | tst13.js:80:21:80:23 | url | provenance | | +| tst13.js:78:9:78:48 | url | tst13.js:81:28:81:30 | url | provenance | | +| tst13.js:78:9:78:48 | url | tst13.js:82:27:82:29 | url | provenance | | +| tst13.js:78:9:78:48 | url | tst13.js:83:22:83:24 | url | provenance | | +| tst13.js:78:15:78:38 | documen ... .search | tst13.js:78:15:78:48 | documen ... bstr(1) | provenance | | +| tst13.js:78:15:78:48 | documen ... bstr(1) | tst13.js:78:9:78:48 | url | provenance | | +| tst.js:2:19:2:69 | /.*redi ... n.href) | tst.js:2:19:2:72 | /.*redi ... ref)[1] | provenance | | +| tst.js:2:47:2:68 | documen ... on.href | tst.js:2:19:2:69 | /.*redi ... n.href) | provenance | Config | +| tst.js:6:20:6:56 | indirec ... n.href) | tst.js:6:20:6:59 | indirec ... ref)[1] | provenance | | +| tst.js:6:34:6:55 | documen ... on.href | tst.js:6:20:6:56 | indirec ... n.href) | provenance | Config | +| tst.js:10:19:10:81 | new Reg ... n.href) | tst.js:10:19:10:84 | new Reg ... ref)[1] | provenance | | +| tst.js:10:59:10:80 | documen ... on.href | tst.js:10:19:10:81 | new Reg ... n.href) | provenance | Config | +| tst.js:14:20:14:56 | indirec ... n.href) | tst.js:14:20:14:59 | indirec ... ref)[1] | provenance | | +| tst.js:14:34:14:55 | documen ... on.href | tst.js:14:20:14:56 | indirec ... n.href) | provenance | Config | +| tst.js:18:19:18:81 | new Reg ... n.href) | tst.js:18:19:18:84 | new Reg ... ref)[1] | provenance | | +| tst.js:18:59:18:80 | documen ... on.href | tst.js:18:19:18:81 | new Reg ... n.href) | provenance | Config | +| tst.js:22:20:22:56 | indirec ... n.href) | tst.js:22:20:22:59 | indirec ... ref)[1] | provenance | | +| tst.js:22:34:22:55 | documen ... on.href | tst.js:22:20:22:56 | indirec ... n.href) | provenance | Config | +| tst.js:26:22:26:79 | new Reg ... n.href) | tst.js:26:22:26:82 | new Reg ... ref)[1] | provenance | | +| tst.js:26:62:26:78 | win.location.href | tst.js:26:22:26:79 | new Reg ... n.href) | provenance | Config | +| typed.ts:4:13:4:36 | params | typed.ts:5:25:5:30 | params | provenance | | +| typed.ts:4:22:4:36 | location.search | typed.ts:4:13:4:36 | params | provenance | | +| typed.ts:5:25:5:30 | params | typed.ts:7:24:7:34 | redirectUri | provenance | | +| typed.ts:7:24:7:34 | redirectUri | typed.ts:8:33:8:43 | redirectUri | provenance | | +| typed.ts:25:25:25:34 | loc.search | typed.ts:28:24:28:34 | redirectUri | provenance | | +| typed.ts:28:24:28:34 | redirectUri | typed.ts:29:33:29:43 | redirectUri | provenance | | +| typed.ts:47:25:47:34 | loc.search | typed.ts:51:24:51:34 | redirectUri | provenance | | +| typed.ts:48:26:48:36 | loc2.search | typed.ts:55:25:55:35 | redirectUri | provenance | | +| typed.ts:51:24:51:34 | redirectUri | typed.ts:52:33:52:43 | redirectUri | provenance | | +| typed.ts:55:25:55:35 | redirectUri | typed.ts:56:33:56:43 | redirectUri | provenance | | +subpaths #select | electron.js:7:20:7:29 | getTaint() | electron.js:4:12:4:22 | window.name | electron.js:7:20:7:29 | getTaint() | Untrusted URL redirection depends on a $@. | electron.js:4:12:4:22 | window.name | user-provided value | | react.js:10:60:10:81 | documen ... on.hash | react.js:10:60:10:81 | documen ... on.hash | react.js:10:60:10:81 | documen ... on.hash | Untrusted URL redirection depends on a $@. | react.js:10:60:10:81 | documen ... on.hash | user-provided value | @@ -445,7 +220,6 @@ edges | sanitizer.js:28:27:28:29 | url | sanitizer.js:2:15:2:25 | window.name | sanitizer.js:28:27:28:29 | url | Untrusted URL redirection depends on a $@. | sanitizer.js:2:15:2:25 | window.name | user-provided value | | sanitizer.js:31:27:31:29 | url | sanitizer.js:2:15:2:25 | window.name | sanitizer.js:31:27:31:29 | url | Untrusted URL redirection depends on a $@. | sanitizer.js:2:15:2:25 | window.name | user-provided value | | sanitizer.js:37:27:37:29 | url | sanitizer.js:2:15:2:25 | window.name | sanitizer.js:37:27:37:29 | url | Untrusted URL redirection depends on a $@. | sanitizer.js:2:15:2:25 | window.name | user-provided value | -| tst2.js:4:21:4:55 | href.su ... '?')+1) | tst2.js:2:14:2:28 | window.location | tst2.js:4:21:4:55 | href.su ... '?')+1) | Untrusted URL redirection depends on a $@. | tst2.js:2:14:2:28 | window.location | user-provided value | | tst2.js:4:21:4:55 | href.su ... '?')+1) | tst2.js:2:14:2:33 | window.location.href | tst2.js:4:21:4:55 | href.su ... '?')+1) | Untrusted URL redirection depends on a $@. | tst2.js:2:14:2:33 | window.location.href | user-provided value | | tst6.js:4:21:4:28 | redirect | tst6.js:2:18:2:45 | $locati ... irect') | tst6.js:4:21:4:28 | redirect | Untrusted URL redirection depends on a $@. | tst6.js:2:18:2:45 | $locati ... irect') | user-provided value | | tst6.js:6:17:6:24 | redirect | tst6.js:2:18:2:45 | $locati ... irect') | tst6.js:6:17:6:24 | redirect | Untrusted URL redirection depends on a $@. | tst6.js:2:18:2:45 | $locati ... irect') | user-provided value | @@ -478,17 +252,11 @@ edges | tst13.js:81:28:81:30 | url | tst13.js:78:15:78:38 | documen ... .search | tst13.js:81:28:81:30 | url | Untrusted URL redirection depends on a $@. | tst13.js:78:15:78:38 | documen ... .search | user-provided value | | tst13.js:82:27:82:29 | url | tst13.js:78:15:78:38 | documen ... .search | tst13.js:82:27:82:29 | url | Untrusted URL redirection depends on a $@. | tst13.js:78:15:78:38 | documen ... .search | user-provided value | | tst13.js:83:22:83:24 | url | tst13.js:78:15:78:38 | documen ... .search | tst13.js:83:22:83:24 | url | Untrusted URL redirection depends on a $@. | tst13.js:78:15:78:38 | documen ... .search | user-provided value | -| tst.js:2:19:2:72 | /.*redi ... ref)[1] | tst.js:2:47:2:63 | document.location | tst.js:2:19:2:72 | /.*redi ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:2:47:2:63 | document.location | user-provided value | | tst.js:2:19:2:72 | /.*redi ... ref)[1] | tst.js:2:47:2:68 | documen ... on.href | tst.js:2:19:2:72 | /.*redi ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:2:47:2:68 | documen ... on.href | user-provided value | -| tst.js:6:20:6:59 | indirec ... ref)[1] | tst.js:6:34:6:50 | document.location | tst.js:6:20:6:59 | indirec ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:6:34:6:50 | document.location | user-provided value | | tst.js:6:20:6:59 | indirec ... ref)[1] | tst.js:6:34:6:55 | documen ... on.href | tst.js:6:20:6:59 | indirec ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:6:34:6:55 | documen ... on.href | user-provided value | -| tst.js:10:19:10:84 | new Reg ... ref)[1] | tst.js:10:59:10:75 | document.location | tst.js:10:19:10:84 | new Reg ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:10:59:10:75 | document.location | user-provided value | | tst.js:10:19:10:84 | new Reg ... ref)[1] | tst.js:10:59:10:80 | documen ... on.href | tst.js:10:19:10:84 | new Reg ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:10:59:10:80 | documen ... on.href | user-provided value | -| tst.js:14:20:14:59 | indirec ... ref)[1] | tst.js:14:34:14:50 | document.location | tst.js:14:20:14:59 | indirec ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:14:34:14:50 | document.location | user-provided value | | tst.js:14:20:14:59 | indirec ... ref)[1] | tst.js:14:34:14:55 | documen ... on.href | tst.js:14:20:14:59 | indirec ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:14:34:14:55 | documen ... on.href | user-provided value | -| tst.js:18:19:18:84 | new Reg ... ref)[1] | tst.js:18:59:18:75 | document.location | tst.js:18:19:18:84 | new Reg ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:18:59:18:75 | document.location | user-provided value | | tst.js:18:19:18:84 | new Reg ... ref)[1] | tst.js:18:59:18:80 | documen ... on.href | tst.js:18:19:18:84 | new Reg ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:18:59:18:80 | documen ... on.href | user-provided value | -| tst.js:22:20:22:59 | indirec ... ref)[1] | tst.js:22:34:22:50 | document.location | tst.js:22:20:22:59 | indirec ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:22:34:22:50 | document.location | user-provided value | | tst.js:22:20:22:59 | indirec ... ref)[1] | tst.js:22:34:22:55 | documen ... on.href | tst.js:22:20:22:59 | indirec ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:22:34:22:55 | documen ... on.href | user-provided value | | tst.js:26:22:26:82 | new Reg ... ref)[1] | tst.js:26:62:26:78 | win.location.href | tst.js:26:22:26:82 | new Reg ... ref)[1] | Untrusted URL redirection depends on a $@. | tst.js:26:62:26:78 | win.location.href | user-provided value | | typed.ts:8:33:8:43 | redirectUri | typed.ts:4:22:4:36 | location.search | typed.ts:8:33:8:43 | redirectUri | Untrusted URL redirection depends on a $@. | typed.ts:4:22:4:36 | location.search | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/tst15.js b/javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/tst15.js new file mode 100644 index 000000000000..cb5345d5921b --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-601/ClientSideUrlRedirect/tst15.js @@ -0,0 +1,12 @@ +function foo() { + var url = document.location.toString(); + window.location = url.substring(0).substring(1); // OK + window.location = url.substring(0, 10).substring(1); // OK + window.location = url.substring(0, url.indexOf('/', 10)).substring(1); // OK +} + +function bar() { + var url = new URL(window.location); + window.location = url.origin; // OK + window.location = url.origin.substring(10); // OK +} diff --git a/javascript/ql/test/query-tests/Security/CWE-601/ServerSideUrlRedirect/ServerSideUrlRedirect.expected b/javascript/ql/test/query-tests/Security/CWE-601/ServerSideUrlRedirect/ServerSideUrlRedirect.expected index c03f57e7dd5c..ac29a57bf83d 100644 --- a/javascript/ql/test/query-tests/Security/CWE-601/ServerSideUrlRedirect/ServerSideUrlRedirect.expected +++ b/javascript/ql/test/query-tests/Security/CWE-601/ServerSideUrlRedirect/ServerSideUrlRedirect.expected @@ -1,223 +1,120 @@ -nodes -| ServerSideUrlRedirect.js:5:16:5:34 | req.query["target"] | -| ServerSideUrlRedirect.js:5:16:5:34 | req.query["target"] | -| ServerSideUrlRedirect.js:5:16:5:34 | req.query["target"] | -| express.js:7:16:7:34 | req.param("target") | -| express.js:7:16:7:34 | req.param("target") | -| express.js:7:16:7:34 | req.param("target") | -| express.js:12:26:12:44 | req.param("target") | -| express.js:12:26:12:44 | req.param("target") | -| express.js:12:26:12:44 | req.param("target") | -| express.js:27:7:27:34 | target | -| express.js:27:16:27:34 | req.param("target") | -| express.js:27:16:27:34 | req.param("target") | -| express.js:33:18:33:23 | target | -| express.js:33:18:33:23 | target | -| express.js:35:16:35:21 | target | -| express.js:35:16:35:21 | target | -| express.js:40:16:40:108 | (req.pa ... ntacts" | -| express.js:40:16:40:108 | (req.pa ... ntacts" | -| express.js:40:69:40:87 | req.param('action') | -| express.js:40:69:40:87 | req.param('action') | -| express.js:74:16:74:43 | `${req. ... )}/foo` | -| express.js:74:16:74:43 | `${req. ... )}/foo` | -| express.js:74:19:74:37 | req.param("target") | -| express.js:74:19:74:37 | req.param("target") | -| express.js:83:7:83:34 | target | -| express.js:83:16:83:34 | req.param("target") | -| express.js:83:16:83:34 | req.param("target") | -| express.js:90:18:90:23 | target | -| express.js:90:18:90:23 | target | -| express.js:97:16:97:21 | target | -| express.js:97:16:97:21 | target | -| express.js:118:16:118:63 | [req.qu ... ection] | -| express.js:118:16:118:72 | [req.qu ... oin('') | -| express.js:118:16:118:72 | [req.qu ... oin('') | -| express.js:118:17:118:30 | req.query.page | -| express.js:118:17:118:30 | req.query.page | -| express.js:134:16:134:36 | '/' + r ... ms.user | -| express.js:134:16:134:36 | '/' + r ... ms.user | -| express.js:134:22:134:36 | req.params.user | -| express.js:134:22:134:36 | req.params.user | -| express.js:135:16:135:37 | '//' + ... ms.user | -| express.js:135:16:135:37 | '//' + ... ms.user | -| express.js:135:23:135:37 | req.params.user | -| express.js:135:23:135:37 | req.params.user | -| express.js:136:16:136:36 | 'u' + r ... ms.user | -| express.js:136:16:136:36 | 'u' + r ... ms.user | -| express.js:136:22:136:36 | req.params.user | -| express.js:136:22:136:36 | req.params.user | -| express.js:143:16:143:28 | req.query.foo | -| express.js:143:16:143:28 | req.query.foo | -| express.js:143:16:143:28 | req.query.foo | -| express.js:146:16:146:24 | query.foo | -| express.js:146:16:146:24 | query.foo | -| express.js:146:16:146:24 | query.foo | -| express.js:150:7:150:34 | target | -| express.js:150:16:150:34 | req.param("target") | -| express.js:150:16:150:34 | req.param("target") | -| express.js:155:18:155:23 | target | -| express.js:155:18:155:23 | target | -| express.js:160:18:160:23 | target | -| express.js:160:18:160:23 | target | -| express.js:164:7:164:54 | myThing | -| express.js:164:17:164:41 | JSON.st ... .query) | -| express.js:164:17:164:54 | JSON.st ... (1, -1) | -| express.js:164:32:164:40 | req.query | -| express.js:164:32:164:40 | req.query | -| express.js:165:16:165:22 | myThing | -| express.js:165:16:165:22 | myThing | -| koa.js:6:6:6:27 | url | -| koa.js:6:12:6:27 | ctx.query.target | -| koa.js:6:12:6:27 | ctx.query.target | -| koa.js:7:15:7:17 | url | -| koa.js:7:15:7:17 | url | -| koa.js:8:15:8:26 | `${url}${x}` | -| koa.js:8:15:8:26 | `${url}${x}` | -| koa.js:8:18:8:20 | url | -| koa.js:14:16:14:18 | url | -| koa.js:14:16:14:18 | url | -| koa.js:20:16:20:18 | url | -| koa.js:20:16:20:18 | url | -| next.ts:11:31:11:38 | req.body | -| next.ts:11:31:11:38 | req.body | -| next.ts:11:31:11:50 | req.body.callbackUrl | -| next.ts:11:31:11:50 | req.body.callbackUrl | -| node.js:5:7:5:52 | target | -| node.js:5:16:5:39 | url.par ... , true) | -| node.js:5:16:5:45 | url.par ... ).query | -| node.js:5:16:5:52 | url.par ... .target | -| node.js:5:26:5:32 | req.url | -| node.js:5:26:5:32 | req.url | -| node.js:6:34:6:39 | target | -| node.js:6:34:6:39 | target | -| node.js:10:7:10:52 | target | -| node.js:10:16:10:39 | url.par ... , true) | -| node.js:10:16:10:45 | url.par ... ).query | -| node.js:10:16:10:52 | url.par ... .target | -| node.js:10:26:10:32 | req.url | -| node.js:10:26:10:32 | req.url | -| node.js:14:34:14:45 | '/' + target | -| node.js:14:34:14:45 | '/' + target | -| node.js:14:40:14:45 | target | -| node.js:28:7:28:52 | target | -| node.js:28:16:28:39 | url.par ... , true) | -| node.js:28:16:28:45 | url.par ... ).query | -| node.js:28:16:28:52 | url.par ... .target | -| node.js:28:26:28:32 | req.url | -| node.js:28:26:28:32 | req.url | -| node.js:31:34:31:39 | target | -| node.js:31:34:31:55 | target ... =" + me | -| node.js:31:34:31:55 | target ... =" + me | -| react-native.js:7:7:7:33 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | -| react-native.js:7:17:7:33 | req.param("code") | -| react-native.js:8:17:8:23 | tainted | -| react-native.js:8:17:8:23 | tainted | -| react-native.js:9:26:9:32 | tainted | -| react-native.js:9:26:9:32 | tainted | edges -| ServerSideUrlRedirect.js:5:16:5:34 | req.query["target"] | ServerSideUrlRedirect.js:5:16:5:34 | req.query["target"] | -| express.js:7:16:7:34 | req.param("target") | express.js:7:16:7:34 | req.param("target") | -| express.js:12:26:12:44 | req.param("target") | express.js:12:26:12:44 | req.param("target") | -| express.js:27:7:27:34 | target | express.js:33:18:33:23 | target | -| express.js:27:7:27:34 | target | express.js:33:18:33:23 | target | -| express.js:27:7:27:34 | target | express.js:35:16:35:21 | target | -| express.js:27:7:27:34 | target | express.js:35:16:35:21 | target | -| express.js:27:16:27:34 | req.param("target") | express.js:27:7:27:34 | target | -| express.js:27:16:27:34 | req.param("target") | express.js:27:7:27:34 | target | -| express.js:40:69:40:87 | req.param('action') | express.js:40:16:40:108 | (req.pa ... ntacts" | -| express.js:40:69:40:87 | req.param('action') | express.js:40:16:40:108 | (req.pa ... ntacts" | -| express.js:40:69:40:87 | req.param('action') | express.js:40:16:40:108 | (req.pa ... ntacts" | -| express.js:40:69:40:87 | req.param('action') | express.js:40:16:40:108 | (req.pa ... ntacts" | -| express.js:74:19:74:37 | req.param("target") | express.js:74:16:74:43 | `${req. ... )}/foo` | -| express.js:74:19:74:37 | req.param("target") | express.js:74:16:74:43 | `${req. ... )}/foo` | -| express.js:74:19:74:37 | req.param("target") | express.js:74:16:74:43 | `${req. ... )}/foo` | -| express.js:74:19:74:37 | req.param("target") | express.js:74:16:74:43 | `${req. ... )}/foo` | -| express.js:83:7:83:34 | target | express.js:90:18:90:23 | target | -| express.js:83:7:83:34 | target | express.js:90:18:90:23 | target | -| express.js:83:7:83:34 | target | express.js:97:16:97:21 | target | -| express.js:83:7:83:34 | target | express.js:97:16:97:21 | target | -| express.js:83:16:83:34 | req.param("target") | express.js:83:7:83:34 | target | -| express.js:83:16:83:34 | req.param("target") | express.js:83:7:83:34 | target | -| express.js:118:16:118:63 | [req.qu ... ection] | express.js:118:16:118:72 | [req.qu ... oin('') | -| express.js:118:16:118:63 | [req.qu ... ection] | express.js:118:16:118:72 | [req.qu ... oin('') | -| express.js:118:17:118:30 | req.query.page | express.js:118:16:118:63 | [req.qu ... ection] | -| express.js:118:17:118:30 | req.query.page | express.js:118:16:118:63 | [req.qu ... ection] | -| express.js:134:22:134:36 | req.params.user | express.js:134:16:134:36 | '/' + r ... ms.user | -| express.js:134:22:134:36 | req.params.user | express.js:134:16:134:36 | '/' + r ... ms.user | -| express.js:134:22:134:36 | req.params.user | express.js:134:16:134:36 | '/' + r ... ms.user | -| express.js:134:22:134:36 | req.params.user | express.js:134:16:134:36 | '/' + r ... ms.user | -| express.js:135:23:135:37 | req.params.user | express.js:135:16:135:37 | '//' + ... ms.user | -| express.js:135:23:135:37 | req.params.user | express.js:135:16:135:37 | '//' + ... ms.user | -| express.js:135:23:135:37 | req.params.user | express.js:135:16:135:37 | '//' + ... ms.user | -| express.js:135:23:135:37 | req.params.user | express.js:135:16:135:37 | '//' + ... ms.user | -| express.js:136:22:136:36 | req.params.user | express.js:136:16:136:36 | 'u' + r ... ms.user | -| express.js:136:22:136:36 | req.params.user | express.js:136:16:136:36 | 'u' + r ... ms.user | -| express.js:136:22:136:36 | req.params.user | express.js:136:16:136:36 | 'u' + r ... ms.user | -| express.js:136:22:136:36 | req.params.user | express.js:136:16:136:36 | 'u' + r ... ms.user | -| express.js:143:16:143:28 | req.query.foo | express.js:143:16:143:28 | req.query.foo | -| express.js:146:16:146:24 | query.foo | express.js:146:16:146:24 | query.foo | -| express.js:150:7:150:34 | target | express.js:155:18:155:23 | target | -| express.js:150:7:150:34 | target | express.js:155:18:155:23 | target | -| express.js:150:7:150:34 | target | express.js:160:18:160:23 | target | -| express.js:150:7:150:34 | target | express.js:160:18:160:23 | target | -| express.js:150:16:150:34 | req.param("target") | express.js:150:7:150:34 | target | -| express.js:150:16:150:34 | req.param("target") | express.js:150:7:150:34 | target | -| express.js:164:7:164:54 | myThing | express.js:165:16:165:22 | myThing | -| express.js:164:7:164:54 | myThing | express.js:165:16:165:22 | myThing | -| express.js:164:17:164:41 | JSON.st ... .query) | express.js:164:17:164:54 | JSON.st ... (1, -1) | -| express.js:164:17:164:54 | JSON.st ... (1, -1) | express.js:164:7:164:54 | myThing | -| express.js:164:32:164:40 | req.query | express.js:164:17:164:41 | JSON.st ... .query) | -| express.js:164:32:164:40 | req.query | express.js:164:17:164:41 | JSON.st ... .query) | -| koa.js:6:6:6:27 | url | koa.js:7:15:7:17 | url | -| koa.js:6:6:6:27 | url | koa.js:7:15:7:17 | url | -| koa.js:6:6:6:27 | url | koa.js:8:18:8:20 | url | -| koa.js:6:6:6:27 | url | koa.js:14:16:14:18 | url | -| koa.js:6:6:6:27 | url | koa.js:14:16:14:18 | url | -| koa.js:6:6:6:27 | url | koa.js:20:16:20:18 | url | -| koa.js:6:6:6:27 | url | koa.js:20:16:20:18 | url | -| koa.js:6:12:6:27 | ctx.query.target | koa.js:6:6:6:27 | url | -| koa.js:6:12:6:27 | ctx.query.target | koa.js:6:6:6:27 | url | -| koa.js:8:18:8:20 | url | koa.js:8:15:8:26 | `${url}${x}` | -| koa.js:8:18:8:20 | url | koa.js:8:15:8:26 | `${url}${x}` | -| next.ts:11:31:11:38 | req.body | next.ts:11:31:11:50 | req.body.callbackUrl | -| next.ts:11:31:11:38 | req.body | next.ts:11:31:11:50 | req.body.callbackUrl | -| next.ts:11:31:11:38 | req.body | next.ts:11:31:11:50 | req.body.callbackUrl | -| next.ts:11:31:11:38 | req.body | next.ts:11:31:11:50 | req.body.callbackUrl | -| node.js:5:7:5:52 | target | node.js:6:34:6:39 | target | -| node.js:5:7:5:52 | target | node.js:6:34:6:39 | target | -| node.js:5:16:5:39 | url.par ... , true) | node.js:5:16:5:45 | url.par ... ).query | -| node.js:5:16:5:45 | url.par ... ).query | node.js:5:16:5:52 | url.par ... .target | -| node.js:5:16:5:52 | url.par ... .target | node.js:5:7:5:52 | target | -| node.js:5:26:5:32 | req.url | node.js:5:16:5:39 | url.par ... , true) | -| node.js:5:26:5:32 | req.url | node.js:5:16:5:39 | url.par ... , true) | -| node.js:10:7:10:52 | target | node.js:14:40:14:45 | target | -| node.js:10:16:10:39 | url.par ... , true) | node.js:10:16:10:45 | url.par ... ).query | -| node.js:10:16:10:45 | url.par ... ).query | node.js:10:16:10:52 | url.par ... .target | -| node.js:10:16:10:52 | url.par ... .target | node.js:10:7:10:52 | target | -| node.js:10:26:10:32 | req.url | node.js:10:16:10:39 | url.par ... , true) | -| node.js:10:26:10:32 | req.url | node.js:10:16:10:39 | url.par ... , true) | -| node.js:14:40:14:45 | target | node.js:14:34:14:45 | '/' + target | -| node.js:14:40:14:45 | target | node.js:14:34:14:45 | '/' + target | -| node.js:28:7:28:52 | target | node.js:31:34:31:39 | target | -| node.js:28:16:28:39 | url.par ... , true) | node.js:28:16:28:45 | url.par ... ).query | -| node.js:28:16:28:45 | url.par ... ).query | node.js:28:16:28:52 | url.par ... .target | -| node.js:28:16:28:52 | url.par ... .target | node.js:28:7:28:52 | target | -| node.js:28:26:28:32 | req.url | node.js:28:16:28:39 | url.par ... , true) | -| node.js:28:26:28:32 | req.url | node.js:28:16:28:39 | url.par ... , true) | -| node.js:31:34:31:39 | target | node.js:31:34:31:55 | target ... =" + me | -| node.js:31:34:31:39 | target | node.js:31:34:31:55 | target ... =" + me | -| react-native.js:7:7:7:33 | tainted | react-native.js:8:17:8:23 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:8:17:8:23 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:9:26:9:32 | tainted | -| react-native.js:7:7:7:33 | tainted | react-native.js:9:26:9:32 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | -| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | +| ServerSideUrlRedirectGood2.js:16:7:16:34 | target | ServerSideUrlRedirectGood2.js:18:18:18:23 | target | provenance | | +| ServerSideUrlRedirectGood2.js:16:16:16:34 | req.query["target"] | ServerSideUrlRedirectGood2.js:16:7:16:34 | target | provenance | | +| express.js:27:7:27:34 | target | express.js:30:18:30:23 | target | provenance | | +| express.js:27:7:27:34 | target | express.js:33:18:33:23 | target | provenance | | +| express.js:27:7:27:34 | target | express.js:35:16:35:21 | target | provenance | | +| express.js:27:16:27:34 | req.param("target") | express.js:27:7:27:34 | target | provenance | | +| express.js:40:69:40:87 | req.param('action') | express.js:40:16:40:108 | (req.pa ... ntacts" | provenance | | +| express.js:74:19:74:37 | req.param("target") | express.js:74:16:74:43 | `${req. ... )}/foo` | provenance | | +| express.js:83:7:83:34 | target | express.js:90:18:90:23 | target | provenance | | +| express.js:83:7:83:34 | target | express.js:97:16:97:21 | target | provenance | | +| express.js:83:16:83:34 | req.param("target") | express.js:83:7:83:34 | target | provenance | | +| express.js:118:17:118:30 | req.query.page | express.js:118:16:118:72 | [req.qu ... oin('') | provenance | | +| express.js:134:22:134:36 | req.params.user | express.js:134:16:134:36 | '/' + r ... ms.user | provenance | | +| express.js:135:23:135:37 | req.params.user | express.js:135:16:135:37 | '//' + ... ms.user | provenance | | +| express.js:136:22:136:36 | req.params.user | express.js:136:16:136:36 | 'u' + r ... ms.user | provenance | | +| express.js:150:7:150:34 | target | express.js:155:18:155:23 | target | provenance | | +| express.js:150:7:150:34 | target | express.js:160:18:160:23 | target | provenance | | +| express.js:150:16:150:34 | req.param("target") | express.js:150:7:150:34 | target | provenance | | +| express.js:164:7:164:54 | myThing | express.js:165:16:165:22 | myThing | provenance | | +| express.js:164:17:164:41 | JSON.st ... .query) | express.js:164:17:164:54 | JSON.st ... (1, -1) | provenance | | +| express.js:164:17:164:54 | JSON.st ... (1, -1) | express.js:164:7:164:54 | myThing | provenance | | +| express.js:164:32:164:40 | req.query | express.js:164:17:164:41 | JSON.st ... .query) | provenance | | +| koa.js:6:6:6:27 | url | koa.js:7:15:7:17 | url | provenance | | +| koa.js:6:6:6:27 | url | koa.js:8:18:8:20 | url | provenance | | +| koa.js:6:6:6:27 | url | koa.js:14:16:14:18 | url | provenance | | +| koa.js:6:6:6:27 | url | koa.js:20:16:20:18 | url | provenance | | +| koa.js:6:12:6:27 | ctx.query.target | koa.js:6:6:6:27 | url | provenance | | +| koa.js:8:18:8:20 | url | koa.js:8:15:8:26 | `${url}${x}` | provenance | | +| next.ts:11:31:11:38 | req.body | next.ts:11:31:11:50 | req.body.callbackUrl | provenance | | +| node.js:5:7:5:52 | target | node.js:6:34:6:39 | target | provenance | | +| node.js:5:16:5:39 | url.par ... , true) | node.js:5:7:5:52 | target | provenance | | +| node.js:5:26:5:32 | req.url | node.js:5:16:5:39 | url.par ... , true) | provenance | | +| node.js:10:7:10:52 | target | node.js:14:40:14:45 | target | provenance | | +| node.js:10:16:10:39 | url.par ... , true) | node.js:10:7:10:52 | target | provenance | | +| node.js:10:26:10:32 | req.url | node.js:10:16:10:39 | url.par ... , true) | provenance | | +| node.js:14:40:14:45 | target | node.js:14:34:14:45 | '/' + target | provenance | | +| node.js:28:7:28:52 | target | node.js:31:34:31:39 | target | provenance | | +| node.js:28:16:28:39 | url.par ... , true) | node.js:28:7:28:52 | target | provenance | | +| node.js:28:26:28:32 | req.url | node.js:28:16:28:39 | url.par ... , true) | provenance | | +| node.js:31:34:31:39 | target | node.js:31:34:31:55 | target ... =" + me | provenance | | +| react-native.js:7:7:7:33 | tainted | react-native.js:8:17:8:23 | tainted | provenance | | +| react-native.js:7:7:7:33 | tainted | react-native.js:9:26:9:32 | tainted | provenance | | +| react-native.js:7:17:7:33 | req.param("code") | react-native.js:7:7:7:33 | tainted | provenance | | +nodes +| ServerSideUrlRedirect.js:5:16:5:34 | req.query["target"] | semmle.label | req.query["target"] | +| ServerSideUrlRedirectGood2.js:16:7:16:34 | target | semmle.label | target | +| ServerSideUrlRedirectGood2.js:16:16:16:34 | req.query["target"] | semmle.label | req.query["target"] | +| ServerSideUrlRedirectGood2.js:18:18:18:23 | target | semmle.label | target | +| express.js:7:16:7:34 | req.param("target") | semmle.label | req.param("target") | +| express.js:12:26:12:44 | req.param("target") | semmle.label | req.param("target") | +| express.js:27:7:27:34 | target | semmle.label | target | +| express.js:27:16:27:34 | req.param("target") | semmle.label | req.param("target") | +| express.js:30:18:30:23 | target | semmle.label | target | +| express.js:33:18:33:23 | target | semmle.label | target | +| express.js:35:16:35:21 | target | semmle.label | target | +| express.js:40:16:40:108 | (req.pa ... ntacts" | semmle.label | (req.pa ... ntacts" | +| express.js:40:69:40:87 | req.param('action') | semmle.label | req.param('action') | +| express.js:74:16:74:43 | `${req. ... )}/foo` | semmle.label | `${req. ... )}/foo` | +| express.js:74:19:74:37 | req.param("target") | semmle.label | req.param("target") | +| express.js:83:7:83:34 | target | semmle.label | target | +| express.js:83:16:83:34 | req.param("target") | semmle.label | req.param("target") | +| express.js:90:18:90:23 | target | semmle.label | target | +| express.js:97:16:97:21 | target | semmle.label | target | +| express.js:118:16:118:72 | [req.qu ... oin('') | semmle.label | [req.qu ... oin('') | +| express.js:118:17:118:30 | req.query.page | semmle.label | req.query.page | +| express.js:134:16:134:36 | '/' + r ... ms.user | semmle.label | '/' + r ... ms.user | +| express.js:134:22:134:36 | req.params.user | semmle.label | req.params.user | +| express.js:135:16:135:37 | '//' + ... ms.user | semmle.label | '//' + ... ms.user | +| express.js:135:23:135:37 | req.params.user | semmle.label | req.params.user | +| express.js:136:16:136:36 | 'u' + r ... ms.user | semmle.label | 'u' + r ... ms.user | +| express.js:136:22:136:36 | req.params.user | semmle.label | req.params.user | +| express.js:143:16:143:28 | req.query.foo | semmle.label | req.query.foo | +| express.js:146:16:146:24 | query.foo | semmle.label | query.foo | +| express.js:150:7:150:34 | target | semmle.label | target | +| express.js:150:16:150:34 | req.param("target") | semmle.label | req.param("target") | +| express.js:155:18:155:23 | target | semmle.label | target | +| express.js:160:18:160:23 | target | semmle.label | target | +| express.js:164:7:164:54 | myThing | semmle.label | myThing | +| express.js:164:17:164:41 | JSON.st ... .query) | semmle.label | JSON.st ... .query) | +| express.js:164:17:164:54 | JSON.st ... (1, -1) | semmle.label | JSON.st ... (1, -1) | +| express.js:164:32:164:40 | req.query | semmle.label | req.query | +| express.js:165:16:165:22 | myThing | semmle.label | myThing | +| koa.js:6:6:6:27 | url | semmle.label | url | +| koa.js:6:12:6:27 | ctx.query.target | semmle.label | ctx.query.target | +| koa.js:7:15:7:17 | url | semmle.label | url | +| koa.js:8:15:8:26 | `${url}${x}` | semmle.label | `${url}${x}` | +| koa.js:8:18:8:20 | url | semmle.label | url | +| koa.js:14:16:14:18 | url | semmle.label | url | +| koa.js:20:16:20:18 | url | semmle.label | url | +| next.ts:11:31:11:38 | req.body | semmle.label | req.body | +| next.ts:11:31:11:50 | req.body.callbackUrl | semmle.label | req.body.callbackUrl | +| node.js:5:7:5:52 | target | semmle.label | target | +| node.js:5:16:5:39 | url.par ... , true) | semmle.label | url.par ... , true) | +| node.js:5:26:5:32 | req.url | semmle.label | req.url | +| node.js:6:34:6:39 | target | semmle.label | target | +| node.js:10:7:10:52 | target | semmle.label | target | +| node.js:10:16:10:39 | url.par ... , true) | semmle.label | url.par ... , true) | +| node.js:10:26:10:32 | req.url | semmle.label | req.url | +| node.js:14:34:14:45 | '/' + target | semmle.label | '/' + target | +| node.js:14:40:14:45 | target | semmle.label | target | +| node.js:28:7:28:52 | target | semmle.label | target | +| node.js:28:16:28:39 | url.par ... , true) | semmle.label | url.par ... , true) | +| node.js:28:26:28:32 | req.url | semmle.label | req.url | +| node.js:31:34:31:39 | target | semmle.label | target | +| node.js:31:34:31:55 | target ... =" + me | semmle.label | target ... =" + me | +| react-native.js:7:7:7:33 | tainted | semmle.label | tainted | +| react-native.js:7:17:7:33 | req.param("code") | semmle.label | req.param("code") | +| react-native.js:8:17:8:23 | tainted | semmle.label | tainted | +| react-native.js:9:26:9:32 | tainted | semmle.label | tainted | +subpaths #select | ServerSideUrlRedirect.js:5:16:5:34 | req.query["target"] | ServerSideUrlRedirect.js:5:16:5:34 | req.query["target"] | ServerSideUrlRedirect.js:5:16:5:34 | req.query["target"] | Untrusted URL redirection depends on a $@. | ServerSideUrlRedirect.js:5:16:5:34 | req.query["target"] | user-provided value | +| ServerSideUrlRedirectGood2.js:18:18:18:23 | target | ServerSideUrlRedirectGood2.js:16:16:16:34 | req.query["target"] | ServerSideUrlRedirectGood2.js:18:18:18:23 | target | Untrusted URL redirection depends on a $@. | ServerSideUrlRedirectGood2.js:16:16:16:34 | req.query["target"] | user-provided value | | express.js:7:16:7:34 | req.param("target") | express.js:7:16:7:34 | req.param("target") | express.js:7:16:7:34 | req.param("target") | Untrusted URL redirection depends on a $@. | express.js:7:16:7:34 | req.param("target") | user-provided value | | express.js:12:26:12:44 | req.param("target") | express.js:12:26:12:44 | req.param("target") | express.js:12:26:12:44 | req.param("target") | Untrusted URL redirection depends on a $@. | express.js:12:26:12:44 | req.param("target") | user-provided value | +| express.js:30:18:30:23 | target | express.js:27:16:27:34 | req.param("target") | express.js:30:18:30:23 | target | Untrusted URL redirection depends on a $@. | express.js:27:16:27:34 | req.param("target") | user-provided value | | express.js:33:18:33:23 | target | express.js:27:16:27:34 | req.param("target") | express.js:33:18:33:23 | target | Untrusted URL redirection depends on a $@. | express.js:27:16:27:34 | req.param("target") | user-provided value | | express.js:35:16:35:21 | target | express.js:27:16:27:34 | req.param("target") | express.js:35:16:35:21 | target | Untrusted URL redirection depends on a $@. | express.js:27:16:27:34 | req.param("target") | user-provided value | | express.js:40:16:40:108 | (req.pa ... ntacts" | express.js:40:69:40:87 | req.param('action') | express.js:40:16:40:108 | (req.pa ... ntacts" | Untrusted URL redirection depends on a $@. | express.js:40:69:40:87 | req.param('action') | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-611/Xxe.expected b/javascript/ql/test/query-tests/Security/CWE-611/Xxe.expected index b625cd91449b..7bcfc58847a9 100644 --- a/javascript/ql/test/query-tests/Security/CWE-611/Xxe.expected +++ b/javascript/ql/test/query-tests/Security/CWE-611/Xxe.expected @@ -1,49 +1,21 @@ -nodes -| domparser.js:2:7:2:36 | src | -| domparser.js:2:13:2:36 | documen ... .search | -| domparser.js:2:13:2:36 | documen ... .search | -| domparser.js:11:55:11:57 | src | -| domparser.js:11:55:11:57 | src | -| domparser.js:14:57:14:59 | src | -| domparser.js:14:57:14:59 | src | -| libxml.noent.js:6:21:6:41 | req.par ... e-xml") | -| libxml.noent.js:6:21:6:41 | req.par ... e-xml") | -| libxml.noent.js:6:21:6:41 | req.par ... e-xml") | -| libxml.noent.js:11:21:11:41 | req.par ... e-xml") | -| libxml.noent.js:11:21:11:41 | req.par ... e-xml") | -| libxml.noent.js:11:21:11:41 | req.par ... e-xml") | -| libxml.noent.js:14:27:14:47 | req.par ... e-xml") | -| libxml.noent.js:14:27:14:47 | req.par ... e-xml") | -| libxml.noent.js:14:27:14:47 | req.par ... e-xml") | -| libxml.noent.js:16:27:16:35 | req.files | -| libxml.noent.js:16:27:16:35 | req.files | -| libxml.noent.js:16:27:16:44 | req.files.products | -| libxml.noent.js:16:27:16:49 | req.fil ... ts.data | -| libxml.noent.js:16:27:16:66 | req.fil ... 'utf8') | -| libxml.noent.js:16:27:16:66 | req.fil ... 'utf8') | -| libxml.sax.js:6:22:6:42 | req.par ... e-xml") | -| libxml.sax.js:6:22:6:42 | req.par ... e-xml") | -| libxml.sax.js:6:22:6:42 | req.par ... e-xml") | -| libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | -| libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | -| libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | edges -| domparser.js:2:7:2:36 | src | domparser.js:11:55:11:57 | src | -| domparser.js:2:7:2:36 | src | domparser.js:11:55:11:57 | src | -| domparser.js:2:7:2:36 | src | domparser.js:14:57:14:59 | src | -| domparser.js:2:7:2:36 | src | domparser.js:14:57:14:59 | src | -| domparser.js:2:13:2:36 | documen ... .search | domparser.js:2:7:2:36 | src | -| domparser.js:2:13:2:36 | documen ... .search | domparser.js:2:7:2:36 | src | -| libxml.noent.js:6:21:6:41 | req.par ... e-xml") | libxml.noent.js:6:21:6:41 | req.par ... e-xml") | -| libxml.noent.js:11:21:11:41 | req.par ... e-xml") | libxml.noent.js:11:21:11:41 | req.par ... e-xml") | -| libxml.noent.js:14:27:14:47 | req.par ... e-xml") | libxml.noent.js:14:27:14:47 | req.par ... e-xml") | -| libxml.noent.js:16:27:16:35 | req.files | libxml.noent.js:16:27:16:44 | req.files.products | -| libxml.noent.js:16:27:16:35 | req.files | libxml.noent.js:16:27:16:44 | req.files.products | -| libxml.noent.js:16:27:16:44 | req.files.products | libxml.noent.js:16:27:16:49 | req.fil ... ts.data | -| libxml.noent.js:16:27:16:49 | req.fil ... ts.data | libxml.noent.js:16:27:16:66 | req.fil ... 'utf8') | -| libxml.noent.js:16:27:16:49 | req.fil ... ts.data | libxml.noent.js:16:27:16:66 | req.fil ... 'utf8') | -| libxml.sax.js:6:22:6:42 | req.par ... e-xml") | libxml.sax.js:6:22:6:42 | req.par ... e-xml") | -| libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | +| domparser.js:2:7:2:36 | src | domparser.js:11:55:11:57 | src | provenance | | +| domparser.js:2:7:2:36 | src | domparser.js:14:57:14:59 | src | provenance | | +| domparser.js:2:13:2:36 | documen ... .search | domparser.js:2:7:2:36 | src | provenance | | +| libxml.noent.js:16:27:16:35 | req.files | libxml.noent.js:16:27:16:66 | req.fil ... 'utf8') | provenance | | +nodes +| domparser.js:2:7:2:36 | src | semmle.label | src | +| domparser.js:2:13:2:36 | documen ... .search | semmle.label | documen ... .search | +| domparser.js:11:55:11:57 | src | semmle.label | src | +| domparser.js:14:57:14:59 | src | semmle.label | src | +| libxml.noent.js:6:21:6:41 | req.par ... e-xml") | semmle.label | req.par ... e-xml") | +| libxml.noent.js:11:21:11:41 | req.par ... e-xml") | semmle.label | req.par ... e-xml") | +| libxml.noent.js:14:27:14:47 | req.par ... e-xml") | semmle.label | req.par ... e-xml") | +| libxml.noent.js:16:27:16:35 | req.files | semmle.label | req.files | +| libxml.noent.js:16:27:16:66 | req.fil ... 'utf8') | semmle.label | req.fil ... 'utf8') | +| libxml.sax.js:6:22:6:42 | req.par ... e-xml") | semmle.label | req.par ... e-xml") | +| libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | semmle.label | req.par ... e-xml") | +subpaths #select | domparser.js:11:55:11:57 | src | domparser.js:2:13:2:36 | documen ... .search | domparser.js:11:55:11:57 | src | XML parsing depends on a $@ without guarding against external entity expansion. | domparser.js:2:13:2:36 | documen ... .search | user-provided value | | domparser.js:14:57:14:59 | src | domparser.js:2:13:2:36 | documen ... .search | domparser.js:14:57:14:59 | src | XML parsing depends on a $@ without guarding against external entity expansion. | domparser.js:2:13:2:36 | documen ... .search | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.expected b/javascript/ql/test/query-tests/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.expected index c1ac8d456f28..1f3d5bd243d5 100644 --- a/javascript/ql/test/query-tests/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.expected +++ b/javascript/ql/test/query-tests/Security/CWE-640/HostHeaderPoisoningInEmailGeneration.expected @@ -1,21 +1,12 @@ -nodes -| tst.js:17:11:17:113 | `Hi, lo ... token}` | -| tst.js:17:11:17:113 | `Hi, lo ... token}` | -| tst.js:17:84:17:91 | req.host | -| tst.js:17:84:17:91 | req.host | -| tst.js:18:11:18:127 | `Hi, lo ... reset.` | -| tst.js:18:11:18:127 | `Hi, lo ... reset.` | -| tst.js:18:78:18:85 | req.host | -| tst.js:18:78:18:85 | req.host | edges -| tst.js:17:84:17:91 | req.host | tst.js:17:11:17:113 | `Hi, lo ... token}` | -| tst.js:17:84:17:91 | req.host | tst.js:17:11:17:113 | `Hi, lo ... token}` | -| tst.js:17:84:17:91 | req.host | tst.js:17:11:17:113 | `Hi, lo ... token}` | -| tst.js:17:84:17:91 | req.host | tst.js:17:11:17:113 | `Hi, lo ... token}` | -| tst.js:18:78:18:85 | req.host | tst.js:18:11:18:127 | `Hi, lo ... reset.` | -| tst.js:18:78:18:85 | req.host | tst.js:18:11:18:127 | `Hi, lo ... reset.` | -| tst.js:18:78:18:85 | req.host | tst.js:18:11:18:127 | `Hi, lo ... reset.` | -| tst.js:18:78:18:85 | req.host | tst.js:18:11:18:127 | `Hi, lo ... reset.` | +| tst.js:17:84:17:91 | req.host | tst.js:17:11:17:113 | `Hi, lo ... token}` | provenance | | +| tst.js:18:78:18:85 | req.host | tst.js:18:11:18:127 | `Hi, lo ... reset.` | provenance | | +nodes +| tst.js:17:11:17:113 | `Hi, lo ... token}` | semmle.label | `Hi, lo ... token}` | +| tst.js:17:84:17:91 | req.host | semmle.label | req.host | +| tst.js:18:11:18:127 | `Hi, lo ... reset.` | semmle.label | `Hi, lo ... reset.` | +| tst.js:18:78:18:85 | req.host | semmle.label | req.host | +subpaths #select | tst.js:17:11:17:113 | `Hi, lo ... token}` | tst.js:17:84:17:91 | req.host | tst.js:17:11:17:113 | `Hi, lo ... token}` | Links in this email can be hijacked by poisoning the $@. | tst.js:17:84:17:91 | req.host | HTTP host header | | tst.js:18:11:18:127 | `Hi, lo ... reset.` | tst.js:18:78:18:85 | req.host | tst.js:18:11:18:127 | `Hi, lo ... reset.` | Links in this email can be hijacked by poisoning the $@. | tst.js:18:78:18:85 | req.host | HTTP host header | diff --git a/javascript/ql/test/query-tests/Security/CWE-643/XpathInjection.expected b/javascript/ql/test/query-tests/Security/CWE-643/XpathInjection.expected index f2e28eb3703c..c28b6cf57cb4 100644 --- a/javascript/ql/test/query-tests/Security/CWE-643/XpathInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-643/XpathInjection.expected @@ -1,50 +1,31 @@ -nodes -| XpathInjectionBad.js:6:7:6:38 | userName | -| XpathInjectionBad.js:6:18:6:38 | req.par ... rName") | -| XpathInjectionBad.js:6:18:6:38 | req.par ... rName") | -| XpathInjectionBad.js:9:34:9:96 | "//user ... text()" | -| XpathInjectionBad.js:9:34:9:96 | "//user ... text()" | -| XpathInjectionBad.js:9:66:9:73 | userName | -| tst2.js:1:13:1:34 | documen ... on.hash | -| tst2.js:1:13:1:34 | documen ... on.hash | -| tst2.js:1:13:1:47 | documen ... ring(1) | -| tst2.js:2:27:2:31 | query | -| tst2.js:2:27:2:31 | query | -| tst2.js:3:19:3:23 | query | -| tst2.js:3:19:3:23 | query | -| tst.js:6:7:6:37 | tainted | -| tst.js:6:17:6:37 | req.par ... rName") | -| tst.js:6:17:6:37 | req.par ... rName") | -| tst.js:7:15:7:21 | tainted | -| tst.js:7:15:7:21 | tainted | -| tst.js:8:16:8:22 | tainted | -| tst.js:8:16:8:22 | tainted | -| tst.js:9:17:9:23 | tainted | -| tst.js:9:17:9:23 | tainted | -| tst.js:11:8:11:14 | tainted | -| tst.js:11:8:11:14 | tainted | edges -| XpathInjectionBad.js:6:7:6:38 | userName | XpathInjectionBad.js:9:66:9:73 | userName | -| XpathInjectionBad.js:6:18:6:38 | req.par ... rName") | XpathInjectionBad.js:6:7:6:38 | userName | -| XpathInjectionBad.js:6:18:6:38 | req.par ... rName") | XpathInjectionBad.js:6:7:6:38 | userName | -| XpathInjectionBad.js:9:66:9:73 | userName | XpathInjectionBad.js:9:34:9:96 | "//user ... text()" | -| XpathInjectionBad.js:9:66:9:73 | userName | XpathInjectionBad.js:9:34:9:96 | "//user ... text()" | -| tst2.js:1:13:1:34 | documen ... on.hash | tst2.js:1:13:1:47 | documen ... ring(1) | -| tst2.js:1:13:1:34 | documen ... on.hash | tst2.js:1:13:1:47 | documen ... ring(1) | -| tst2.js:1:13:1:47 | documen ... ring(1) | tst2.js:2:27:2:31 | query | -| tst2.js:1:13:1:47 | documen ... ring(1) | tst2.js:2:27:2:31 | query | -| tst2.js:1:13:1:47 | documen ... ring(1) | tst2.js:3:19:3:23 | query | -| tst2.js:1:13:1:47 | documen ... ring(1) | tst2.js:3:19:3:23 | query | -| tst.js:6:7:6:37 | tainted | tst.js:7:15:7:21 | tainted | -| tst.js:6:7:6:37 | tainted | tst.js:7:15:7:21 | tainted | -| tst.js:6:7:6:37 | tainted | tst.js:8:16:8:22 | tainted | -| tst.js:6:7:6:37 | tainted | tst.js:8:16:8:22 | tainted | -| tst.js:6:7:6:37 | tainted | tst.js:9:17:9:23 | tainted | -| tst.js:6:7:6:37 | tainted | tst.js:9:17:9:23 | tainted | -| tst.js:6:7:6:37 | tainted | tst.js:11:8:11:14 | tainted | -| tst.js:6:7:6:37 | tainted | tst.js:11:8:11:14 | tainted | -| tst.js:6:17:6:37 | req.par ... rName") | tst.js:6:7:6:37 | tainted | -| tst.js:6:17:6:37 | req.par ... rName") | tst.js:6:7:6:37 | tainted | +| XpathInjectionBad.js:6:7:6:38 | userName | XpathInjectionBad.js:9:66:9:73 | userName | provenance | | +| XpathInjectionBad.js:6:18:6:38 | req.par ... rName") | XpathInjectionBad.js:6:7:6:38 | userName | provenance | | +| XpathInjectionBad.js:9:66:9:73 | userName | XpathInjectionBad.js:9:34:9:96 | "//user ... text()" | provenance | | +| tst2.js:1:13:1:34 | documen ... on.hash | tst2.js:1:13:1:47 | documen ... ring(1) | provenance | | +| tst2.js:1:13:1:47 | documen ... ring(1) | tst2.js:2:27:2:31 | query | provenance | | +| tst2.js:1:13:1:47 | documen ... ring(1) | tst2.js:3:19:3:23 | query | provenance | | +| tst.js:6:7:6:37 | tainted | tst.js:7:15:7:21 | tainted | provenance | | +| tst.js:6:7:6:37 | tainted | tst.js:8:16:8:22 | tainted | provenance | | +| tst.js:6:7:6:37 | tainted | tst.js:9:17:9:23 | tainted | provenance | | +| tst.js:6:7:6:37 | tainted | tst.js:11:8:11:14 | tainted | provenance | | +| tst.js:6:17:6:37 | req.par ... rName") | tst.js:6:7:6:37 | tainted | provenance | | +nodes +| XpathInjectionBad.js:6:7:6:38 | userName | semmle.label | userName | +| XpathInjectionBad.js:6:18:6:38 | req.par ... rName") | semmle.label | req.par ... rName") | +| XpathInjectionBad.js:9:34:9:96 | "//user ... text()" | semmle.label | "//user ... text()" | +| XpathInjectionBad.js:9:66:9:73 | userName | semmle.label | userName | +| tst2.js:1:13:1:34 | documen ... on.hash | semmle.label | documen ... on.hash | +| tst2.js:1:13:1:47 | documen ... ring(1) | semmle.label | documen ... ring(1) | +| tst2.js:2:27:2:31 | query | semmle.label | query | +| tst2.js:3:19:3:23 | query | semmle.label | query | +| tst.js:6:7:6:37 | tainted | semmle.label | tainted | +| tst.js:6:17:6:37 | req.par ... rName") | semmle.label | req.par ... rName") | +| tst.js:7:15:7:21 | tainted | semmle.label | tainted | +| tst.js:8:16:8:22 | tainted | semmle.label | tainted | +| tst.js:9:17:9:23 | tainted | semmle.label | tainted | +| tst.js:11:8:11:14 | tainted | semmle.label | tainted | +subpaths #select | XpathInjectionBad.js:9:34:9:96 | "//user ... text()" | XpathInjectionBad.js:6:18:6:38 | req.par ... rName") | XpathInjectionBad.js:9:34:9:96 | "//user ... text()" | XPath expression depends on a $@. | XpathInjectionBad.js:6:18:6:38 | req.par ... rName") | user-provided value | | tst2.js:2:27:2:31 | query | tst2.js:1:13:1:34 | documen ... on.hash | tst2.js:2:27:2:31 | query | XPath expression depends on a $@. | tst2.js:1:13:1:34 | documen ... on.hash | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-730/RegExpInjection.expected b/javascript/ql/test/query-tests/Security/CWE-730/RegExpInjection.expected index 391be36fbb90..14a519151625 100644 --- a/javascript/ql/test/query-tests/Security/CWE-730/RegExpInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-730/RegExpInjection.expected @@ -1,148 +1,103 @@ -nodes -| RegExpInjection.js:5:7:5:28 | key | -| RegExpInjection.js:5:13:5:28 | req.param("key") | -| RegExpInjection.js:5:13:5:28 | req.param("key") | -| RegExpInjection.js:5:31:5:56 | input | -| RegExpInjection.js:5:39:5:56 | req.param("input") | -| RegExpInjection.js:5:39:5:56 | req.param("input") | -| RegExpInjection.js:8:23:8:45 | "\\\\b" + ... (.*)\\n" | -| RegExpInjection.js:8:23:8:45 | "\\\\b" + ... (.*)\\n" | -| RegExpInjection.js:8:31:8:33 | key | -| RegExpInjection.js:19:14:19:22 | wrap(key) | -| RegExpInjection.js:19:14:19:22 | wrap(key) | -| RegExpInjection.js:19:19:19:21 | key | -| RegExpInjection.js:21:14:21:22 | wrap(key) | -| RegExpInjection.js:21:14:21:22 | wrap(key) | -| RegExpInjection.js:21:19:21:21 | key | -| RegExpInjection.js:24:12:24:27 | req.param("key") | -| RegExpInjection.js:24:12:24:27 | req.param("key") | -| RegExpInjection.js:27:14:27:21 | getKey() | -| RegExpInjection.js:27:14:27:21 | getKey() | -| RegExpInjection.js:29:21:29:21 | s | -| RegExpInjection.js:29:21:29:21 | s | -| RegExpInjection.js:31:23:31:23 | s | -| RegExpInjection.js:31:23:31:23 | s | -| RegExpInjection.js:31:23:31:23 | s | -| RegExpInjection.js:33:12:33:14 | key | -| RegExpInjection.js:34:12:34:19 | getKey() | -| RegExpInjection.js:40:23:40:27 | input | -| RegExpInjection.js:40:23:40:27 | input | -| RegExpInjection.js:41:26:41:30 | input | -| RegExpInjection.js:41:26:41:30 | input | -| RegExpInjection.js:42:25:42:29 | input | -| RegExpInjection.js:42:25:42:29 | input | -| RegExpInjection.js:45:24:45:28 | input | -| RegExpInjection.js:45:24:45:28 | input | -| RegExpInjection.js:46:27:46:31 | input | -| RegExpInjection.js:46:27:46:31 | input | -| RegExpInjection.js:47:26:47:30 | input | -| RegExpInjection.js:47:26:47:30 | input | -| RegExpInjection.js:54:14:54:16 | key | -| RegExpInjection.js:54:14:54:27 | key.split(".") | -| RegExpInjection.js:54:14:54:42 | key.spl ... x => x) | -| RegExpInjection.js:54:14:54:52 | key.spl ... in("-") | -| RegExpInjection.js:54:14:54:52 | key.spl ... in("-") | -| RegExpInjection.js:60:31:60:56 | input | -| RegExpInjection.js:60:39:60:56 | req.param("input") | -| RegExpInjection.js:60:39:60:56 | req.param("input") | -| RegExpInjection.js:64:14:64:18 | input | -| RegExpInjection.js:64:14:64:18 | input | -| RegExpInjection.js:82:7:82:32 | input | -| RegExpInjection.js:82:15:82:32 | req.param("input") | -| RegExpInjection.js:82:15:82:32 | req.param("input") | -| RegExpInjection.js:87:14:87:55 | "^.*\\.( ... + ")$" | -| RegExpInjection.js:87:14:87:55 | "^.*\\.( ... + ")$" | -| RegExpInjection.js:87:25:87:29 | input | -| RegExpInjection.js:87:25:87:48 | input.r ... g, "\|") | -| RegExpInjection.js:91:16:91:50 | `^${pro ... r.app$` | -| RegExpInjection.js:91:16:91:50 | `^${pro ... r.app$` | -| RegExpInjection.js:91:20:91:30 | process.env | -| RegExpInjection.js:91:20:91:30 | process.env | -| RegExpInjection.js:91:20:91:35 | process.env.HOME | -| RegExpInjection.js:93:16:93:49 | `^${pro ... r.app$` | -| RegExpInjection.js:93:16:93:49 | `^${pro ... r.app$` | -| RegExpInjection.js:93:20:93:31 | process.argv | -| RegExpInjection.js:93:20:93:31 | process.argv | -| RegExpInjection.js:93:20:93:34 | process.argv[1] | -| tst.js:1:46:1:46 | e | -| tst.js:1:46:1:46 | e | -| tst.js:2:9:2:21 | data | -| tst.js:2:16:2:16 | e | -| tst.js:2:16:2:21 | e.data | -| tst.js:3:16:3:35 | "^"+ data.name + "$" | -| tst.js:3:16:3:35 | "^"+ data.name + "$" | -| tst.js:3:21:3:24 | data | -| tst.js:3:21:3:29 | data.name | edges -| RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:8:31:8:33 | key | -| RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:19:19:19:21 | key | -| RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:21:19:21:21 | key | -| RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:33:12:33:14 | key | -| RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:54:14:54:16 | key | -| RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:5:7:5:28 | key | -| RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:5:7:5:28 | key | -| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:40:23:40:27 | input | -| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:40:23:40:27 | input | -| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:41:26:41:30 | input | -| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:41:26:41:30 | input | -| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:42:25:42:29 | input | -| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:42:25:42:29 | input | -| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:45:24:45:28 | input | -| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:45:24:45:28 | input | -| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:46:27:46:31 | input | -| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:46:27:46:31 | input | -| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:47:26:47:30 | input | -| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:47:26:47:30 | input | -| RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:5:31:5:56 | input | -| RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:5:31:5:56 | input | -| RegExpInjection.js:8:31:8:33 | key | RegExpInjection.js:8:23:8:45 | "\\\\b" + ... (.*)\\n" | -| RegExpInjection.js:8:31:8:33 | key | RegExpInjection.js:8:23:8:45 | "\\\\b" + ... (.*)\\n" | -| RegExpInjection.js:19:19:19:21 | key | RegExpInjection.js:19:14:19:22 | wrap(key) | -| RegExpInjection.js:19:19:19:21 | key | RegExpInjection.js:19:14:19:22 | wrap(key) | -| RegExpInjection.js:21:19:21:21 | key | RegExpInjection.js:21:14:21:22 | wrap(key) | -| RegExpInjection.js:21:19:21:21 | key | RegExpInjection.js:21:14:21:22 | wrap(key) | -| RegExpInjection.js:24:12:24:27 | req.param("key") | RegExpInjection.js:27:14:27:21 | getKey() | -| RegExpInjection.js:24:12:24:27 | req.param("key") | RegExpInjection.js:27:14:27:21 | getKey() | -| RegExpInjection.js:24:12:24:27 | req.param("key") | RegExpInjection.js:27:14:27:21 | getKey() | -| RegExpInjection.js:24:12:24:27 | req.param("key") | RegExpInjection.js:27:14:27:21 | getKey() | -| RegExpInjection.js:24:12:24:27 | req.param("key") | RegExpInjection.js:34:12:34:19 | getKey() | -| RegExpInjection.js:24:12:24:27 | req.param("key") | RegExpInjection.js:34:12:34:19 | getKey() | -| RegExpInjection.js:29:21:29:21 | s | RegExpInjection.js:31:23:31:23 | s | -| RegExpInjection.js:29:21:29:21 | s | RegExpInjection.js:31:23:31:23 | s | -| RegExpInjection.js:29:21:29:21 | s | RegExpInjection.js:31:23:31:23 | s | -| RegExpInjection.js:29:21:29:21 | s | RegExpInjection.js:31:23:31:23 | s | -| RegExpInjection.js:33:12:33:14 | key | RegExpInjection.js:29:21:29:21 | s | -| RegExpInjection.js:34:12:34:19 | getKey() | RegExpInjection.js:29:21:29:21 | s | -| RegExpInjection.js:54:14:54:16 | key | RegExpInjection.js:54:14:54:27 | key.split(".") | -| RegExpInjection.js:54:14:54:27 | key.split(".") | RegExpInjection.js:54:14:54:42 | key.spl ... x => x) | -| RegExpInjection.js:54:14:54:42 | key.spl ... x => x) | RegExpInjection.js:54:14:54:52 | key.spl ... in("-") | -| RegExpInjection.js:54:14:54:42 | key.spl ... x => x) | RegExpInjection.js:54:14:54:52 | key.spl ... in("-") | -| RegExpInjection.js:60:31:60:56 | input | RegExpInjection.js:64:14:64:18 | input | -| RegExpInjection.js:60:31:60:56 | input | RegExpInjection.js:64:14:64:18 | input | -| RegExpInjection.js:60:39:60:56 | req.param("input") | RegExpInjection.js:60:31:60:56 | input | -| RegExpInjection.js:60:39:60:56 | req.param("input") | RegExpInjection.js:60:31:60:56 | input | -| RegExpInjection.js:82:7:82:32 | input | RegExpInjection.js:87:25:87:29 | input | -| RegExpInjection.js:82:15:82:32 | req.param("input") | RegExpInjection.js:82:7:82:32 | input | -| RegExpInjection.js:82:15:82:32 | req.param("input") | RegExpInjection.js:82:7:82:32 | input | -| RegExpInjection.js:87:25:87:29 | input | RegExpInjection.js:87:25:87:48 | input.r ... g, "\|") | -| RegExpInjection.js:87:25:87:48 | input.r ... g, "\|") | RegExpInjection.js:87:14:87:55 | "^.*\\.( ... + ")$" | -| RegExpInjection.js:87:25:87:48 | input.r ... g, "\|") | RegExpInjection.js:87:14:87:55 | "^.*\\.( ... + ")$" | -| RegExpInjection.js:91:20:91:30 | process.env | RegExpInjection.js:91:20:91:35 | process.env.HOME | -| RegExpInjection.js:91:20:91:30 | process.env | RegExpInjection.js:91:20:91:35 | process.env.HOME | -| RegExpInjection.js:91:20:91:35 | process.env.HOME | RegExpInjection.js:91:16:91:50 | `^${pro ... r.app$` | -| RegExpInjection.js:91:20:91:35 | process.env.HOME | RegExpInjection.js:91:16:91:50 | `^${pro ... r.app$` | -| RegExpInjection.js:93:20:93:31 | process.argv | RegExpInjection.js:93:20:93:34 | process.argv[1] | -| RegExpInjection.js:93:20:93:31 | process.argv | RegExpInjection.js:93:20:93:34 | process.argv[1] | -| RegExpInjection.js:93:20:93:34 | process.argv[1] | RegExpInjection.js:93:16:93:49 | `^${pro ... r.app$` | -| RegExpInjection.js:93:20:93:34 | process.argv[1] | RegExpInjection.js:93:16:93:49 | `^${pro ... r.app$` | -| tst.js:1:46:1:46 | e | tst.js:2:16:2:16 | e | -| tst.js:1:46:1:46 | e | tst.js:2:16:2:16 | e | -| tst.js:2:9:2:21 | data | tst.js:3:21:3:24 | data | -| tst.js:2:16:2:16 | e | tst.js:2:16:2:21 | e.data | -| tst.js:2:16:2:21 | e.data | tst.js:2:9:2:21 | data | -| tst.js:3:21:3:24 | data | tst.js:3:21:3:29 | data.name | -| tst.js:3:21:3:29 | data.name | tst.js:3:16:3:35 | "^"+ data.name + "$" | -| tst.js:3:21:3:29 | data.name | tst.js:3:16:3:35 | "^"+ data.name + "$" | +| RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:8:31:8:33 | key | provenance | | +| RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:19:19:19:21 | key | provenance | | +| RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:21:19:21:21 | key | provenance | | +| RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:33:12:33:14 | key | provenance | | +| RegExpInjection.js:5:7:5:28 | key | RegExpInjection.js:54:14:54:16 | key | provenance | | +| RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:5:7:5:28 | key | provenance | | +| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:40:23:40:27 | input | provenance | | +| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:41:26:41:30 | input | provenance | | +| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:42:25:42:29 | input | provenance | | +| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:45:24:45:28 | input | provenance | | +| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:46:27:46:31 | input | provenance | | +| RegExpInjection.js:5:31:5:56 | input | RegExpInjection.js:47:26:47:30 | input | provenance | | +| RegExpInjection.js:5:39:5:56 | req.param("input") | RegExpInjection.js:5:31:5:56 | input | provenance | | +| RegExpInjection.js:8:31:8:33 | key | RegExpInjection.js:8:23:8:45 | "\\\\b" + ... (.*)\\n" | provenance | | +| RegExpInjection.js:10:17:10:17 | s | RegExpInjection.js:11:26:11:26 | s | provenance | | +| RegExpInjection.js:11:20:11:27 | wrap2(s) | RegExpInjection.js:11:12:11:27 | "\\\\b" + wrap2(s) | provenance | | +| RegExpInjection.js:11:26:11:26 | s | RegExpInjection.js:11:20:11:27 | wrap2(s) | provenance | | +| RegExpInjection.js:11:26:11:26 | s | RegExpInjection.js:14:18:14:18 | s | provenance | | +| RegExpInjection.js:14:18:14:18 | s | RegExpInjection.js:15:12:15:12 | s | provenance | | +| RegExpInjection.js:15:12:15:12 | s | RegExpInjection.js:15:12:15:24 | s + "=(.*)\\n" | provenance | | +| RegExpInjection.js:19:19:19:21 | key | RegExpInjection.js:10:17:10:17 | s | provenance | | +| RegExpInjection.js:19:19:19:21 | key | RegExpInjection.js:19:14:19:22 | wrap(key) | provenance | | +| RegExpInjection.js:21:19:21:21 | key | RegExpInjection.js:10:17:10:17 | s | provenance | | +| RegExpInjection.js:21:19:21:21 | key | RegExpInjection.js:21:14:21:22 | wrap(key) | provenance | | +| RegExpInjection.js:24:12:24:27 | req.param("key") | RegExpInjection.js:27:14:27:21 | getKey() | provenance | | +| RegExpInjection.js:24:12:24:27 | req.param("key") | RegExpInjection.js:34:12:34:19 | getKey() | provenance | | +| RegExpInjection.js:29:21:29:21 | s | RegExpInjection.js:31:23:31:23 | s | provenance | | +| RegExpInjection.js:33:12:33:14 | key | RegExpInjection.js:29:21:29:21 | s | provenance | | +| RegExpInjection.js:34:12:34:19 | getKey() | RegExpInjection.js:29:21:29:21 | s | provenance | | +| RegExpInjection.js:54:14:54:16 | key | RegExpInjection.js:54:14:54:27 | key.split(".") | provenance | | +| RegExpInjection.js:54:14:54:27 | key.split(".") | RegExpInjection.js:54:14:54:42 | key.spl ... x => x) | provenance | | +| RegExpInjection.js:54:14:54:42 | key.spl ... x => x) | RegExpInjection.js:54:14:54:52 | key.spl ... in("-") | provenance | | +| RegExpInjection.js:60:31:60:56 | input | RegExpInjection.js:64:14:64:18 | input | provenance | | +| RegExpInjection.js:60:39:60:56 | req.param("input") | RegExpInjection.js:60:31:60:56 | input | provenance | | +| RegExpInjection.js:82:7:82:32 | input | RegExpInjection.js:87:25:87:29 | input | provenance | | +| RegExpInjection.js:82:15:82:32 | req.param("input") | RegExpInjection.js:82:7:82:32 | input | provenance | | +| RegExpInjection.js:87:25:87:29 | input | RegExpInjection.js:87:25:87:48 | input.r ... g, "\|") | provenance | | +| RegExpInjection.js:87:25:87:48 | input.r ... g, "\|") | RegExpInjection.js:87:14:87:55 | "^.*\\.( ... + ")$" | provenance | | +| RegExpInjection.js:91:20:91:30 | process.env | RegExpInjection.js:91:16:91:50 | `^${pro ... r.app$` | provenance | | +| RegExpInjection.js:93:20:93:31 | process.argv | RegExpInjection.js:93:16:93:49 | `^${pro ... r.app$` | provenance | | +| tst.js:1:46:1:46 | e | tst.js:2:16:2:16 | e | provenance | | +| tst.js:2:9:2:21 | data | tst.js:3:21:3:24 | data | provenance | | +| tst.js:2:16:2:16 | e | tst.js:2:9:2:21 | data | provenance | | +| tst.js:3:21:3:24 | data | tst.js:3:16:3:35 | "^"+ data.name + "$" | provenance | | +nodes +| RegExpInjection.js:5:7:5:28 | key | semmle.label | key | +| RegExpInjection.js:5:13:5:28 | req.param("key") | semmle.label | req.param("key") | +| RegExpInjection.js:5:31:5:56 | input | semmle.label | input | +| RegExpInjection.js:5:39:5:56 | req.param("input") | semmle.label | req.param("input") | +| RegExpInjection.js:8:23:8:45 | "\\\\b" + ... (.*)\\n" | semmle.label | "\\\\b" + ... (.*)\\n" | +| RegExpInjection.js:8:31:8:33 | key | semmle.label | key | +| RegExpInjection.js:10:17:10:17 | s | semmle.label | s | +| RegExpInjection.js:11:12:11:27 | "\\\\b" + wrap2(s) | semmle.label | "\\\\b" + wrap2(s) | +| RegExpInjection.js:11:20:11:27 | wrap2(s) | semmle.label | wrap2(s) | +| RegExpInjection.js:11:26:11:26 | s | semmle.label | s | +| RegExpInjection.js:14:18:14:18 | s | semmle.label | s | +| RegExpInjection.js:15:12:15:12 | s | semmle.label | s | +| RegExpInjection.js:15:12:15:24 | s + "=(.*)\\n" | semmle.label | s + "=(.*)\\n" | +| RegExpInjection.js:19:14:19:22 | wrap(key) | semmle.label | wrap(key) | +| RegExpInjection.js:19:19:19:21 | key | semmle.label | key | +| RegExpInjection.js:21:14:21:22 | wrap(key) | semmle.label | wrap(key) | +| RegExpInjection.js:21:19:21:21 | key | semmle.label | key | +| RegExpInjection.js:24:12:24:27 | req.param("key") | semmle.label | req.param("key") | +| RegExpInjection.js:27:14:27:21 | getKey() | semmle.label | getKey() | +| RegExpInjection.js:29:21:29:21 | s | semmle.label | s | +| RegExpInjection.js:31:23:31:23 | s | semmle.label | s | +| RegExpInjection.js:33:12:33:14 | key | semmle.label | key | +| RegExpInjection.js:34:12:34:19 | getKey() | semmle.label | getKey() | +| RegExpInjection.js:40:23:40:27 | input | semmle.label | input | +| RegExpInjection.js:41:26:41:30 | input | semmle.label | input | +| RegExpInjection.js:42:25:42:29 | input | semmle.label | input | +| RegExpInjection.js:45:24:45:28 | input | semmle.label | input | +| RegExpInjection.js:46:27:46:31 | input | semmle.label | input | +| RegExpInjection.js:47:26:47:30 | input | semmle.label | input | +| RegExpInjection.js:54:14:54:16 | key | semmle.label | key | +| RegExpInjection.js:54:14:54:27 | key.split(".") | semmle.label | key.split(".") | +| RegExpInjection.js:54:14:54:42 | key.spl ... x => x) | semmle.label | key.spl ... x => x) | +| RegExpInjection.js:54:14:54:52 | key.spl ... in("-") | semmle.label | key.spl ... in("-") | +| RegExpInjection.js:60:31:60:56 | input | semmle.label | input | +| RegExpInjection.js:60:39:60:56 | req.param("input") | semmle.label | req.param("input") | +| RegExpInjection.js:64:14:64:18 | input | semmle.label | input | +| RegExpInjection.js:82:7:82:32 | input | semmle.label | input | +| RegExpInjection.js:82:15:82:32 | req.param("input") | semmle.label | req.param("input") | +| RegExpInjection.js:87:14:87:55 | "^.*\\.( ... + ")$" | semmle.label | "^.*\\.( ... + ")$" | +| RegExpInjection.js:87:25:87:29 | input | semmle.label | input | +| RegExpInjection.js:87:25:87:48 | input.r ... g, "\|") | semmle.label | input.r ... g, "\|") | +| RegExpInjection.js:91:16:91:50 | `^${pro ... r.app$` | semmle.label | `^${pro ... r.app$` | +| RegExpInjection.js:91:20:91:30 | process.env | semmle.label | process.env | +| RegExpInjection.js:93:16:93:49 | `^${pro ... r.app$` | semmle.label | `^${pro ... r.app$` | +| RegExpInjection.js:93:20:93:31 | process.argv | semmle.label | process.argv | +| tst.js:1:46:1:46 | e | semmle.label | e | +| tst.js:2:9:2:21 | data | semmle.label | data | +| tst.js:2:16:2:16 | e | semmle.label | e | +| tst.js:3:16:3:35 | "^"+ data.name + "$" | semmle.label | "^"+ data.name + "$" | +| tst.js:3:21:3:24 | data | semmle.label | data | +subpaths +| RegExpInjection.js:11:26:11:26 | s | RegExpInjection.js:14:18:14:18 | s | RegExpInjection.js:15:12:15:24 | s + "=(.*)\\n" | RegExpInjection.js:11:20:11:27 | wrap2(s) | +| RegExpInjection.js:19:19:19:21 | key | RegExpInjection.js:10:17:10:17 | s | RegExpInjection.js:11:12:11:27 | "\\\\b" + wrap2(s) | RegExpInjection.js:19:14:19:22 | wrap(key) | +| RegExpInjection.js:21:19:21:21 | key | RegExpInjection.js:10:17:10:17 | s | RegExpInjection.js:11:12:11:27 | "\\\\b" + wrap2(s) | RegExpInjection.js:21:14:21:22 | wrap(key) | #select | RegExpInjection.js:8:23:8:45 | "\\\\b" + ... (.*)\\n" | RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:8:23:8:45 | "\\\\b" + ... (.*)\\n" | This regular expression is constructed from a $@. | RegExpInjection.js:5:13:5:28 | req.param("key") | user-provided value | | RegExpInjection.js:19:14:19:22 | wrap(key) | RegExpInjection.js:5:13:5:28 | req.param("key") | RegExpInjection.js:19:14:19:22 | wrap(key) | This regular expression is constructed from a $@. | RegExpInjection.js:5:13:5:28 | req.param("key") | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-754/UnvalidatedDynamicMethodCall.expected b/javascript/ql/test/query-tests/Security/CWE-754/UnvalidatedDynamicMethodCall.expected index cd3f5d60a355..120f9a82e71a 100644 --- a/javascript/ql/test/query-tests/Security/CWE-754/UnvalidatedDynamicMethodCall.expected +++ b/javascript/ql/test/query-tests/Security/CWE-754/UnvalidatedDynamicMethodCall.expected @@ -1,189 +1,120 @@ nodes -| UnsafeDynamicMethodAccess.js:5:37:5:38 | ev | -| UnsafeDynamicMethodAccess.js:5:37:5:38 | ev | -| UnsafeDynamicMethodAccess.js:6:9:6:37 | message | -| UnsafeDynamicMethodAccess.js:6:19:6:37 | JSON.parse(ev.data) | -| UnsafeDynamicMethodAccess.js:6:30:6:31 | ev | -| UnsafeDynamicMethodAccess.js:6:30:6:36 | ev.data | -| UnsafeDynamicMethodAccess.js:15:5:15:21 | obj[message.name] | -| UnsafeDynamicMethodAccess.js:15:5:15:21 | obj[message.name] | -| UnsafeDynamicMethodAccess.js:15:5:15:21 | obj[message.name] | -| UnsafeDynamicMethodAccess.js:15:9:15:15 | message | -| UnsafeDynamicMethodAccess.js:15:9:15:20 | message.name | -| UnvalidatedDynamicMethodCall2.js:13:9:13:47 | action | -| UnvalidatedDynamicMethodCall2.js:13:18:13:47 | actions ... action) | -| UnvalidatedDynamicMethodCall2.js:13:30:13:46 | req.params.action | -| UnvalidatedDynamicMethodCall2.js:13:30:13:46 | req.params.action | -| UnvalidatedDynamicMethodCall2.js:14:13:14:18 | action | -| UnvalidatedDynamicMethodCall2.js:14:13:14:18 | action | -| UnvalidatedDynamicMethodCall.js:14:7:14:41 | action | -| UnvalidatedDynamicMethodCall.js:14:7:14:41 | action | -| UnvalidatedDynamicMethodCall.js:14:16:14:41 | actions ... action] | -| UnvalidatedDynamicMethodCall.js:14:16:14:41 | actions ... action] | -| UnvalidatedDynamicMethodCall.js:14:24:14:40 | req.params.action | -| UnvalidatedDynamicMethodCall.js:14:24:14:40 | req.params.action | -| UnvalidatedDynamicMethodCall.js:15:11:15:16 | action | -| UnvalidatedDynamicMethodCall.js:15:11:15:16 | action | -| UnvalidatedDynamicMethodCall.js:15:11:15:16 | action | -| UnvalidatedDynamicMethodCallGood4.js:14:13:14:51 | action | -| UnvalidatedDynamicMethodCallGood4.js:14:22:14:51 | actions ... action) | -| UnvalidatedDynamicMethodCallGood4.js:14:34:14:50 | req.params.action | -| UnvalidatedDynamicMethodCallGood4.js:14:34:14:50 | req.params.action | -| UnvalidatedDynamicMethodCallGood4.js:15:17:15:22 | action | -| UnvalidatedDynamicMethodCallGood4.js:15:17:15:22 | action | -| tst.js:6:39:6:40 | ev | -| tst.js:6:39:6:40 | ev | -| tst.js:7:9:7:39 | name | -| tst.js:7:16:7:34 | JSON.parse(ev.data) | -| tst.js:7:16:7:39 | JSON.pa ... a).name | -| tst.js:7:27:7:28 | ev | -| tst.js:7:27:7:33 | ev.data | -| tst.js:9:5:9:16 | obj[ev.data] | -| tst.js:9:5:9:16 | obj[ev.data] | -| tst.js:9:5:9:16 | obj[ev.data] | -| tst.js:9:9:9:10 | ev | -| tst.js:9:9:9:15 | ev.data | -| tst.js:11:5:11:13 | obj[name] | -| tst.js:11:5:11:13 | obj[name] | -| tst.js:11:5:11:13 | obj[name] | -| tst.js:11:9:11:12 | name | -| tst.js:17:9:17:22 | fn | -| tst.js:17:9:17:22 | fn | -| tst.js:17:14:17:22 | obj[name] | -| tst.js:17:14:17:22 | obj[name] | -| tst.js:17:18:17:21 | name | -| tst.js:18:5:18:6 | fn | -| tst.js:18:5:18:6 | fn | -| tst.js:18:5:18:6 | fn | -| tst.js:20:7:20:8 | fn | -| tst.js:20:7:20:8 | fn | -| tst.js:21:7:21:15 | obj[name] | -| tst.js:21:7:21:15 | obj[name] | -| tst.js:21:7:21:15 | obj[name] | -| tst.js:21:11:21:14 | name | -| tst.js:22:11:22:12 | fn | -| tst.js:22:11:22:12 | fn | -| tst.js:26:7:26:15 | obj[name] | -| tst.js:26:7:26:15 | obj[name] | -| tst.js:26:7:26:15 | obj[name] | -| tst.js:26:11:26:14 | name | -| tst.js:28:7:28:15 | obj[name] | -| tst.js:28:7:28:15 | obj[name] | -| tst.js:28:11:28:14 | name | -| tst.js:34:9:34:24 | key | -| tst.js:34:15:34:24 | "$" + name | -| tst.js:34:21:34:24 | name | -| tst.js:35:5:35:12 | obj[key] | -| tst.js:35:5:35:12 | obj[key] | -| tst.js:35:5:35:12 | obj[key] | -| tst.js:35:9:35:11 | key | -| tst.js:37:7:37:14 | obj[key] | -| tst.js:37:7:37:14 | obj[key] | -| tst.js:37:11:37:13 | key | -| tst.js:47:39:47:40 | ev | -| tst.js:47:39:47:40 | ev | -| tst.js:48:9:48:39 | name | -| tst.js:48:16:48:34 | JSON.parse(ev.data) | -| tst.js:48:16:48:39 | JSON.pa ... a).name | -| tst.js:48:27:48:28 | ev | -| tst.js:48:27:48:33 | ev.data | -| tst.js:49:9:49:23 | fn | -| tst.js:49:14:49:23 | obj2[name] | -| tst.js:49:19:49:22 | name | -| tst.js:50:5:50:6 | fn | -| tst.js:50:5:50:6 | fn | +| UnsafeDynamicMethodAccess.js:5:37:5:38 | ev | semmle.label | ev | +| UnsafeDynamicMethodAccess.js:6:9:6:37 | message | semmle.label | message | +| UnsafeDynamicMethodAccess.js:6:19:6:37 | JSON.parse(ev.data) | semmle.label | JSON.parse(ev.data) | +| UnsafeDynamicMethodAccess.js:6:30:6:31 | ev | semmle.label | ev | +| UnsafeDynamicMethodAccess.js:6:30:6:36 | ev.data | semmle.label | ev.data | +| UnsafeDynamicMethodAccess.js:15:5:15:21 | obj[message.name] | semmle.label | obj[message.name] | +| UnsafeDynamicMethodAccess.js:15:9:15:15 | message | semmle.label | message | +| UnsafeDynamicMethodAccess.js:15:9:15:20 | message.name | semmle.label | message.name | +| UnvalidatedDynamicMethodCall2.js:13:9:13:47 | action | semmle.label | action | +| UnvalidatedDynamicMethodCall2.js:13:18:13:47 | actions ... action) | semmle.label | actions ... action) | +| UnvalidatedDynamicMethodCall2.js:13:30:13:46 | req.params.action | semmle.label | req.params.action | +| UnvalidatedDynamicMethodCall2.js:14:13:14:18 | action | semmle.label | action | +| UnvalidatedDynamicMethodCall.js:14:7:14:41 | action | semmle.label | action | +| UnvalidatedDynamicMethodCall.js:14:16:14:41 | actions ... action] | semmle.label | actions ... action] | +| UnvalidatedDynamicMethodCall.js:14:24:14:40 | req.params.action | semmle.label | req.params.action | +| UnvalidatedDynamicMethodCall.js:15:11:15:16 | action | semmle.label | action | +| UnvalidatedDynamicMethodCallGood4.js:14:13:14:51 | action | semmle.label | action | +| UnvalidatedDynamicMethodCallGood4.js:14:22:14:51 | actions ... action) | semmle.label | actions ... action) | +| UnvalidatedDynamicMethodCallGood4.js:14:34:14:50 | req.params.action | semmle.label | req.params.action | +| UnvalidatedDynamicMethodCallGood4.js:15:17:15:22 | action | semmle.label | action | +| tst.js:6:39:6:40 | ev | semmle.label | ev | +| tst.js:7:9:7:39 | name | semmle.label | name | +| tst.js:7:16:7:34 | JSON.parse(ev.data) | semmle.label | JSON.parse(ev.data) | +| tst.js:7:16:7:39 | JSON.pa ... a).name | semmle.label | JSON.pa ... a).name | +| tst.js:7:27:7:28 | ev | semmle.label | ev | +| tst.js:7:27:7:33 | ev.data | semmle.label | ev.data | +| tst.js:9:5:9:16 | obj[ev.data] | semmle.label | obj[ev.data] | +| tst.js:9:9:9:10 | ev | semmle.label | ev | +| tst.js:9:9:9:15 | ev.data | semmle.label | ev.data | +| tst.js:11:5:11:13 | obj[name] | semmle.label | obj[name] | +| tst.js:11:9:11:12 | name | semmle.label | name | +| tst.js:17:9:17:22 | fn | semmle.label | fn | +| tst.js:17:14:17:22 | obj[name] | semmle.label | obj[name] | +| tst.js:17:18:17:21 | name | semmle.label | name | +| tst.js:18:5:18:6 | fn | semmle.label | fn | +| tst.js:20:7:20:8 | fn | semmle.label | fn | +| tst.js:21:7:21:15 | obj[name] | semmle.label | obj[name] | +| tst.js:21:11:21:14 | name | semmle.label | name | +| tst.js:22:11:22:12 | fn | semmle.label | fn | +| tst.js:26:7:26:15 | obj[name] | semmle.label | obj[name] | +| tst.js:26:11:26:14 | name | semmle.label | name | +| tst.js:28:7:28:15 | obj[name] | semmle.label | obj[name] | +| tst.js:28:11:28:14 | name | semmle.label | name | +| tst.js:34:9:34:24 | key | semmle.label | key | +| tst.js:34:15:34:24 | "$" + name | semmle.label | "$" + name | +| tst.js:34:21:34:24 | name | semmle.label | name | +| tst.js:35:5:35:12 | obj[key] | semmle.label | obj[key] | +| tst.js:35:9:35:11 | key | semmle.label | key | +| tst.js:37:7:37:14 | obj[key] | semmle.label | obj[key] | +| tst.js:37:11:37:13 | key | semmle.label | key | +| tst.js:47:39:47:40 | ev | semmle.label | ev | +| tst.js:48:9:48:39 | name | semmle.label | name | +| tst.js:48:16:48:34 | JSON.parse(ev.data) | semmle.label | JSON.parse(ev.data) | +| tst.js:48:16:48:39 | JSON.pa ... a).name | semmle.label | JSON.pa ... a).name | +| tst.js:48:27:48:28 | ev | semmle.label | ev | +| tst.js:48:27:48:33 | ev.data | semmle.label | ev.data | +| tst.js:49:9:49:23 | fn | semmle.label | fn | +| tst.js:49:14:49:23 | obj2[name] | semmle.label | obj2[name] | +| tst.js:49:19:49:22 | name | semmle.label | name | +| tst.js:50:5:50:6 | fn | semmle.label | fn | edges -| UnsafeDynamicMethodAccess.js:5:37:5:38 | ev | UnsafeDynamicMethodAccess.js:6:30:6:31 | ev | -| UnsafeDynamicMethodAccess.js:5:37:5:38 | ev | UnsafeDynamicMethodAccess.js:6:30:6:31 | ev | -| UnsafeDynamicMethodAccess.js:6:9:6:37 | message | UnsafeDynamicMethodAccess.js:15:9:15:15 | message | -| UnsafeDynamicMethodAccess.js:6:19:6:37 | JSON.parse(ev.data) | UnsafeDynamicMethodAccess.js:6:9:6:37 | message | -| UnsafeDynamicMethodAccess.js:6:30:6:31 | ev | UnsafeDynamicMethodAccess.js:6:30:6:36 | ev.data | -| UnsafeDynamicMethodAccess.js:6:30:6:36 | ev.data | UnsafeDynamicMethodAccess.js:6:19:6:37 | JSON.parse(ev.data) | -| UnsafeDynamicMethodAccess.js:15:9:15:15 | message | UnsafeDynamicMethodAccess.js:15:9:15:20 | message.name | -| UnsafeDynamicMethodAccess.js:15:9:15:20 | message.name | UnsafeDynamicMethodAccess.js:15:5:15:21 | obj[message.name] | -| UnsafeDynamicMethodAccess.js:15:9:15:20 | message.name | UnsafeDynamicMethodAccess.js:15:5:15:21 | obj[message.name] | -| UnsafeDynamicMethodAccess.js:15:9:15:20 | message.name | UnsafeDynamicMethodAccess.js:15:5:15:21 | obj[message.name] | -| UnvalidatedDynamicMethodCall2.js:13:9:13:47 | action | UnvalidatedDynamicMethodCall2.js:14:13:14:18 | action | -| UnvalidatedDynamicMethodCall2.js:13:9:13:47 | action | UnvalidatedDynamicMethodCall2.js:14:13:14:18 | action | -| UnvalidatedDynamicMethodCall2.js:13:18:13:47 | actions ... action) | UnvalidatedDynamicMethodCall2.js:13:9:13:47 | action | -| UnvalidatedDynamicMethodCall2.js:13:30:13:46 | req.params.action | UnvalidatedDynamicMethodCall2.js:13:18:13:47 | actions ... action) | -| UnvalidatedDynamicMethodCall2.js:13:30:13:46 | req.params.action | UnvalidatedDynamicMethodCall2.js:13:18:13:47 | actions ... action) | -| UnvalidatedDynamicMethodCall.js:14:7:14:41 | action | UnvalidatedDynamicMethodCall.js:15:11:15:16 | action | -| UnvalidatedDynamicMethodCall.js:14:7:14:41 | action | UnvalidatedDynamicMethodCall.js:15:11:15:16 | action | -| UnvalidatedDynamicMethodCall.js:14:7:14:41 | action | UnvalidatedDynamicMethodCall.js:15:11:15:16 | action | -| UnvalidatedDynamicMethodCall.js:14:7:14:41 | action | UnvalidatedDynamicMethodCall.js:15:11:15:16 | action | -| UnvalidatedDynamicMethodCall.js:14:16:14:41 | actions ... action] | UnvalidatedDynamicMethodCall.js:14:7:14:41 | action | -| UnvalidatedDynamicMethodCall.js:14:16:14:41 | actions ... action] | UnvalidatedDynamicMethodCall.js:14:7:14:41 | action | -| UnvalidatedDynamicMethodCall.js:14:24:14:40 | req.params.action | UnvalidatedDynamicMethodCall.js:14:16:14:41 | actions ... action] | -| UnvalidatedDynamicMethodCall.js:14:24:14:40 | req.params.action | UnvalidatedDynamicMethodCall.js:14:16:14:41 | actions ... action] | -| UnvalidatedDynamicMethodCall.js:14:24:14:40 | req.params.action | UnvalidatedDynamicMethodCall.js:14:16:14:41 | actions ... action] | -| UnvalidatedDynamicMethodCall.js:14:24:14:40 | req.params.action | UnvalidatedDynamicMethodCall.js:14:16:14:41 | actions ... action] | -| UnvalidatedDynamicMethodCallGood4.js:14:13:14:51 | action | UnvalidatedDynamicMethodCallGood4.js:15:17:15:22 | action | -| UnvalidatedDynamicMethodCallGood4.js:14:13:14:51 | action | UnvalidatedDynamicMethodCallGood4.js:15:17:15:22 | action | -| UnvalidatedDynamicMethodCallGood4.js:14:22:14:51 | actions ... action) | UnvalidatedDynamicMethodCallGood4.js:14:13:14:51 | action | -| UnvalidatedDynamicMethodCallGood4.js:14:34:14:50 | req.params.action | UnvalidatedDynamicMethodCallGood4.js:14:22:14:51 | actions ... action) | -| UnvalidatedDynamicMethodCallGood4.js:14:34:14:50 | req.params.action | UnvalidatedDynamicMethodCallGood4.js:14:22:14:51 | actions ... action) | -| tst.js:6:39:6:40 | ev | tst.js:7:27:7:28 | ev | -| tst.js:6:39:6:40 | ev | tst.js:7:27:7:28 | ev | -| tst.js:6:39:6:40 | ev | tst.js:9:9:9:10 | ev | -| tst.js:6:39:6:40 | ev | tst.js:9:9:9:10 | ev | -| tst.js:7:9:7:39 | name | tst.js:11:9:11:12 | name | -| tst.js:7:9:7:39 | name | tst.js:17:18:17:21 | name | -| tst.js:7:9:7:39 | name | tst.js:21:11:21:14 | name | -| tst.js:7:9:7:39 | name | tst.js:26:11:26:14 | name | -| tst.js:7:9:7:39 | name | tst.js:28:11:28:14 | name | -| tst.js:7:9:7:39 | name | tst.js:34:21:34:24 | name | -| tst.js:7:16:7:34 | JSON.parse(ev.data) | tst.js:7:16:7:39 | JSON.pa ... a).name | -| tst.js:7:16:7:39 | JSON.pa ... a).name | tst.js:7:9:7:39 | name | -| tst.js:7:27:7:28 | ev | tst.js:7:27:7:33 | ev.data | -| tst.js:7:27:7:33 | ev.data | tst.js:7:16:7:34 | JSON.parse(ev.data) | -| tst.js:9:9:9:10 | ev | tst.js:9:9:9:15 | ev.data | -| tst.js:9:9:9:15 | ev.data | tst.js:9:5:9:16 | obj[ev.data] | -| tst.js:9:9:9:15 | ev.data | tst.js:9:5:9:16 | obj[ev.data] | -| tst.js:9:9:9:15 | ev.data | tst.js:9:5:9:16 | obj[ev.data] | -| tst.js:11:9:11:12 | name | tst.js:11:5:11:13 | obj[name] | -| tst.js:11:9:11:12 | name | tst.js:11:5:11:13 | obj[name] | -| tst.js:11:9:11:12 | name | tst.js:11:5:11:13 | obj[name] | -| tst.js:17:9:17:22 | fn | tst.js:18:5:18:6 | fn | -| tst.js:17:9:17:22 | fn | tst.js:18:5:18:6 | fn | -| tst.js:17:9:17:22 | fn | tst.js:18:5:18:6 | fn | -| tst.js:17:9:17:22 | fn | tst.js:18:5:18:6 | fn | -| tst.js:17:9:17:22 | fn | tst.js:20:7:20:8 | fn | -| tst.js:17:9:17:22 | fn | tst.js:20:7:20:8 | fn | -| tst.js:17:9:17:22 | fn | tst.js:22:11:22:12 | fn | -| tst.js:17:9:17:22 | fn | tst.js:22:11:22:12 | fn | -| tst.js:17:14:17:22 | obj[name] | tst.js:17:9:17:22 | fn | -| tst.js:17:14:17:22 | obj[name] | tst.js:17:9:17:22 | fn | -| tst.js:17:18:17:21 | name | tst.js:17:14:17:22 | obj[name] | -| tst.js:17:18:17:21 | name | tst.js:17:14:17:22 | obj[name] | -| tst.js:21:11:21:14 | name | tst.js:21:7:21:15 | obj[name] | -| tst.js:21:11:21:14 | name | tst.js:21:7:21:15 | obj[name] | -| tst.js:21:11:21:14 | name | tst.js:21:7:21:15 | obj[name] | -| tst.js:26:11:26:14 | name | tst.js:26:7:26:15 | obj[name] | -| tst.js:26:11:26:14 | name | tst.js:26:7:26:15 | obj[name] | -| tst.js:26:11:26:14 | name | tst.js:26:7:26:15 | obj[name] | -| tst.js:28:11:28:14 | name | tst.js:28:7:28:15 | obj[name] | -| tst.js:28:11:28:14 | name | tst.js:28:7:28:15 | obj[name] | -| tst.js:34:9:34:24 | key | tst.js:35:9:35:11 | key | -| tst.js:34:9:34:24 | key | tst.js:37:11:37:13 | key | -| tst.js:34:15:34:24 | "$" + name | tst.js:34:9:34:24 | key | -| tst.js:34:21:34:24 | name | tst.js:34:15:34:24 | "$" + name | -| tst.js:35:9:35:11 | key | tst.js:35:5:35:12 | obj[key] | -| tst.js:35:9:35:11 | key | tst.js:35:5:35:12 | obj[key] | -| tst.js:35:9:35:11 | key | tst.js:35:5:35:12 | obj[key] | -| tst.js:37:11:37:13 | key | tst.js:37:7:37:14 | obj[key] | -| tst.js:37:11:37:13 | key | tst.js:37:7:37:14 | obj[key] | -| tst.js:47:39:47:40 | ev | tst.js:48:27:48:28 | ev | -| tst.js:47:39:47:40 | ev | tst.js:48:27:48:28 | ev | -| tst.js:48:9:48:39 | name | tst.js:49:19:49:22 | name | -| tst.js:48:16:48:34 | JSON.parse(ev.data) | tst.js:48:16:48:39 | JSON.pa ... a).name | -| tst.js:48:16:48:39 | JSON.pa ... a).name | tst.js:48:9:48:39 | name | -| tst.js:48:27:48:28 | ev | tst.js:48:27:48:33 | ev.data | -| tst.js:48:27:48:33 | ev.data | tst.js:48:16:48:34 | JSON.parse(ev.data) | -| tst.js:49:9:49:23 | fn | tst.js:50:5:50:6 | fn | -| tst.js:49:9:49:23 | fn | tst.js:50:5:50:6 | fn | -| tst.js:49:14:49:23 | obj2[name] | tst.js:49:9:49:23 | fn | -| tst.js:49:19:49:22 | name | tst.js:49:14:49:23 | obj2[name] | +| UnsafeDynamicMethodAccess.js:5:37:5:38 | ev | UnsafeDynamicMethodAccess.js:6:30:6:31 | ev | provenance | | +| UnsafeDynamicMethodAccess.js:6:9:6:37 | message | UnsafeDynamicMethodAccess.js:15:9:15:15 | message | provenance | | +| UnsafeDynamicMethodAccess.js:6:19:6:37 | JSON.parse(ev.data) | UnsafeDynamicMethodAccess.js:6:9:6:37 | message | provenance | | +| UnsafeDynamicMethodAccess.js:6:30:6:31 | ev | UnsafeDynamicMethodAccess.js:6:30:6:36 | ev.data | provenance | Config | +| UnsafeDynamicMethodAccess.js:6:30:6:36 | ev.data | UnsafeDynamicMethodAccess.js:6:19:6:37 | JSON.parse(ev.data) | provenance | Config | +| UnsafeDynamicMethodAccess.js:15:9:15:15 | message | UnsafeDynamicMethodAccess.js:15:9:15:20 | message.name | provenance | Config | +| UnsafeDynamicMethodAccess.js:15:9:15:20 | message.name | UnsafeDynamicMethodAccess.js:15:5:15:21 | obj[message.name] | provenance | Config | +| UnvalidatedDynamicMethodCall2.js:13:9:13:47 | action | UnvalidatedDynamicMethodCall2.js:14:13:14:18 | action | provenance | | +| UnvalidatedDynamicMethodCall2.js:13:18:13:47 | actions ... action) | UnvalidatedDynamicMethodCall2.js:13:9:13:47 | action | provenance | | +| UnvalidatedDynamicMethodCall2.js:13:30:13:46 | req.params.action | UnvalidatedDynamicMethodCall2.js:13:18:13:47 | actions ... action) | provenance | Config | +| UnvalidatedDynamicMethodCall.js:14:7:14:41 | action | UnvalidatedDynamicMethodCall.js:15:11:15:16 | action | provenance | | +| UnvalidatedDynamicMethodCall.js:14:16:14:41 | actions ... action] | UnvalidatedDynamicMethodCall.js:14:7:14:41 | action | provenance | | +| UnvalidatedDynamicMethodCall.js:14:24:14:40 | req.params.action | UnvalidatedDynamicMethodCall.js:14:16:14:41 | actions ... action] | provenance | Config | +| UnvalidatedDynamicMethodCallGood4.js:14:13:14:51 | action | UnvalidatedDynamicMethodCallGood4.js:15:17:15:22 | action | provenance | | +| UnvalidatedDynamicMethodCallGood4.js:14:22:14:51 | actions ... action) | UnvalidatedDynamicMethodCallGood4.js:14:13:14:51 | action | provenance | | +| UnvalidatedDynamicMethodCallGood4.js:14:34:14:50 | req.params.action | UnvalidatedDynamicMethodCallGood4.js:14:22:14:51 | actions ... action) | provenance | Config | +| tst.js:6:39:6:40 | ev | tst.js:7:27:7:28 | ev | provenance | | +| tst.js:6:39:6:40 | ev | tst.js:9:9:9:10 | ev | provenance | | +| tst.js:7:9:7:39 | name | tst.js:11:9:11:12 | name | provenance | | +| tst.js:7:9:7:39 | name | tst.js:17:18:17:21 | name | provenance | | +| tst.js:7:9:7:39 | name | tst.js:21:11:21:14 | name | provenance | | +| tst.js:7:9:7:39 | name | tst.js:26:11:26:14 | name | provenance | | +| tst.js:7:9:7:39 | name | tst.js:28:11:28:14 | name | provenance | | +| tst.js:7:9:7:39 | name | tst.js:34:21:34:24 | name | provenance | | +| tst.js:7:16:7:34 | JSON.parse(ev.data) | tst.js:7:16:7:39 | JSON.pa ... a).name | provenance | Config | +| tst.js:7:16:7:39 | JSON.pa ... a).name | tst.js:7:9:7:39 | name | provenance | | +| tst.js:7:27:7:28 | ev | tst.js:7:27:7:33 | ev.data | provenance | Config | +| tst.js:7:27:7:33 | ev.data | tst.js:7:16:7:34 | JSON.parse(ev.data) | provenance | Config | +| tst.js:9:9:9:10 | ev | tst.js:9:9:9:15 | ev.data | provenance | Config | +| tst.js:9:9:9:15 | ev.data | tst.js:9:5:9:16 | obj[ev.data] | provenance | Config | +| tst.js:11:9:11:12 | name | tst.js:11:5:11:13 | obj[name] | provenance | Config | +| tst.js:17:9:17:22 | fn | tst.js:18:5:18:6 | fn | provenance | | +| tst.js:17:9:17:22 | fn | tst.js:20:7:20:8 | fn | provenance | | +| tst.js:17:9:17:22 | fn | tst.js:22:11:22:12 | fn | provenance | | +| tst.js:17:14:17:22 | obj[name] | tst.js:17:9:17:22 | fn | provenance | | +| tst.js:17:18:17:21 | name | tst.js:17:14:17:22 | obj[name] | provenance | Config | +| tst.js:21:11:21:14 | name | tst.js:21:7:21:15 | obj[name] | provenance | Config | +| tst.js:26:11:26:14 | name | tst.js:26:7:26:15 | obj[name] | provenance | Config | +| tst.js:28:11:28:14 | name | tst.js:28:7:28:15 | obj[name] | provenance | Config | +| tst.js:34:9:34:24 | key | tst.js:35:9:35:11 | key | provenance | | +| tst.js:34:9:34:24 | key | tst.js:37:11:37:13 | key | provenance | | +| tst.js:34:15:34:24 | "$" + name | tst.js:34:9:34:24 | key | provenance | | +| tst.js:34:21:34:24 | name | tst.js:34:15:34:24 | "$" + name | provenance | Config | +| tst.js:35:9:35:11 | key | tst.js:35:5:35:12 | obj[key] | provenance | Config | +| tst.js:37:11:37:13 | key | tst.js:37:7:37:14 | obj[key] | provenance | Config | +| tst.js:47:39:47:40 | ev | tst.js:48:27:48:28 | ev | provenance | | +| tst.js:48:9:48:39 | name | tst.js:49:19:49:22 | name | provenance | | +| tst.js:48:16:48:34 | JSON.parse(ev.data) | tst.js:48:16:48:39 | JSON.pa ... a).name | provenance | Config | +| tst.js:48:16:48:39 | JSON.pa ... a).name | tst.js:48:9:48:39 | name | provenance | | +| tst.js:48:27:48:28 | ev | tst.js:48:27:48:33 | ev.data | provenance | Config | +| tst.js:48:27:48:33 | ev.data | tst.js:48:16:48:34 | JSON.parse(ev.data) | provenance | Config | +| tst.js:49:9:49:23 | fn | tst.js:50:5:50:6 | fn | provenance | | +| tst.js:49:14:49:23 | obj2[name] | tst.js:49:9:49:23 | fn | provenance | | +| tst.js:49:19:49:22 | name | tst.js:49:14:49:23 | obj2[name] | provenance | Config | +subpaths #select | UnsafeDynamicMethodAccess.js:15:5:15:21 | obj[message.name] | UnsafeDynamicMethodAccess.js:5:37:5:38 | ev | UnsafeDynamicMethodAccess.js:15:5:15:21 | obj[message.name] | Invocation of method with $@ name may dispatch to unexpected target and cause an exception. | UnsafeDynamicMethodAccess.js:5:37:5:38 | ev | user-controlled | | UnvalidatedDynamicMethodCall2.js:14:13:14:18 | action | UnvalidatedDynamicMethodCall2.js:13:30:13:46 | req.params.action | UnvalidatedDynamicMethodCall2.js:14:13:14:18 | action | Invocation of method with $@ name may dispatch to unexpected target and cause an exception. | UnvalidatedDynamicMethodCall2.js:13:30:13:46 | req.params.action | user-controlled | diff --git a/javascript/ql/test/query-tests/Security/CWE-770/ResourceExhaustion/ResourceExhaustion.expected b/javascript/ql/test/query-tests/Security/CWE-770/ResourceExhaustion/ResourceExhaustion.expected index 1c8a7172c6d1..7ca545489969 100644 --- a/javascript/ql/test/query-tests/Security/CWE-770/ResourceExhaustion/ResourceExhaustion.expected +++ b/javascript/ql/test/query-tests/Security/CWE-770/ResourceExhaustion/ResourceExhaustion.expected @@ -1,115 +1,66 @@ -nodes -| documentaion-examples/ResourceExhaustion_timeout.js:5:6:5:59 | delay | -| documentaion-examples/ResourceExhaustion_timeout.js:5:14:5:59 | parseIn ... .delay) | -| documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:46 | url.par ... , true) | -| documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:52 | url.par ... ).query | -| documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:58 | url.par ... y.delay | -| documentaion-examples/ResourceExhaustion_timeout.js:5:33:5:39 | req.url | -| documentaion-examples/ResourceExhaustion_timeout.js:5:33:5:39 | req.url | -| documentaion-examples/ResourceExhaustion_timeout.js:7:16:7:20 | delay | -| documentaion-examples/ResourceExhaustion_timeout.js:7:16:7:20 | delay | -| resource-exhaustion.js:5:7:5:42 | s | -| resource-exhaustion.js:5:11:5:34 | url.par ... , true) | -| resource-exhaustion.js:5:11:5:40 | url.par ... ).query | -| resource-exhaustion.js:5:11:5:42 | url.par ... query.s | -| resource-exhaustion.js:5:21:5:27 | req.url | -| resource-exhaustion.js:5:21:5:27 | req.url | -| resource-exhaustion.js:6:7:6:21 | n | -| resource-exhaustion.js:6:11:6:21 | parseInt(s) | -| resource-exhaustion.js:6:20:6:20 | s | -| resource-exhaustion.js:14:16:14:16 | n | -| resource-exhaustion.js:14:16:14:16 | n | -| resource-exhaustion.js:15:22:15:22 | n | -| resource-exhaustion.js:15:22:15:22 | n | -| resource-exhaustion.js:16:26:16:26 | n | -| resource-exhaustion.js:16:26:16:26 | n | -| resource-exhaustion.js:20:20:20:20 | n | -| resource-exhaustion.js:20:20:20:20 | n | -| resource-exhaustion.js:22:18:22:18 | n | -| resource-exhaustion.js:22:18:22:18 | n | -| resource-exhaustion.js:27:9:27:9 | n | -| resource-exhaustion.js:27:9:27:9 | n | -| resource-exhaustion.js:28:13:28:13 | n | -| resource-exhaustion.js:28:13:28:13 | n | -| resource-exhaustion.js:29:9:29:9 | n | -| resource-exhaustion.js:29:9:29:9 | n | -| resource-exhaustion.js:30:9:30:9 | n | -| resource-exhaustion.js:30:9:30:9 | n | -| resource-exhaustion.js:31:9:31:9 | n | -| resource-exhaustion.js:31:9:31:9 | n | -| resource-exhaustion.js:32:9:32:9 | n | -| resource-exhaustion.js:32:9:32:9 | n | -| resource-exhaustion.js:34:12:34:12 | n | -| resource-exhaustion.js:34:12:34:12 | n | -| resource-exhaustion.js:35:12:35:12 | s | -| resource-exhaustion.js:35:12:35:12 | s | -| resource-exhaustion.js:81:17:81:17 | n | -| resource-exhaustion.js:81:17:81:17 | n | -| resource-exhaustion.js:82:17:82:17 | s | -| resource-exhaustion.js:82:17:82:17 | s | -| resource-exhaustion.js:83:18:83:18 | n | -| resource-exhaustion.js:83:18:83:18 | n | -| resource-exhaustion.js:84:18:84:18 | s | -| resource-exhaustion.js:84:18:84:18 | s | -| resource-exhaustion.js:88:16:88:16 | n | -| resource-exhaustion.js:88:16:88:16 | n | -| resource-exhaustion.js:92:18:92:18 | n | -| resource-exhaustion.js:92:18:92:18 | n | edges -| documentaion-examples/ResourceExhaustion_timeout.js:5:6:5:59 | delay | documentaion-examples/ResourceExhaustion_timeout.js:7:16:7:20 | delay | -| documentaion-examples/ResourceExhaustion_timeout.js:5:6:5:59 | delay | documentaion-examples/ResourceExhaustion_timeout.js:7:16:7:20 | delay | -| documentaion-examples/ResourceExhaustion_timeout.js:5:14:5:59 | parseIn ... .delay) | documentaion-examples/ResourceExhaustion_timeout.js:5:6:5:59 | delay | -| documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:46 | url.par ... , true) | documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:52 | url.par ... ).query | -| documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:52 | url.par ... ).query | documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:58 | url.par ... y.delay | -| documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:58 | url.par ... y.delay | documentaion-examples/ResourceExhaustion_timeout.js:5:14:5:59 | parseIn ... .delay) | -| documentaion-examples/ResourceExhaustion_timeout.js:5:33:5:39 | req.url | documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:46 | url.par ... , true) | -| documentaion-examples/ResourceExhaustion_timeout.js:5:33:5:39 | req.url | documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:46 | url.par ... , true) | -| resource-exhaustion.js:5:7:5:42 | s | resource-exhaustion.js:6:20:6:20 | s | -| resource-exhaustion.js:5:7:5:42 | s | resource-exhaustion.js:35:12:35:12 | s | -| resource-exhaustion.js:5:7:5:42 | s | resource-exhaustion.js:35:12:35:12 | s | -| resource-exhaustion.js:5:7:5:42 | s | resource-exhaustion.js:82:17:82:17 | s | -| resource-exhaustion.js:5:7:5:42 | s | resource-exhaustion.js:82:17:82:17 | s | -| resource-exhaustion.js:5:7:5:42 | s | resource-exhaustion.js:84:18:84:18 | s | -| resource-exhaustion.js:5:7:5:42 | s | resource-exhaustion.js:84:18:84:18 | s | -| resource-exhaustion.js:5:11:5:34 | url.par ... , true) | resource-exhaustion.js:5:11:5:40 | url.par ... ).query | -| resource-exhaustion.js:5:11:5:40 | url.par ... ).query | resource-exhaustion.js:5:11:5:42 | url.par ... query.s | -| resource-exhaustion.js:5:11:5:42 | url.par ... query.s | resource-exhaustion.js:5:7:5:42 | s | -| resource-exhaustion.js:5:21:5:27 | req.url | resource-exhaustion.js:5:11:5:34 | url.par ... , true) | -| resource-exhaustion.js:5:21:5:27 | req.url | resource-exhaustion.js:5:11:5:34 | url.par ... , true) | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:14:16:14:16 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:14:16:14:16 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:15:22:15:22 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:15:22:15:22 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:16:26:16:26 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:16:26:16:26 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:20:20:20:20 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:20:20:20:20 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:22:18:22:18 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:22:18:22:18 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:27:9:27:9 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:27:9:27:9 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:28:13:28:13 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:28:13:28:13 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:29:9:29:9 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:29:9:29:9 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:30:9:30:9 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:30:9:30:9 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:31:9:31:9 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:31:9:31:9 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:32:9:32:9 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:32:9:32:9 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:34:12:34:12 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:34:12:34:12 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:81:17:81:17 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:81:17:81:17 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:83:18:83:18 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:83:18:83:18 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:88:16:88:16 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:88:16:88:16 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:92:18:92:18 | n | -| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:92:18:92:18 | n | -| resource-exhaustion.js:6:11:6:21 | parseInt(s) | resource-exhaustion.js:6:7:6:21 | n | -| resource-exhaustion.js:6:20:6:20 | s | resource-exhaustion.js:6:11:6:21 | parseInt(s) | +| documentaion-examples/ResourceExhaustion_timeout.js:5:6:5:59 | delay | documentaion-examples/ResourceExhaustion_timeout.js:7:16:7:20 | delay | provenance | | +| documentaion-examples/ResourceExhaustion_timeout.js:5:14:5:59 | parseIn ... .delay) | documentaion-examples/ResourceExhaustion_timeout.js:5:6:5:59 | delay | provenance | | +| documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:46 | url.par ... , true) | documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:58 | url.par ... y.delay | provenance | | +| documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:58 | url.par ... y.delay | documentaion-examples/ResourceExhaustion_timeout.js:5:14:5:59 | parseIn ... .delay) | provenance | Config | +| documentaion-examples/ResourceExhaustion_timeout.js:5:33:5:39 | req.url | documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:46 | url.par ... , true) | provenance | | +| resource-exhaustion.js:5:7:5:42 | s | resource-exhaustion.js:6:20:6:20 | s | provenance | | +| resource-exhaustion.js:5:7:5:42 | s | resource-exhaustion.js:35:12:35:12 | s | provenance | | +| resource-exhaustion.js:5:7:5:42 | s | resource-exhaustion.js:82:17:82:17 | s | provenance | | +| resource-exhaustion.js:5:7:5:42 | s | resource-exhaustion.js:84:18:84:18 | s | provenance | | +| resource-exhaustion.js:5:11:5:34 | url.par ... , true) | resource-exhaustion.js:5:7:5:42 | s | provenance | | +| resource-exhaustion.js:5:21:5:27 | req.url | resource-exhaustion.js:5:11:5:34 | url.par ... , true) | provenance | | +| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:14:16:14:16 | n | provenance | | +| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:15:22:15:22 | n | provenance | | +| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:16:26:16:26 | n | provenance | | +| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:20:20:20:20 | n | provenance | | +| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:22:18:22:18 | n | provenance | | +| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:27:9:27:9 | n | provenance | | +| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:28:13:28:13 | n | provenance | | +| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:29:9:29:9 | n | provenance | | +| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:30:9:30:9 | n | provenance | | +| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:31:9:31:9 | n | provenance | | +| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:32:9:32:9 | n | provenance | | +| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:34:12:34:12 | n | provenance | | +| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:81:17:81:17 | n | provenance | | +| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:83:18:83:18 | n | provenance | | +| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:88:16:88:16 | n | provenance | | +| resource-exhaustion.js:6:7:6:21 | n | resource-exhaustion.js:92:18:92:18 | n | provenance | | +| resource-exhaustion.js:6:11:6:21 | parseInt(s) | resource-exhaustion.js:6:7:6:21 | n | provenance | | +| resource-exhaustion.js:6:20:6:20 | s | resource-exhaustion.js:6:11:6:21 | parseInt(s) | provenance | Config | +nodes +| documentaion-examples/ResourceExhaustion_timeout.js:5:6:5:59 | delay | semmle.label | delay | +| documentaion-examples/ResourceExhaustion_timeout.js:5:14:5:59 | parseIn ... .delay) | semmle.label | parseIn ... .delay) | +| documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:46 | url.par ... , true) | semmle.label | url.par ... , true) | +| documentaion-examples/ResourceExhaustion_timeout.js:5:23:5:58 | url.par ... y.delay | semmle.label | url.par ... y.delay | +| documentaion-examples/ResourceExhaustion_timeout.js:5:33:5:39 | req.url | semmle.label | req.url | +| documentaion-examples/ResourceExhaustion_timeout.js:7:16:7:20 | delay | semmle.label | delay | +| resource-exhaustion.js:5:7:5:42 | s | semmle.label | s | +| resource-exhaustion.js:5:11:5:34 | url.par ... , true) | semmle.label | url.par ... , true) | +| resource-exhaustion.js:5:21:5:27 | req.url | semmle.label | req.url | +| resource-exhaustion.js:6:7:6:21 | n | semmle.label | n | +| resource-exhaustion.js:6:11:6:21 | parseInt(s) | semmle.label | parseInt(s) | +| resource-exhaustion.js:6:20:6:20 | s | semmle.label | s | +| resource-exhaustion.js:14:16:14:16 | n | semmle.label | n | +| resource-exhaustion.js:15:22:15:22 | n | semmle.label | n | +| resource-exhaustion.js:16:26:16:26 | n | semmle.label | n | +| resource-exhaustion.js:20:20:20:20 | n | semmle.label | n | +| resource-exhaustion.js:22:18:22:18 | n | semmle.label | n | +| resource-exhaustion.js:27:9:27:9 | n | semmle.label | n | +| resource-exhaustion.js:28:13:28:13 | n | semmle.label | n | +| resource-exhaustion.js:29:9:29:9 | n | semmle.label | n | +| resource-exhaustion.js:30:9:30:9 | n | semmle.label | n | +| resource-exhaustion.js:31:9:31:9 | n | semmle.label | n | +| resource-exhaustion.js:32:9:32:9 | n | semmle.label | n | +| resource-exhaustion.js:34:12:34:12 | n | semmle.label | n | +| resource-exhaustion.js:35:12:35:12 | s | semmle.label | s | +| resource-exhaustion.js:81:17:81:17 | n | semmle.label | n | +| resource-exhaustion.js:82:17:82:17 | s | semmle.label | s | +| resource-exhaustion.js:83:18:83:18 | n | semmle.label | n | +| resource-exhaustion.js:84:18:84:18 | s | semmle.label | s | +| resource-exhaustion.js:88:16:88:16 | n | semmle.label | n | +| resource-exhaustion.js:92:18:92:18 | n | semmle.label | n | +subpaths #select | documentaion-examples/ResourceExhaustion_timeout.js:7:16:7:20 | delay | documentaion-examples/ResourceExhaustion_timeout.js:5:33:5:39 | req.url | documentaion-examples/ResourceExhaustion_timeout.js:7:16:7:20 | delay | This creates a timer with a user-controlled duration from a $@. | documentaion-examples/ResourceExhaustion_timeout.js:5:33:5:39 | req.url | user-provided value | | resource-exhaustion.js:14:16:14:16 | n | resource-exhaustion.js:5:21:5:27 | req.url | resource-exhaustion.js:14:16:14:16 | n | This creates a buffer with a user-controlled size from a $@. | resource-exhaustion.js:5:21:5:27 | req.url | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-776/XmlBomb.expected b/javascript/ql/test/query-tests/Security/CWE-776/XmlBomb.expected index fb1e8e683219..bcdb2c57680c 100644 --- a/javascript/ql/test/query-tests/Security/CWE-776/XmlBomb.expected +++ b/javascript/ql/test/query-tests/Security/CWE-776/XmlBomb.expected @@ -1,60 +1,30 @@ -nodes -| closure.js:2:7:2:36 | src | -| closure.js:2:13:2:36 | documen ... .search | -| closure.js:2:13:2:36 | documen ... .search | -| closure.js:4:24:4:26 | src | -| closure.js:4:24:4:26 | src | -| domparser.js:2:7:2:36 | src | -| domparser.js:2:13:2:36 | documen ... .search | -| domparser.js:2:13:2:36 | documen ... .search | -| domparser.js:6:37:6:39 | src | -| domparser.js:6:37:6:39 | src | -| domparser.js:11:55:11:57 | src | -| domparser.js:11:55:11:57 | src | -| domparser.js:14:57:14:59 | src | -| domparser.js:14:57:14:59 | src | -| expat.js:6:16:6:36 | req.par ... e-xml") | -| expat.js:6:16:6:36 | req.par ... e-xml") | -| expat.js:6:16:6:36 | req.par ... e-xml") | -| jquery.js:2:7:2:36 | src | -| jquery.js:2:13:2:36 | documen ... .search | -| jquery.js:2:13:2:36 | documen ... .search | -| jquery.js:5:14:5:16 | src | -| jquery.js:5:14:5:16 | src | -| libxml.js:6:21:6:41 | req.par ... e-xml") | -| libxml.js:6:21:6:41 | req.par ... e-xml") | -| libxml.js:6:21:6:41 | req.par ... e-xml") | -| libxml.noent.js:6:21:6:41 | req.par ... e-xml") | -| libxml.noent.js:6:21:6:41 | req.par ... e-xml") | -| libxml.noent.js:6:21:6:41 | req.par ... e-xml") | -| libxml.sax.js:6:22:6:42 | req.par ... e-xml") | -| libxml.sax.js:6:22:6:42 | req.par ... e-xml") | -| libxml.sax.js:6:22:6:42 | req.par ... e-xml") | -| libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | -| libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | -| libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | edges -| closure.js:2:7:2:36 | src | closure.js:4:24:4:26 | src | -| closure.js:2:7:2:36 | src | closure.js:4:24:4:26 | src | -| closure.js:2:13:2:36 | documen ... .search | closure.js:2:7:2:36 | src | -| closure.js:2:13:2:36 | documen ... .search | closure.js:2:7:2:36 | src | -| domparser.js:2:7:2:36 | src | domparser.js:6:37:6:39 | src | -| domparser.js:2:7:2:36 | src | domparser.js:6:37:6:39 | src | -| domparser.js:2:7:2:36 | src | domparser.js:11:55:11:57 | src | -| domparser.js:2:7:2:36 | src | domparser.js:11:55:11:57 | src | -| domparser.js:2:7:2:36 | src | domparser.js:14:57:14:59 | src | -| domparser.js:2:7:2:36 | src | domparser.js:14:57:14:59 | src | -| domparser.js:2:13:2:36 | documen ... .search | domparser.js:2:7:2:36 | src | -| domparser.js:2:13:2:36 | documen ... .search | domparser.js:2:7:2:36 | src | -| expat.js:6:16:6:36 | req.par ... e-xml") | expat.js:6:16:6:36 | req.par ... e-xml") | -| jquery.js:2:7:2:36 | src | jquery.js:5:14:5:16 | src | -| jquery.js:2:7:2:36 | src | jquery.js:5:14:5:16 | src | -| jquery.js:2:13:2:36 | documen ... .search | jquery.js:2:7:2:36 | src | -| jquery.js:2:13:2:36 | documen ... .search | jquery.js:2:7:2:36 | src | -| libxml.js:6:21:6:41 | req.par ... e-xml") | libxml.js:6:21:6:41 | req.par ... e-xml") | -| libxml.noent.js:6:21:6:41 | req.par ... e-xml") | libxml.noent.js:6:21:6:41 | req.par ... e-xml") | -| libxml.sax.js:6:22:6:42 | req.par ... e-xml") | libxml.sax.js:6:22:6:42 | req.par ... e-xml") | -| libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | +| closure.js:2:7:2:36 | src | closure.js:4:24:4:26 | src | provenance | | +| closure.js:2:13:2:36 | documen ... .search | closure.js:2:7:2:36 | src | provenance | | +| domparser.js:2:7:2:36 | src | domparser.js:6:37:6:39 | src | provenance | | +| domparser.js:2:7:2:36 | src | domparser.js:11:55:11:57 | src | provenance | | +| domparser.js:2:7:2:36 | src | domparser.js:14:57:14:59 | src | provenance | | +| domparser.js:2:13:2:36 | documen ... .search | domparser.js:2:7:2:36 | src | provenance | | +| jquery.js:2:7:2:36 | src | jquery.js:5:14:5:16 | src | provenance | | +| jquery.js:2:13:2:36 | documen ... .search | jquery.js:2:7:2:36 | src | provenance | | +nodes +| closure.js:2:7:2:36 | src | semmle.label | src | +| closure.js:2:13:2:36 | documen ... .search | semmle.label | documen ... .search | +| closure.js:4:24:4:26 | src | semmle.label | src | +| domparser.js:2:7:2:36 | src | semmle.label | src | +| domparser.js:2:13:2:36 | documen ... .search | semmle.label | documen ... .search | +| domparser.js:6:37:6:39 | src | semmle.label | src | +| domparser.js:11:55:11:57 | src | semmle.label | src | +| domparser.js:14:57:14:59 | src | semmle.label | src | +| expat.js:6:16:6:36 | req.par ... e-xml") | semmle.label | req.par ... e-xml") | +| jquery.js:2:7:2:36 | src | semmle.label | src | +| jquery.js:2:13:2:36 | documen ... .search | semmle.label | documen ... .search | +| jquery.js:5:14:5:16 | src | semmle.label | src | +| libxml.js:6:21:6:41 | req.par ... e-xml") | semmle.label | req.par ... e-xml") | +| libxml.noent.js:6:21:6:41 | req.par ... e-xml") | semmle.label | req.par ... e-xml") | +| libxml.sax.js:6:22:6:42 | req.par ... e-xml") | semmle.label | req.par ... e-xml") | +| libxml.saxpush.js:6:15:6:35 | req.par ... e-xml") | semmle.label | req.par ... e-xml") | +subpaths #select | closure.js:4:24:4:26 | src | closure.js:2:13:2:36 | documen ... .search | closure.js:4:24:4:26 | src | XML parsing depends on a $@ without guarding against uncontrolled entity expansion. | closure.js:2:13:2:36 | documen ... .search | user-provided value | | domparser.js:6:37:6:39 | src | domparser.js:2:13:2:36 | documen ... .search | domparser.js:6:37:6:39 | src | XML parsing depends on a $@ without guarding against uncontrolled entity expansion. | domparser.js:2:13:2:36 | documen ... .search | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected b/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected index fc41f193149c..086af0f7bdf0 100644 --- a/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected +++ b/javascript/ql/test/query-tests/Security/CWE-798/HardcodedCredentials.expected @@ -1,420 +1,162 @@ -nodes -| HardcodedCredentials.js:5:15:5:22 | 'dbuser' | -| HardcodedCredentials.js:5:15:5:22 | 'dbuser' | -| HardcodedCredentials.js:5:15:5:22 | 'dbuser' | -| HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | -| HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | -| HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | -| HardcodedCredentials.js:15:36:15:50 | "user:hgfedcba" | -| HardcodedCredentials.js:15:36:15:50 | "user:hgfedcba" | -| HardcodedCredentials.js:15:36:15:50 | "user:hgfedcba" | -| HardcodedCredentials.js:16:37:16:51 | "user:hgfedcba" | -| HardcodedCredentials.js:16:37:16:51 | "user:hgfedcba" | -| HardcodedCredentials.js:16:37:16:51 | "user:hgfedcba" | -| HardcodedCredentials.js:18:16:18:30 | "user:hgfedcba" | -| HardcodedCredentials.js:18:16:18:30 | "user:hgfedcba" | -| HardcodedCredentials.js:20:36:20:51 | getCredentials() | -| HardcodedCredentials.js:20:36:20:51 | getCredentials() | -| HardcodedCredentials.js:27:25:27:31 | 'admin' | -| HardcodedCredentials.js:27:25:27:31 | 'admin' | -| HardcodedCredentials.js:27:25:27:31 | 'admin' | -| HardcodedCredentials.js:27:34:27:43 | 'hgfedcba' | -| HardcodedCredentials.js:27:34:27:43 | 'hgfedcba' | -| HardcodedCredentials.js:27:34:27:43 | 'hgfedcba' | -| HardcodedCredentials.js:29:11:29:30 | 'unknown-admin-name' | -| HardcodedCredentials.js:29:11:29:30 | 'unknown-admin-name' | -| HardcodedCredentials.js:29:11:29:30 | 'unknown-admin-name' | -| HardcodedCredentials.js:29:35:29:44 | 'hgfedcba' | -| HardcodedCredentials.js:29:35:29:44 | 'hgfedcba' | -| HardcodedCredentials.js:29:35:29:44 | 'hgfedcba' | -| HardcodedCredentials.js:35:15:35:24 | 'username' | -| HardcodedCredentials.js:35:15:35:24 | 'username' | -| HardcodedCredentials.js:35:15:35:24 | 'username' | -| HardcodedCredentials.js:35:27:35:36 | 'hgfedcba' | -| HardcodedCredentials.js:35:27:35:36 | 'hgfedcba' | -| HardcodedCredentials.js:35:27:35:36 | 'hgfedcba' | -| HardcodedCredentials.js:41:38:41:47 | 'username' | -| HardcodedCredentials.js:41:38:41:47 | 'username' | -| HardcodedCredentials.js:41:38:41:47 | 'username' | -| HardcodedCredentials.js:41:67:41:76 | 'hgfedcba' | -| HardcodedCredentials.js:41:67:41:76 | 'hgfedcba' | -| HardcodedCredentials.js:41:67:41:76 | 'hgfedcba' | -| HardcodedCredentials.js:42:35:42:44 | 'username' | -| HardcodedCredentials.js:42:35:42:44 | 'username' | -| HardcodedCredentials.js:42:35:42:44 | 'username' | -| HardcodedCredentials.js:42:64:42:73 | 'hgfedcba' | -| HardcodedCredentials.js:42:64:42:73 | 'hgfedcba' | -| HardcodedCredentials.js:42:64:42:73 | 'hgfedcba' | -| HardcodedCredentials.js:44:34:44:43 | 'username' | -| HardcodedCredentials.js:44:34:44:43 | 'username' | -| HardcodedCredentials.js:44:34:44:43 | 'username' | -| HardcodedCredentials.js:44:63:44:72 | 'hgfedcba' | -| HardcodedCredentials.js:44:63:44:72 | 'hgfedcba' | -| HardcodedCredentials.js:44:63:44:72 | 'hgfedcba' | -| HardcodedCredentials.js:46:25:46:34 | 'hgfedcba' | -| HardcodedCredentials.js:46:25:46:34 | 'hgfedcba' | -| HardcodedCredentials.js:46:25:46:34 | 'hgfedcba' | -| HardcodedCredentials.js:53:27:53:36 | 'username' | -| HardcodedCredentials.js:53:27:53:36 | 'username' | -| HardcodedCredentials.js:53:27:53:36 | 'username' | -| HardcodedCredentials.js:53:39:53:48 | 'hgfedcba' | -| HardcodedCredentials.js:53:39:53:48 | 'hgfedcba' | -| HardcodedCredentials.js:53:39:53:48 | 'hgfedcba' | -| HardcodedCredentials.js:56:21:56:30 | 'username' | -| HardcodedCredentials.js:56:21:56:30 | 'username' | -| HardcodedCredentials.js:56:21:56:30 | 'username' | -| HardcodedCredentials.js:57:21:57:30 | 'hgfedcba' | -| HardcodedCredentials.js:57:21:57:30 | 'hgfedcba' | -| HardcodedCredentials.js:57:21:57:30 | 'hgfedcba' | -| HardcodedCredentials.js:61:42:61:54 | 'bearerToken' | -| HardcodedCredentials.js:61:42:61:54 | 'bearerToken' | -| HardcodedCredentials.js:61:42:61:54 | 'bearerToken' | -| HardcodedCredentials.js:65:23:65:35 | 'bearerToken' | -| HardcodedCredentials.js:65:23:65:35 | 'bearerToken' | -| HardcodedCredentials.js:65:23:65:35 | 'bearerToken' | -| HardcodedCredentials.js:69:28:69:37 | 'username' | -| HardcodedCredentials.js:69:28:69:37 | 'username' | -| HardcodedCredentials.js:69:28:69:37 | 'username' | -| HardcodedCredentials.js:69:40:69:49 | 'hgfedcba' | -| HardcodedCredentials.js:69:40:69:49 | 'hgfedcba' | -| HardcodedCredentials.js:69:40:69:49 | 'hgfedcba' | -| HardcodedCredentials.js:70:28:70:37 | 'username' | -| HardcodedCredentials.js:70:28:70:37 | 'username' | -| HardcodedCredentials.js:70:28:70:37 | 'username' | -| HardcodedCredentials.js:70:40:70:49 | 'hgfedcba' | -| HardcodedCredentials.js:70:40:70:49 | 'hgfedcba' | -| HardcodedCredentials.js:70:40:70:49 | 'hgfedcba' | -| HardcodedCredentials.js:72:23:72:32 | 'username' | -| HardcodedCredentials.js:72:23:72:32 | 'username' | -| HardcodedCredentials.js:72:23:72:32 | 'username' | -| HardcodedCredentials.js:72:35:72:44 | 'hgfedcba' | -| HardcodedCredentials.js:72:35:72:44 | 'hgfedcba' | -| HardcodedCredentials.js:72:35:72:44 | 'hgfedcba' | -| HardcodedCredentials.js:75:21:75:30 | 'username' | -| HardcodedCredentials.js:75:21:75:30 | 'username' | -| HardcodedCredentials.js:75:21:75:30 | 'username' | -| HardcodedCredentials.js:76:21:76:30 | 'hgfedcba' | -| HardcodedCredentials.js:76:21:76:30 | 'hgfedcba' | -| HardcodedCredentials.js:76:21:76:30 | 'hgfedcba' | -| HardcodedCredentials.js:84:38:84:47 | 'username' | -| HardcodedCredentials.js:84:38:84:47 | 'username' | -| HardcodedCredentials.js:84:38:84:47 | 'username' | -| HardcodedCredentials.js:84:50:84:59 | 'hgfedcba' | -| HardcodedCredentials.js:84:50:84:59 | 'hgfedcba' | -| HardcodedCredentials.js:84:50:84:59 | 'hgfedcba' | -| HardcodedCredentials.js:86:44:86:53 | 'username' | -| HardcodedCredentials.js:86:44:86:53 | 'username' | -| HardcodedCredentials.js:86:44:86:53 | 'username' | -| HardcodedCredentials.js:86:56:86:65 | 'hgfedcba' | -| HardcodedCredentials.js:86:56:86:65 | 'hgfedcba' | -| HardcodedCredentials.js:86:56:86:65 | 'hgfedcba' | -| HardcodedCredentials.js:91:25:91:31 | 'TOKEN' | -| HardcodedCredentials.js:91:25:91:31 | 'TOKEN' | -| HardcodedCredentials.js:91:25:91:31 | 'TOKEN' | -| HardcodedCredentials.js:98:18:98:21 | 'x1' | -| HardcodedCredentials.js:98:18:98:21 | 'x1' | -| HardcodedCredentials.js:98:18:98:21 | 'x1' | -| HardcodedCredentials.js:99:16:99:19 | 'x2' | -| HardcodedCredentials.js:99:16:99:19 | 'x2' | -| HardcodedCredentials.js:99:16:99:19 | 'x2' | -| HardcodedCredentials.js:100:25:100:28 | 'x3' | -| HardcodedCredentials.js:100:25:100:28 | 'x3' | -| HardcodedCredentials.js:100:25:100:28 | 'x3' | -| HardcodedCredentials.js:101:19:101:22 | 'x4' | -| HardcodedCredentials.js:101:19:101:22 | 'x4' | -| HardcodedCredentials.js:101:19:101:22 | 'x4' | -| HardcodedCredentials.js:102:14:102:23 | 'hgfedcba' | -| HardcodedCredentials.js:102:14:102:23 | 'hgfedcba' | -| HardcodedCredentials.js:102:14:102:23 | 'hgfedcba' | -| HardcodedCredentials.js:103:17:103:26 | 'hgfedcba' | -| HardcodedCredentials.js:103:17:103:26 | 'hgfedcba' | -| HardcodedCredentials.js:103:17:103:26 | 'hgfedcba' | -| HardcodedCredentials.js:104:27:104:36 | 'hgfedcba' | -| HardcodedCredentials.js:104:27:104:36 | 'hgfedcba' | -| HardcodedCredentials.js:104:27:104:36 | 'hgfedcba' | -| HardcodedCredentials.js:105:19:105:28 | 'hgfedcba' | -| HardcodedCredentials.js:105:19:105:28 | 'hgfedcba' | -| HardcodedCredentials.js:105:19:105:28 | 'hgfedcba' | -| HardcodedCredentials.js:106:16:106:25 | 'hgfedcba' | -| HardcodedCredentials.js:106:16:106:25 | 'hgfedcba' | -| HardcodedCredentials.js:106:16:106:25 | 'hgfedcba' | -| HardcodedCredentials.js:112:19:112:22 | 'x5' | -| HardcodedCredentials.js:112:19:112:22 | 'x5' | -| HardcodedCredentials.js:112:19:112:22 | 'x5' | -| HardcodedCredentials.js:113:19:113:28 | 'hgfedcba' | -| HardcodedCredentials.js:113:19:113:28 | 'hgfedcba' | -| HardcodedCredentials.js:113:19:113:28 | 'hgfedcba' | -| HardcodedCredentials.js:130:44:130:53 | 'hgfedcba' | -| HardcodedCredentials.js:130:44:130:53 | 'hgfedcba' | -| HardcodedCredentials.js:130:44:130:53 | 'hgfedcba' | -| HardcodedCredentials.js:131:52:131:61 | 'hgfedcba' | -| HardcodedCredentials.js:131:52:131:61 | 'hgfedcba' | -| HardcodedCredentials.js:131:52:131:61 | 'hgfedcba' | -| HardcodedCredentials.js:135:41:135:50 | "hgfedcba" | -| HardcodedCredentials.js:135:41:135:50 | "hgfedcba" | -| HardcodedCredentials.js:135:41:135:50 | "hgfedcba" | -| HardcodedCredentials.js:160:38:160:56 | "oiuneawrgiyubaegr" | -| HardcodedCredentials.js:160:38:160:56 | "oiuneawrgiyubaegr" | -| HardcodedCredentials.js:160:38:160:56 | "oiuneawrgiyubaegr" | -| HardcodedCredentials.js:161:41:161:59 | 'oiuneawrgiyubaegr' | -| HardcodedCredentials.js:161:41:161:59 | 'oiuneawrgiyubaegr' | -| HardcodedCredentials.js:161:41:161:59 | 'oiuneawrgiyubaegr' | -| HardcodedCredentials.js:164:35:164:45 | 'change_me' | -| HardcodedCredentials.js:164:35:164:45 | 'change_me' | -| HardcodedCredentials.js:164:35:164:45 | 'change_me' | -| HardcodedCredentials.js:171:11:171:25 | USER | -| HardcodedCredentials.js:171:18:171:25 | 'sdsdag' | -| HardcodedCredentials.js:171:18:171:25 | 'sdsdag' | -| HardcodedCredentials.js:172:11:172:25 | PASS | -| HardcodedCredentials.js:172:18:172:25 | 'sdsdag' | -| HardcodedCredentials.js:172:18:172:25 | 'sdsdag' | -| HardcodedCredentials.js:173:11:173:49 | AUTH | -| HardcodedCredentials.js:173:18:173:49 | base64. ... PASS}`) | -| HardcodedCredentials.js:173:32:173:48 | `${USER}:${PASS}` | -| HardcodedCredentials.js:173:35:173:38 | USER | -| HardcodedCredentials.js:173:43:173:46 | PASS | -| HardcodedCredentials.js:178:30:178:44 | `Basic ${AUTH}` | -| HardcodedCredentials.js:178:30:178:44 | `Basic ${AUTH}` | -| HardcodedCredentials.js:178:39:178:42 | AUTH | -| HardcodedCredentials.js:188:30:188:44 | `Basic ${AUTH}` | -| HardcodedCredentials.js:188:30:188:44 | `Basic ${AUTH}` | -| HardcodedCredentials.js:188:39:188:42 | AUTH | -| HardcodedCredentials.js:195:37:195:51 | `Basic ${AUTH}` | -| HardcodedCredentials.js:195:37:195:51 | `Basic ${AUTH}` | -| HardcodedCredentials.js:195:46:195:49 | AUTH | -| HardcodedCredentials.js:204:35:204:49 | `Basic ${AUTH}` | -| HardcodedCredentials.js:204:35:204:49 | `Basic ${AUTH}` | -| HardcodedCredentials.js:204:44:204:47 | AUTH | -| HardcodedCredentials.js:214:11:214:25 | USER | -| HardcodedCredentials.js:214:18:214:25 | 'sdsdag' | -| HardcodedCredentials.js:214:18:214:25 | 'sdsdag' | -| HardcodedCredentials.js:215:11:215:25 | PASS | -| HardcodedCredentials.js:215:18:215:25 | 'sdsdag' | -| HardcodedCredentials.js:215:18:215:25 | 'sdsdag' | -| HardcodedCredentials.js:216:11:216:49 | AUTH | -| HardcodedCredentials.js:216:18:216:49 | base64. ... PASS}`) | -| HardcodedCredentials.js:216:32:216:48 | `${USER}:${PASS}` | -| HardcodedCredentials.js:216:35:216:38 | USER | -| HardcodedCredentials.js:216:43:216:46 | PASS | -| HardcodedCredentials.js:221:37:221:51 | `Basic ${AUTH}` | -| HardcodedCredentials.js:221:37:221:51 | `Basic ${AUTH}` | -| HardcodedCredentials.js:221:46:221:49 | AUTH | -| HardcodedCredentials.js:231:11:231:29 | username | -| HardcodedCredentials.js:231:22:231:29 | 'sdsdag' | -| HardcodedCredentials.js:231:22:231:29 | 'sdsdag' | -| HardcodedCredentials.js:237:24:237:91 | 'Basic ... ase64') | -| HardcodedCredentials.js:237:24:237:91 | 'Basic ... ase64') | -| HardcodedCredentials.js:237:35:237:72 | Buffer. ... ssword) | -| HardcodedCredentials.js:237:35:237:91 | Buffer. ... ase64') | -| HardcodedCredentials.js:237:47:237:54 | username | -| HardcodedCredentials.js:237:47:237:71 | usernam ... assword | -| HardcodedCredentials.js:245:9:245:44 | privateKey | -| HardcodedCredentials.js:245:22:245:44 | "myHard ... ateKey" | -| HardcodedCredentials.js:245:22:245:44 | "myHard ... ateKey" | -| HardcodedCredentials.js:246:42:246:51 | privateKey | -| HardcodedCredentials.js:246:42:246:51 | privateKey | -| HardcodedCredentials.js:260:30:260:40 | `Basic foo` | -| HardcodedCredentials.js:260:30:260:40 | `Basic foo` | -| HardcodedCredentials.js:260:30:260:40 | `Basic foo` | -| HardcodedCredentials.js:268:30:268:73 | `${foo ... Token}` | -| HardcodedCredentials.js:268:30:268:73 | `${foo ... Token}` | -| HardcodedCredentials.js:268:33:268:56 | foo ? ' ... 'OAuth' | -| HardcodedCredentials.js:268:39:268:46 | 'Bearer' | -| HardcodedCredentials.js:268:39:268:46 | 'Bearer' | -| HardcodedCredentials.js:268:50:268:56 | 'OAuth' | -| HardcodedCredentials.js:268:50:268:56 | 'OAuth' | -| HardcodedCredentials.js:275:36:275:59 | "user:{ ... ERE }}" | -| HardcodedCredentials.js:275:36:275:59 | "user:{ ... ERE }}" | -| HardcodedCredentials.js:275:36:275:59 | "user:{ ... ERE }}" | -| HardcodedCredentials.js:276:36:276:65 | "user:t ... ERE }}" | -| HardcodedCredentials.js:276:36:276:65 | "user:t ... ERE }}" | -| HardcodedCredentials.js:276:36:276:65 | "user:t ... ERE }}" | -| HardcodedCredentials.js:277:36:277:57 | "user:( ... HERE )" | -| HardcodedCredentials.js:277:36:277:57 | "user:( ... HERE )" | -| HardcodedCredentials.js:277:36:277:57 | "user:( ... HERE )" | -| HardcodedCredentials.js:278:36:278:64 | "user:{ ... ken }}" | -| HardcodedCredentials.js:278:36:278:64 | "user:{ ... ken }}" | -| HardcodedCredentials.js:278:36:278:64 | "user:{ ... ken }}" | -| HardcodedCredentials.js:279:36:279:50 | "user:abcdefgh" | -| HardcodedCredentials.js:279:36:279:50 | "user:abcdefgh" | -| HardcodedCredentials.js:279:36:279:50 | "user:abcdefgh" | -| HardcodedCredentials.js:280:36:280:50 | "user:12345678" | -| HardcodedCredentials.js:280:36:280:50 | "user:12345678" | -| HardcodedCredentials.js:280:36:280:50 | "user:12345678" | -| HardcodedCredentials.js:281:36:281:45 | "user:foo" | -| HardcodedCredentials.js:281:36:281:45 | "user:foo" | -| HardcodedCredentials.js:281:36:281:45 | "user:foo" | -| HardcodedCredentials.js:282:36:282:52 | "user:mypassword" | -| HardcodedCredentials.js:282:36:282:52 | "user:mypassword" | -| HardcodedCredentials.js:282:36:282:52 | "user:mypassword" | -| HardcodedCredentials.js:283:36:283:49 | "user:mytoken" | -| HardcodedCredentials.js:283:36:283:49 | "user:mytoken" | -| HardcodedCredentials.js:283:36:283:49 | "user:mytoken" | -| HardcodedCredentials.js:284:36:284:52 | "user:fake token" | -| HardcodedCredentials.js:284:36:284:52 | "user:fake token" | -| HardcodedCredentials.js:284:36:284:52 | "user:fake token" | -| HardcodedCredentials.js:285:36:285:46 | "user:dcba" | -| HardcodedCredentials.js:285:36:285:46 | "user:dcba" | -| HardcodedCredentials.js:285:36:285:46 | "user:dcba" | -| HardcodedCredentials.js:286:36:286:55 | "user:custom string" | -| HardcodedCredentials.js:286:36:286:55 | "user:custom string" | -| HardcodedCredentials.js:286:36:286:55 | "user:custom string" | -| HardcodedCredentials.js:292:37:292:57 | `Basic ... sdsdag` | -| HardcodedCredentials.js:292:37:292:57 | `Basic ... sdsdag` | -| HardcodedCredentials.js:292:37:292:57 | `Basic ... sdsdag` | -| HardcodedCredentials.js:293:37:293:65 | `Basic ... xxxxxx` | -| HardcodedCredentials.js:293:37:293:65 | `Basic ... xxxxxx` | -| HardcodedCredentials.js:293:37:293:65 | `Basic ... xxxxxx` | -| HardcodedCredentials.js:294:37:294:70 | `Basic ... gbbbbb` | -| HardcodedCredentials.js:294:37:294:70 | `Basic ... gbbbbb` | -| HardcodedCredentials.js:294:37:294:70 | `Basic ... gbbbbb` | -| HardcodedCredentials.js:295:37:295:66 | `Basic ... 000001` | -| HardcodedCredentials.js:295:37:295:66 | `Basic ... 000001` | -| HardcodedCredentials.js:295:37:295:66 | `Basic ... 000001` | -| HardcodedCredentials.js:299:44:299:52 | 'mytoken' | -| HardcodedCredentials.js:299:44:299:52 | 'mytoken' | -| HardcodedCredentials.js:299:44:299:52 | 'mytoken' | -| HardcodedCredentials.js:300:44:300:56 | 'SampleToken' | -| HardcodedCredentials.js:300:44:300:56 | 'SampleToken' | -| HardcodedCredentials.js:300:44:300:56 | 'SampleToken' | -| HardcodedCredentials.js:301:44:301:55 | 'MyPassword' | -| HardcodedCredentials.js:301:44:301:55 | 'MyPassword' | -| HardcodedCredentials.js:301:44:301:55 | 'MyPassword' | -| HardcodedCredentials.js:302:44:302:69 | 'iubfew ... ybgera' | -| HardcodedCredentials.js:302:44:302:69 | 'iubfew ... ybgera' | -| HardcodedCredentials.js:302:44:302:69 | 'iubfew ... ybgera' | edges -| HardcodedCredentials.js:5:15:5:22 | 'dbuser' | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | -| HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | -| HardcodedCredentials.js:15:36:15:50 | "user:hgfedcba" | HardcodedCredentials.js:15:36:15:50 | "user:hgfedcba" | -| HardcodedCredentials.js:16:37:16:51 | "user:hgfedcba" | HardcodedCredentials.js:16:37:16:51 | "user:hgfedcba" | -| HardcodedCredentials.js:18:16:18:30 | "user:hgfedcba" | HardcodedCredentials.js:20:36:20:51 | getCredentials() | -| HardcodedCredentials.js:18:16:18:30 | "user:hgfedcba" | HardcodedCredentials.js:20:36:20:51 | getCredentials() | -| HardcodedCredentials.js:18:16:18:30 | "user:hgfedcba" | HardcodedCredentials.js:20:36:20:51 | getCredentials() | -| HardcodedCredentials.js:18:16:18:30 | "user:hgfedcba" | HardcodedCredentials.js:20:36:20:51 | getCredentials() | -| HardcodedCredentials.js:27:25:27:31 | 'admin' | HardcodedCredentials.js:27:25:27:31 | 'admin' | -| HardcodedCredentials.js:27:34:27:43 | 'hgfedcba' | HardcodedCredentials.js:27:34:27:43 | 'hgfedcba' | -| HardcodedCredentials.js:29:11:29:30 | 'unknown-admin-name' | HardcodedCredentials.js:29:11:29:30 | 'unknown-admin-name' | -| HardcodedCredentials.js:29:35:29:44 | 'hgfedcba' | HardcodedCredentials.js:29:35:29:44 | 'hgfedcba' | -| HardcodedCredentials.js:35:15:35:24 | 'username' | HardcodedCredentials.js:35:15:35:24 | 'username' | -| HardcodedCredentials.js:35:27:35:36 | 'hgfedcba' | HardcodedCredentials.js:35:27:35:36 | 'hgfedcba' | -| HardcodedCredentials.js:41:38:41:47 | 'username' | HardcodedCredentials.js:41:38:41:47 | 'username' | -| HardcodedCredentials.js:41:67:41:76 | 'hgfedcba' | HardcodedCredentials.js:41:67:41:76 | 'hgfedcba' | -| HardcodedCredentials.js:42:35:42:44 | 'username' | HardcodedCredentials.js:42:35:42:44 | 'username' | -| HardcodedCredentials.js:42:64:42:73 | 'hgfedcba' | HardcodedCredentials.js:42:64:42:73 | 'hgfedcba' | -| HardcodedCredentials.js:44:34:44:43 | 'username' | HardcodedCredentials.js:44:34:44:43 | 'username' | -| HardcodedCredentials.js:44:63:44:72 | 'hgfedcba' | HardcodedCredentials.js:44:63:44:72 | 'hgfedcba' | -| HardcodedCredentials.js:46:25:46:34 | 'hgfedcba' | HardcodedCredentials.js:46:25:46:34 | 'hgfedcba' | -| HardcodedCredentials.js:53:27:53:36 | 'username' | HardcodedCredentials.js:53:27:53:36 | 'username' | -| HardcodedCredentials.js:53:39:53:48 | 'hgfedcba' | HardcodedCredentials.js:53:39:53:48 | 'hgfedcba' | -| HardcodedCredentials.js:56:21:56:30 | 'username' | HardcodedCredentials.js:56:21:56:30 | 'username' | -| HardcodedCredentials.js:57:21:57:30 | 'hgfedcba' | HardcodedCredentials.js:57:21:57:30 | 'hgfedcba' | -| HardcodedCredentials.js:61:42:61:54 | 'bearerToken' | HardcodedCredentials.js:61:42:61:54 | 'bearerToken' | -| HardcodedCredentials.js:65:23:65:35 | 'bearerToken' | HardcodedCredentials.js:65:23:65:35 | 'bearerToken' | -| HardcodedCredentials.js:69:28:69:37 | 'username' | HardcodedCredentials.js:69:28:69:37 | 'username' | -| HardcodedCredentials.js:69:40:69:49 | 'hgfedcba' | HardcodedCredentials.js:69:40:69:49 | 'hgfedcba' | -| HardcodedCredentials.js:70:28:70:37 | 'username' | HardcodedCredentials.js:70:28:70:37 | 'username' | -| HardcodedCredentials.js:70:40:70:49 | 'hgfedcba' | HardcodedCredentials.js:70:40:70:49 | 'hgfedcba' | -| HardcodedCredentials.js:72:23:72:32 | 'username' | HardcodedCredentials.js:72:23:72:32 | 'username' | -| HardcodedCredentials.js:72:35:72:44 | 'hgfedcba' | HardcodedCredentials.js:72:35:72:44 | 'hgfedcba' | -| HardcodedCredentials.js:75:21:75:30 | 'username' | HardcodedCredentials.js:75:21:75:30 | 'username' | -| HardcodedCredentials.js:76:21:76:30 | 'hgfedcba' | HardcodedCredentials.js:76:21:76:30 | 'hgfedcba' | -| HardcodedCredentials.js:84:38:84:47 | 'username' | HardcodedCredentials.js:84:38:84:47 | 'username' | -| HardcodedCredentials.js:84:50:84:59 | 'hgfedcba' | HardcodedCredentials.js:84:50:84:59 | 'hgfedcba' | -| HardcodedCredentials.js:86:44:86:53 | 'username' | HardcodedCredentials.js:86:44:86:53 | 'username' | -| HardcodedCredentials.js:86:56:86:65 | 'hgfedcba' | HardcodedCredentials.js:86:56:86:65 | 'hgfedcba' | -| HardcodedCredentials.js:91:25:91:31 | 'TOKEN' | HardcodedCredentials.js:91:25:91:31 | 'TOKEN' | -| HardcodedCredentials.js:98:18:98:21 | 'x1' | HardcodedCredentials.js:98:18:98:21 | 'x1' | -| HardcodedCredentials.js:99:16:99:19 | 'x2' | HardcodedCredentials.js:99:16:99:19 | 'x2' | -| HardcodedCredentials.js:100:25:100:28 | 'x3' | HardcodedCredentials.js:100:25:100:28 | 'x3' | -| HardcodedCredentials.js:101:19:101:22 | 'x4' | HardcodedCredentials.js:101:19:101:22 | 'x4' | -| HardcodedCredentials.js:102:14:102:23 | 'hgfedcba' | HardcodedCredentials.js:102:14:102:23 | 'hgfedcba' | -| HardcodedCredentials.js:103:17:103:26 | 'hgfedcba' | HardcodedCredentials.js:103:17:103:26 | 'hgfedcba' | -| HardcodedCredentials.js:104:27:104:36 | 'hgfedcba' | HardcodedCredentials.js:104:27:104:36 | 'hgfedcba' | -| HardcodedCredentials.js:105:19:105:28 | 'hgfedcba' | HardcodedCredentials.js:105:19:105:28 | 'hgfedcba' | -| HardcodedCredentials.js:106:16:106:25 | 'hgfedcba' | HardcodedCredentials.js:106:16:106:25 | 'hgfedcba' | -| HardcodedCredentials.js:112:19:112:22 | 'x5' | HardcodedCredentials.js:112:19:112:22 | 'x5' | -| HardcodedCredentials.js:113:19:113:28 | 'hgfedcba' | HardcodedCredentials.js:113:19:113:28 | 'hgfedcba' | -| HardcodedCredentials.js:130:44:130:53 | 'hgfedcba' | HardcodedCredentials.js:130:44:130:53 | 'hgfedcba' | -| HardcodedCredentials.js:131:52:131:61 | 'hgfedcba' | HardcodedCredentials.js:131:52:131:61 | 'hgfedcba' | -| HardcodedCredentials.js:135:41:135:50 | "hgfedcba" | HardcodedCredentials.js:135:41:135:50 | "hgfedcba" | -| HardcodedCredentials.js:160:38:160:56 | "oiuneawrgiyubaegr" | HardcodedCredentials.js:160:38:160:56 | "oiuneawrgiyubaegr" | -| HardcodedCredentials.js:161:41:161:59 | 'oiuneawrgiyubaegr' | HardcodedCredentials.js:161:41:161:59 | 'oiuneawrgiyubaegr' | -| HardcodedCredentials.js:164:35:164:45 | 'change_me' | HardcodedCredentials.js:164:35:164:45 | 'change_me' | -| HardcodedCredentials.js:171:11:171:25 | USER | HardcodedCredentials.js:173:35:173:38 | USER | -| HardcodedCredentials.js:171:18:171:25 | 'sdsdag' | HardcodedCredentials.js:171:11:171:25 | USER | -| HardcodedCredentials.js:171:18:171:25 | 'sdsdag' | HardcodedCredentials.js:171:11:171:25 | USER | -| HardcodedCredentials.js:172:11:172:25 | PASS | HardcodedCredentials.js:173:43:173:46 | PASS | -| HardcodedCredentials.js:172:18:172:25 | 'sdsdag' | HardcodedCredentials.js:172:11:172:25 | PASS | -| HardcodedCredentials.js:172:18:172:25 | 'sdsdag' | HardcodedCredentials.js:172:11:172:25 | PASS | -| HardcodedCredentials.js:173:11:173:49 | AUTH | HardcodedCredentials.js:178:39:178:42 | AUTH | -| HardcodedCredentials.js:173:11:173:49 | AUTH | HardcodedCredentials.js:188:39:188:42 | AUTH | -| HardcodedCredentials.js:173:11:173:49 | AUTH | HardcodedCredentials.js:195:46:195:49 | AUTH | -| HardcodedCredentials.js:173:11:173:49 | AUTH | HardcodedCredentials.js:204:44:204:47 | AUTH | -| HardcodedCredentials.js:173:18:173:49 | base64. ... PASS}`) | HardcodedCredentials.js:173:11:173:49 | AUTH | -| HardcodedCredentials.js:173:32:173:48 | `${USER}:${PASS}` | HardcodedCredentials.js:173:18:173:49 | base64. ... PASS}`) | -| HardcodedCredentials.js:173:35:173:38 | USER | HardcodedCredentials.js:173:32:173:48 | `${USER}:${PASS}` | -| HardcodedCredentials.js:173:43:173:46 | PASS | HardcodedCredentials.js:173:32:173:48 | `${USER}:${PASS}` | -| HardcodedCredentials.js:178:39:178:42 | AUTH | HardcodedCredentials.js:178:30:178:44 | `Basic ${AUTH}` | -| HardcodedCredentials.js:178:39:178:42 | AUTH | HardcodedCredentials.js:178:30:178:44 | `Basic ${AUTH}` | -| HardcodedCredentials.js:188:39:188:42 | AUTH | HardcodedCredentials.js:188:30:188:44 | `Basic ${AUTH}` | -| HardcodedCredentials.js:188:39:188:42 | AUTH | HardcodedCredentials.js:188:30:188:44 | `Basic ${AUTH}` | -| HardcodedCredentials.js:195:46:195:49 | AUTH | HardcodedCredentials.js:195:37:195:51 | `Basic ${AUTH}` | -| HardcodedCredentials.js:195:46:195:49 | AUTH | HardcodedCredentials.js:195:37:195:51 | `Basic ${AUTH}` | -| HardcodedCredentials.js:204:44:204:47 | AUTH | HardcodedCredentials.js:204:35:204:49 | `Basic ${AUTH}` | -| HardcodedCredentials.js:204:44:204:47 | AUTH | HardcodedCredentials.js:204:35:204:49 | `Basic ${AUTH}` | -| HardcodedCredentials.js:214:11:214:25 | USER | HardcodedCredentials.js:216:35:216:38 | USER | -| HardcodedCredentials.js:214:18:214:25 | 'sdsdag' | HardcodedCredentials.js:214:11:214:25 | USER | -| HardcodedCredentials.js:214:18:214:25 | 'sdsdag' | HardcodedCredentials.js:214:11:214:25 | USER | -| HardcodedCredentials.js:215:11:215:25 | PASS | HardcodedCredentials.js:216:43:216:46 | PASS | -| HardcodedCredentials.js:215:18:215:25 | 'sdsdag' | HardcodedCredentials.js:215:11:215:25 | PASS | -| HardcodedCredentials.js:215:18:215:25 | 'sdsdag' | HardcodedCredentials.js:215:11:215:25 | PASS | -| HardcodedCredentials.js:216:11:216:49 | AUTH | HardcodedCredentials.js:221:46:221:49 | AUTH | -| HardcodedCredentials.js:216:18:216:49 | base64. ... PASS}`) | HardcodedCredentials.js:216:11:216:49 | AUTH | -| HardcodedCredentials.js:216:32:216:48 | `${USER}:${PASS}` | HardcodedCredentials.js:216:18:216:49 | base64. ... PASS}`) | -| HardcodedCredentials.js:216:35:216:38 | USER | HardcodedCredentials.js:216:32:216:48 | `${USER}:${PASS}` | -| HardcodedCredentials.js:216:43:216:46 | PASS | HardcodedCredentials.js:216:32:216:48 | `${USER}:${PASS}` | -| HardcodedCredentials.js:221:46:221:49 | AUTH | HardcodedCredentials.js:221:37:221:51 | `Basic ${AUTH}` | -| HardcodedCredentials.js:221:46:221:49 | AUTH | HardcodedCredentials.js:221:37:221:51 | `Basic ${AUTH}` | -| HardcodedCredentials.js:231:11:231:29 | username | HardcodedCredentials.js:237:47:237:54 | username | -| HardcodedCredentials.js:231:22:231:29 | 'sdsdag' | HardcodedCredentials.js:231:11:231:29 | username | -| HardcodedCredentials.js:231:22:231:29 | 'sdsdag' | HardcodedCredentials.js:231:11:231:29 | username | -| HardcodedCredentials.js:237:35:237:72 | Buffer. ... ssword) | HardcodedCredentials.js:237:35:237:91 | Buffer. ... ase64') | -| HardcodedCredentials.js:237:35:237:91 | Buffer. ... ase64') | HardcodedCredentials.js:237:24:237:91 | 'Basic ... ase64') | -| HardcodedCredentials.js:237:35:237:91 | Buffer. ... ase64') | HardcodedCredentials.js:237:24:237:91 | 'Basic ... ase64') | -| HardcodedCredentials.js:237:47:237:54 | username | HardcodedCredentials.js:237:47:237:71 | usernam ... assword | -| HardcodedCredentials.js:237:47:237:71 | usernam ... assword | HardcodedCredentials.js:237:35:237:72 | Buffer. ... ssword) | -| HardcodedCredentials.js:245:9:245:44 | privateKey | HardcodedCredentials.js:246:42:246:51 | privateKey | -| HardcodedCredentials.js:245:9:245:44 | privateKey | HardcodedCredentials.js:246:42:246:51 | privateKey | -| HardcodedCredentials.js:245:22:245:44 | "myHard ... ateKey" | HardcodedCredentials.js:245:9:245:44 | privateKey | -| HardcodedCredentials.js:245:22:245:44 | "myHard ... ateKey" | HardcodedCredentials.js:245:9:245:44 | privateKey | -| HardcodedCredentials.js:260:30:260:40 | `Basic foo` | HardcodedCredentials.js:260:30:260:40 | `Basic foo` | -| HardcodedCredentials.js:268:33:268:56 | foo ? ' ... 'OAuth' | HardcodedCredentials.js:268:30:268:73 | `${foo ... Token}` | -| HardcodedCredentials.js:268:33:268:56 | foo ? ' ... 'OAuth' | HardcodedCredentials.js:268:30:268:73 | `${foo ... Token}` | -| HardcodedCredentials.js:268:39:268:46 | 'Bearer' | HardcodedCredentials.js:268:33:268:56 | foo ? ' ... 'OAuth' | -| HardcodedCredentials.js:268:39:268:46 | 'Bearer' | HardcodedCredentials.js:268:33:268:56 | foo ? ' ... 'OAuth' | -| HardcodedCredentials.js:268:50:268:56 | 'OAuth' | HardcodedCredentials.js:268:33:268:56 | foo ? ' ... 'OAuth' | -| HardcodedCredentials.js:268:50:268:56 | 'OAuth' | HardcodedCredentials.js:268:33:268:56 | foo ? ' ... 'OAuth' | -| HardcodedCredentials.js:275:36:275:59 | "user:{ ... ERE }}" | HardcodedCredentials.js:275:36:275:59 | "user:{ ... ERE }}" | -| HardcodedCredentials.js:276:36:276:65 | "user:t ... ERE }}" | HardcodedCredentials.js:276:36:276:65 | "user:t ... ERE }}" | -| HardcodedCredentials.js:277:36:277:57 | "user:( ... HERE )" | HardcodedCredentials.js:277:36:277:57 | "user:( ... HERE )" | -| HardcodedCredentials.js:278:36:278:64 | "user:{ ... ken }}" | HardcodedCredentials.js:278:36:278:64 | "user:{ ... ken }}" | -| HardcodedCredentials.js:279:36:279:50 | "user:abcdefgh" | HardcodedCredentials.js:279:36:279:50 | "user:abcdefgh" | -| HardcodedCredentials.js:280:36:280:50 | "user:12345678" | HardcodedCredentials.js:280:36:280:50 | "user:12345678" | -| HardcodedCredentials.js:281:36:281:45 | "user:foo" | HardcodedCredentials.js:281:36:281:45 | "user:foo" | -| HardcodedCredentials.js:282:36:282:52 | "user:mypassword" | HardcodedCredentials.js:282:36:282:52 | "user:mypassword" | -| HardcodedCredentials.js:283:36:283:49 | "user:mytoken" | HardcodedCredentials.js:283:36:283:49 | "user:mytoken" | -| HardcodedCredentials.js:284:36:284:52 | "user:fake token" | HardcodedCredentials.js:284:36:284:52 | "user:fake token" | -| HardcodedCredentials.js:285:36:285:46 | "user:dcba" | HardcodedCredentials.js:285:36:285:46 | "user:dcba" | -| HardcodedCredentials.js:286:36:286:55 | "user:custom string" | HardcodedCredentials.js:286:36:286:55 | "user:custom string" | -| HardcodedCredentials.js:292:37:292:57 | `Basic ... sdsdag` | HardcodedCredentials.js:292:37:292:57 | `Basic ... sdsdag` | -| HardcodedCredentials.js:293:37:293:65 | `Basic ... xxxxxx` | HardcodedCredentials.js:293:37:293:65 | `Basic ... xxxxxx` | -| HardcodedCredentials.js:294:37:294:70 | `Basic ... gbbbbb` | HardcodedCredentials.js:294:37:294:70 | `Basic ... gbbbbb` | -| HardcodedCredentials.js:295:37:295:66 | `Basic ... 000001` | HardcodedCredentials.js:295:37:295:66 | `Basic ... 000001` | -| HardcodedCredentials.js:299:44:299:52 | 'mytoken' | HardcodedCredentials.js:299:44:299:52 | 'mytoken' | -| HardcodedCredentials.js:300:44:300:56 | 'SampleToken' | HardcodedCredentials.js:300:44:300:56 | 'SampleToken' | -| HardcodedCredentials.js:301:44:301:55 | 'MyPassword' | HardcodedCredentials.js:301:44:301:55 | 'MyPassword' | -| HardcodedCredentials.js:302:44:302:69 | 'iubfew ... ybgera' | HardcodedCredentials.js:302:44:302:69 | 'iubfew ... ybgera' | +| HardcodedCredentials.js:18:16:18:30 | "user:hgfedcba" | HardcodedCredentials.js:20:36:20:51 | getCredentials() | provenance | | +| HardcodedCredentials.js:171:11:171:25 | USER | HardcodedCredentials.js:173:35:173:38 | USER | provenance | | +| HardcodedCredentials.js:171:18:171:25 | 'sdsdag' | HardcodedCredentials.js:171:11:171:25 | USER | provenance | | +| HardcodedCredentials.js:172:11:172:25 | PASS | HardcodedCredentials.js:173:43:173:46 | PASS | provenance | | +| HardcodedCredentials.js:172:18:172:25 | 'sdsdag' | HardcodedCredentials.js:172:11:172:25 | PASS | provenance | | +| HardcodedCredentials.js:173:11:173:49 | AUTH | HardcodedCredentials.js:178:39:178:42 | AUTH | provenance | | +| HardcodedCredentials.js:173:11:173:49 | AUTH | HardcodedCredentials.js:188:39:188:42 | AUTH | provenance | | +| HardcodedCredentials.js:173:11:173:49 | AUTH | HardcodedCredentials.js:195:46:195:49 | AUTH | provenance | | +| HardcodedCredentials.js:173:11:173:49 | AUTH | HardcodedCredentials.js:204:44:204:47 | AUTH | provenance | | +| HardcodedCredentials.js:173:18:173:49 | base64. ... PASS}`) | HardcodedCredentials.js:173:11:173:49 | AUTH | provenance | | +| HardcodedCredentials.js:173:32:173:48 | `${USER}:${PASS}` | HardcodedCredentials.js:173:18:173:49 | base64. ... PASS}`) | provenance | Config | +| HardcodedCredentials.js:173:35:173:38 | USER | HardcodedCredentials.js:173:32:173:48 | `${USER}:${PASS}` | provenance | Config | +| HardcodedCredentials.js:173:43:173:46 | PASS | HardcodedCredentials.js:173:32:173:48 | `${USER}:${PASS}` | provenance | Config | +| HardcodedCredentials.js:178:39:178:42 | AUTH | HardcodedCredentials.js:178:30:178:44 | `Basic ${AUTH}` | provenance | Config | +| HardcodedCredentials.js:188:39:188:42 | AUTH | HardcodedCredentials.js:188:30:188:44 | `Basic ${AUTH}` | provenance | Config | +| HardcodedCredentials.js:195:46:195:49 | AUTH | HardcodedCredentials.js:195:37:195:51 | `Basic ${AUTH}` | provenance | Config | +| HardcodedCredentials.js:204:44:204:47 | AUTH | HardcodedCredentials.js:204:35:204:49 | `Basic ${AUTH}` | provenance | Config | +| HardcodedCredentials.js:214:11:214:25 | USER | HardcodedCredentials.js:216:35:216:38 | USER | provenance | | +| HardcodedCredentials.js:214:18:214:25 | 'sdsdag' | HardcodedCredentials.js:214:11:214:25 | USER | provenance | | +| HardcodedCredentials.js:215:11:215:25 | PASS | HardcodedCredentials.js:216:43:216:46 | PASS | provenance | | +| HardcodedCredentials.js:215:18:215:25 | 'sdsdag' | HardcodedCredentials.js:215:11:215:25 | PASS | provenance | | +| HardcodedCredentials.js:216:11:216:49 | AUTH | HardcodedCredentials.js:221:46:221:49 | AUTH | provenance | | +| HardcodedCredentials.js:216:18:216:49 | base64. ... PASS}`) | HardcodedCredentials.js:216:11:216:49 | AUTH | provenance | | +| HardcodedCredentials.js:216:32:216:48 | `${USER}:${PASS}` | HardcodedCredentials.js:216:18:216:49 | base64. ... PASS}`) | provenance | Config | +| HardcodedCredentials.js:216:35:216:38 | USER | HardcodedCredentials.js:216:32:216:48 | `${USER}:${PASS}` | provenance | Config | +| HardcodedCredentials.js:216:43:216:46 | PASS | HardcodedCredentials.js:216:32:216:48 | `${USER}:${PASS}` | provenance | Config | +| HardcodedCredentials.js:221:46:221:49 | AUTH | HardcodedCredentials.js:221:37:221:51 | `Basic ${AUTH}` | provenance | Config | +| HardcodedCredentials.js:231:11:231:29 | username | HardcodedCredentials.js:237:47:237:54 | username | provenance | | +| HardcodedCredentials.js:231:22:231:29 | 'sdsdag' | HardcodedCredentials.js:231:11:231:29 | username | provenance | | +| HardcodedCredentials.js:237:35:237:72 | Buffer. ... ssword) | HardcodedCredentials.js:237:35:237:91 | Buffer. ... ase64') | provenance | Config | +| HardcodedCredentials.js:237:35:237:91 | Buffer. ... ase64') | HardcodedCredentials.js:237:24:237:91 | 'Basic ... ase64') | provenance | Config | +| HardcodedCredentials.js:237:47:237:54 | username | HardcodedCredentials.js:237:47:237:71 | usernam ... assword | provenance | Config | +| HardcodedCredentials.js:237:47:237:71 | usernam ... assword | HardcodedCredentials.js:237:35:237:72 | Buffer. ... ssword) | provenance | Config | +| HardcodedCredentials.js:245:9:245:44 | privateKey | HardcodedCredentials.js:246:42:246:51 | privateKey | provenance | | +| HardcodedCredentials.js:245:22:245:44 | "myHard ... ateKey" | HardcodedCredentials.js:245:9:245:44 | privateKey | provenance | | +| HardcodedCredentials.js:268:33:268:56 | foo ? ' ... 'OAuth' | HardcodedCredentials.js:268:30:268:73 | `${foo ... Token}` | provenance | Config | +| HardcodedCredentials.js:268:39:268:46 | 'Bearer' | HardcodedCredentials.js:268:33:268:56 | foo ? ' ... 'OAuth' | provenance | | +| HardcodedCredentials.js:268:50:268:56 | 'OAuth' | HardcodedCredentials.js:268:33:268:56 | foo ? ' ... 'OAuth' | provenance | | +nodes +| HardcodedCredentials.js:5:15:5:22 | 'dbuser' | semmle.label | 'dbuser' | +| HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | semmle.label | 'hgfedcba' | +| HardcodedCredentials.js:15:36:15:50 | "user:hgfedcba" | semmle.label | "user:hgfedcba" | +| HardcodedCredentials.js:16:37:16:51 | "user:hgfedcba" | semmle.label | "user:hgfedcba" | +| HardcodedCredentials.js:18:16:18:30 | "user:hgfedcba" | semmle.label | "user:hgfedcba" | +| HardcodedCredentials.js:20:36:20:51 | getCredentials() | semmle.label | getCredentials() | +| HardcodedCredentials.js:27:25:27:31 | 'admin' | semmle.label | 'admin' | +| HardcodedCredentials.js:27:34:27:43 | 'hgfedcba' | semmle.label | 'hgfedcba' | +| HardcodedCredentials.js:29:11:29:30 | 'unknown-admin-name' | semmle.label | 'unknown-admin-name' | +| HardcodedCredentials.js:29:35:29:44 | 'hgfedcba' | semmle.label | 'hgfedcba' | +| HardcodedCredentials.js:35:15:35:24 | 'username' | semmle.label | 'username' | +| HardcodedCredentials.js:35:27:35:36 | 'hgfedcba' | semmle.label | 'hgfedcba' | +| HardcodedCredentials.js:41:38:41:47 | 'username' | semmle.label | 'username' | +| HardcodedCredentials.js:41:67:41:76 | 'hgfedcba' | semmle.label | 'hgfedcba' | +| HardcodedCredentials.js:42:35:42:44 | 'username' | semmle.label | 'username' | +| HardcodedCredentials.js:42:64:42:73 | 'hgfedcba' | semmle.label | 'hgfedcba' | +| HardcodedCredentials.js:44:34:44:43 | 'username' | semmle.label | 'username' | +| HardcodedCredentials.js:44:63:44:72 | 'hgfedcba' | semmle.label | 'hgfedcba' | +| HardcodedCredentials.js:46:25:46:34 | 'hgfedcba' | semmle.label | 'hgfedcba' | +| HardcodedCredentials.js:53:27:53:36 | 'username' | semmle.label | 'username' | +| HardcodedCredentials.js:53:39:53:48 | 'hgfedcba' | semmle.label | 'hgfedcba' | +| HardcodedCredentials.js:56:21:56:30 | 'username' | semmle.label | 'username' | +| HardcodedCredentials.js:57:21:57:30 | 'hgfedcba' | semmle.label | 'hgfedcba' | +| HardcodedCredentials.js:61:42:61:54 | 'bearerToken' | semmle.label | 'bearerToken' | +| HardcodedCredentials.js:65:23:65:35 | 'bearerToken' | semmle.label | 'bearerToken' | +| HardcodedCredentials.js:69:28:69:37 | 'username' | semmle.label | 'username' | +| HardcodedCredentials.js:69:40:69:49 | 'hgfedcba' | semmle.label | 'hgfedcba' | +| HardcodedCredentials.js:70:28:70:37 | 'username' | semmle.label | 'username' | +| HardcodedCredentials.js:70:40:70:49 | 'hgfedcba' | semmle.label | 'hgfedcba' | +| HardcodedCredentials.js:72:23:72:32 | 'username' | semmle.label | 'username' | +| HardcodedCredentials.js:72:35:72:44 | 'hgfedcba' | semmle.label | 'hgfedcba' | +| HardcodedCredentials.js:75:21:75:30 | 'username' | semmle.label | 'username' | +| HardcodedCredentials.js:76:21:76:30 | 'hgfedcba' | semmle.label | 'hgfedcba' | +| HardcodedCredentials.js:84:38:84:47 | 'username' | semmle.label | 'username' | +| HardcodedCredentials.js:84:50:84:59 | 'hgfedcba' | semmle.label | 'hgfedcba' | +| HardcodedCredentials.js:86:44:86:53 | 'username' | semmle.label | 'username' | +| HardcodedCredentials.js:86:56:86:65 | 'hgfedcba' | semmle.label | 'hgfedcba' | +| HardcodedCredentials.js:91:25:91:31 | 'TOKEN' | semmle.label | 'TOKEN' | +| HardcodedCredentials.js:98:18:98:21 | 'x1' | semmle.label | 'x1' | +| HardcodedCredentials.js:99:16:99:19 | 'x2' | semmle.label | 'x2' | +| HardcodedCredentials.js:100:25:100:28 | 'x3' | semmle.label | 'x3' | +| HardcodedCredentials.js:101:19:101:22 | 'x4' | semmle.label | 'x4' | +| HardcodedCredentials.js:102:14:102:23 | 'hgfedcba' | semmle.label | 'hgfedcba' | +| HardcodedCredentials.js:103:17:103:26 | 'hgfedcba' | semmle.label | 'hgfedcba' | +| HardcodedCredentials.js:104:27:104:36 | 'hgfedcba' | semmle.label | 'hgfedcba' | +| HardcodedCredentials.js:105:19:105:28 | 'hgfedcba' | semmle.label | 'hgfedcba' | +| HardcodedCredentials.js:106:16:106:25 | 'hgfedcba' | semmle.label | 'hgfedcba' | +| HardcodedCredentials.js:112:19:112:22 | 'x5' | semmle.label | 'x5' | +| HardcodedCredentials.js:113:19:113:28 | 'hgfedcba' | semmle.label | 'hgfedcba' | +| HardcodedCredentials.js:130:44:130:53 | 'hgfedcba' | semmle.label | 'hgfedcba' | +| HardcodedCredentials.js:131:52:131:61 | 'hgfedcba' | semmle.label | 'hgfedcba' | +| HardcodedCredentials.js:135:41:135:50 | "hgfedcba" | semmle.label | "hgfedcba" | +| HardcodedCredentials.js:160:38:160:56 | "oiuneawrgiyubaegr" | semmle.label | "oiuneawrgiyubaegr" | +| HardcodedCredentials.js:161:41:161:59 | 'oiuneawrgiyubaegr' | semmle.label | 'oiuneawrgiyubaegr' | +| HardcodedCredentials.js:164:35:164:45 | 'change_me' | semmle.label | 'change_me' | +| HardcodedCredentials.js:171:11:171:25 | USER | semmle.label | USER | +| HardcodedCredentials.js:171:18:171:25 | 'sdsdag' | semmle.label | 'sdsdag' | +| HardcodedCredentials.js:172:11:172:25 | PASS | semmle.label | PASS | +| HardcodedCredentials.js:172:18:172:25 | 'sdsdag' | semmle.label | 'sdsdag' | +| HardcodedCredentials.js:173:11:173:49 | AUTH | semmle.label | AUTH | +| HardcodedCredentials.js:173:18:173:49 | base64. ... PASS}`) | semmle.label | base64. ... PASS}`) | +| HardcodedCredentials.js:173:32:173:48 | `${USER}:${PASS}` | semmle.label | `${USER}:${PASS}` | +| HardcodedCredentials.js:173:35:173:38 | USER | semmle.label | USER | +| HardcodedCredentials.js:173:43:173:46 | PASS | semmle.label | PASS | +| HardcodedCredentials.js:178:30:178:44 | `Basic ${AUTH}` | semmle.label | `Basic ${AUTH}` | +| HardcodedCredentials.js:178:39:178:42 | AUTH | semmle.label | AUTH | +| HardcodedCredentials.js:188:30:188:44 | `Basic ${AUTH}` | semmle.label | `Basic ${AUTH}` | +| HardcodedCredentials.js:188:39:188:42 | AUTH | semmle.label | AUTH | +| HardcodedCredentials.js:195:37:195:51 | `Basic ${AUTH}` | semmle.label | `Basic ${AUTH}` | +| HardcodedCredentials.js:195:46:195:49 | AUTH | semmle.label | AUTH | +| HardcodedCredentials.js:204:35:204:49 | `Basic ${AUTH}` | semmle.label | `Basic ${AUTH}` | +| HardcodedCredentials.js:204:44:204:47 | AUTH | semmle.label | AUTH | +| HardcodedCredentials.js:214:11:214:25 | USER | semmle.label | USER | +| HardcodedCredentials.js:214:18:214:25 | 'sdsdag' | semmle.label | 'sdsdag' | +| HardcodedCredentials.js:215:11:215:25 | PASS | semmle.label | PASS | +| HardcodedCredentials.js:215:18:215:25 | 'sdsdag' | semmle.label | 'sdsdag' | +| HardcodedCredentials.js:216:11:216:49 | AUTH | semmle.label | AUTH | +| HardcodedCredentials.js:216:18:216:49 | base64. ... PASS}`) | semmle.label | base64. ... PASS}`) | +| HardcodedCredentials.js:216:32:216:48 | `${USER}:${PASS}` | semmle.label | `${USER}:${PASS}` | +| HardcodedCredentials.js:216:35:216:38 | USER | semmle.label | USER | +| HardcodedCredentials.js:216:43:216:46 | PASS | semmle.label | PASS | +| HardcodedCredentials.js:221:37:221:51 | `Basic ${AUTH}` | semmle.label | `Basic ${AUTH}` | +| HardcodedCredentials.js:221:46:221:49 | AUTH | semmle.label | AUTH | +| HardcodedCredentials.js:231:11:231:29 | username | semmle.label | username | +| HardcodedCredentials.js:231:22:231:29 | 'sdsdag' | semmle.label | 'sdsdag' | +| HardcodedCredentials.js:237:24:237:91 | 'Basic ... ase64') | semmle.label | 'Basic ... ase64') | +| HardcodedCredentials.js:237:35:237:72 | Buffer. ... ssword) | semmle.label | Buffer. ... ssword) | +| HardcodedCredentials.js:237:35:237:91 | Buffer. ... ase64') | semmle.label | Buffer. ... ase64') | +| HardcodedCredentials.js:237:47:237:54 | username | semmle.label | username | +| HardcodedCredentials.js:237:47:237:71 | usernam ... assword | semmle.label | usernam ... assword | +| HardcodedCredentials.js:245:9:245:44 | privateKey | semmle.label | privateKey | +| HardcodedCredentials.js:245:22:245:44 | "myHard ... ateKey" | semmle.label | "myHard ... ateKey" | +| HardcodedCredentials.js:246:42:246:51 | privateKey | semmle.label | privateKey | +| HardcodedCredentials.js:260:30:260:40 | `Basic foo` | semmle.label | `Basic foo` | +| HardcodedCredentials.js:268:30:268:73 | `${foo ... Token}` | semmle.label | `${foo ... Token}` | +| HardcodedCredentials.js:268:33:268:56 | foo ? ' ... 'OAuth' | semmle.label | foo ? ' ... 'OAuth' | +| HardcodedCredentials.js:268:39:268:46 | 'Bearer' | semmle.label | 'Bearer' | +| HardcodedCredentials.js:268:50:268:56 | 'OAuth' | semmle.label | 'OAuth' | +| HardcodedCredentials.js:275:36:275:59 | "user:{ ... ERE }}" | semmle.label | "user:{ ... ERE }}" | +| HardcodedCredentials.js:276:36:276:65 | "user:t ... ERE }}" | semmle.label | "user:t ... ERE }}" | +| HardcodedCredentials.js:277:36:277:57 | "user:( ... HERE )" | semmle.label | "user:( ... HERE )" | +| HardcodedCredentials.js:278:36:278:64 | "user:{ ... ken }}" | semmle.label | "user:{ ... ken }}" | +| HardcodedCredentials.js:279:36:279:50 | "user:abcdefgh" | semmle.label | "user:abcdefgh" | +| HardcodedCredentials.js:280:36:280:50 | "user:12345678" | semmle.label | "user:12345678" | +| HardcodedCredentials.js:281:36:281:45 | "user:foo" | semmle.label | "user:foo" | +| HardcodedCredentials.js:282:36:282:52 | "user:mypassword" | semmle.label | "user:mypassword" | +| HardcodedCredentials.js:283:36:283:49 | "user:mytoken" | semmle.label | "user:mytoken" | +| HardcodedCredentials.js:284:36:284:52 | "user:fake token" | semmle.label | "user:fake token" | +| HardcodedCredentials.js:285:36:285:46 | "user:dcba" | semmle.label | "user:dcba" | +| HardcodedCredentials.js:286:36:286:55 | "user:custom string" | semmle.label | "user:custom string" | +| HardcodedCredentials.js:292:37:292:57 | `Basic ... sdsdag` | semmle.label | `Basic ... sdsdag` | +| HardcodedCredentials.js:293:37:293:65 | `Basic ... xxxxxx` | semmle.label | `Basic ... xxxxxx` | +| HardcodedCredentials.js:294:37:294:70 | `Basic ... gbbbbb` | semmle.label | `Basic ... gbbbbb` | +| HardcodedCredentials.js:295:37:295:66 | `Basic ... 000001` | semmle.label | `Basic ... 000001` | +| HardcodedCredentials.js:299:44:299:52 | 'mytoken' | semmle.label | 'mytoken' | +| HardcodedCredentials.js:300:44:300:56 | 'SampleToken' | semmle.label | 'SampleToken' | +| HardcodedCredentials.js:301:44:301:55 | 'MyPassword' | semmle.label | 'MyPassword' | +| HardcodedCredentials.js:302:44:302:69 | 'iubfew ... ybgera' | semmle.label | 'iubfew ... ybgera' | +subpaths #select | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | The hard-coded value "dbuser" is used as $@. | HardcodedCredentials.js:5:15:5:22 | 'dbuser' | user name | | HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | The hard-coded value "hgfedcba" is used as $@. | HardcodedCredentials.js:8:19:8:28 | 'hgfedcba' | password | diff --git a/javascript/ql/test/query-tests/Security/CWE-807/ConditionalBypass.expected b/javascript/ql/test/query-tests/Security/CWE-807/ConditionalBypass.expected index 6f4dcb31bd5f..834ad02c1f24 100644 --- a/javascript/ql/test/query-tests/Security/CWE-807/ConditionalBypass.expected +++ b/javascript/ql/test/query-tests/Security/CWE-807/ConditionalBypass.expected @@ -1,122 +1,56 @@ -nodes -| example_bypass.js:6:9:6:19 | req.cookies | -| example_bypass.js:6:9:6:19 | req.cookies | -| example_bypass.js:6:9:6:34 | req.coo ... nUserId | -| example_bypass.js:6:9:6:34 | req.coo ... nUserId | -| example_bypass.js:6:40:6:56 | req.params.userId | -| example_bypass.js:6:40:6:56 | req.params.userId | -| example_bypass.js:6:40:6:56 | req.params.userId | -| example_bypass.js:17:46:17:62 | req.params.userId | -| example_bypass.js:17:46:17:62 | req.params.userId | -| example_bypass.js:17:46:17:62 | req.params.userId | -| tst.js:9:8:9:26 | req.params.shutDown | -| tst.js:9:8:9:26 | req.params.shutDown | -| tst.js:9:8:9:26 | req.params.shutDown | -| tst.js:13:9:13:19 | req.cookies | -| tst.js:13:9:13:19 | req.cookies | -| tst.js:13:9:13:30 | req.coo ... inThing | -| tst.js:13:9:13:30 | req.coo ... inThing | -| tst.js:27:9:27:37 | v3 | -| tst.js:27:14:27:37 | id(req. ... okieId) | -| tst.js:27:17:27:27 | req.cookies | -| tst.js:27:17:27:27 | req.cookies | -| tst.js:27:17:27:36 | req.cookies.cookieId | -| tst.js:28:9:28:10 | v3 | -| tst.js:28:9:28:10 | v3 | -| tst.js:33:13:33:23 | req.cookies | -| tst.js:33:13:33:23 | req.cookies | -| tst.js:33:13:33:32 | req.cookies.cookieId | -| tst.js:33:13:33:32 | req.cookies.cookieId | -| tst.js:38:9:38:19 | req.cookies | -| tst.js:38:9:38:19 | req.cookies | -| tst.js:38:9:38:28 | req.cookies.cookieId | -| tst.js:38:9:38:28 | req.cookies.cookieId | -| tst.js:44:8:44:23 | req.params.login | -| tst.js:44:8:44:23 | req.params.login | -| tst.js:44:8:44:23 | req.params.login | -| tst.js:57:8:57:23 | req.params.login | -| tst.js:57:8:57:23 | req.params.login | -| tst.js:57:8:57:23 | req.params.login | -| tst.js:61:9:61:19 | req.cookies | -| tst.js:61:9:61:19 | req.cookies | -| tst.js:61:9:61:28 | req.cookies.cookieId | -| tst.js:61:9:61:28 | req.cookies.cookieId | -| tst.js:61:34:61:53 | req.params.requestId | -| tst.js:61:34:61:53 | req.params.requestId | -| tst.js:61:34:61:53 | req.params.requestId | -| tst.js:65:14:65:24 | req.cookies | -| tst.js:65:14:65:24 | req.cookies | -| tst.js:65:14:65:33 | req.cookies.cookieId | -| tst.js:65:14:65:33 | req.cookies.cookieId | -| tst.js:65:39:65:58 | req.params.requestId | -| tst.js:65:39:65:58 | req.params.requestId | -| tst.js:65:39:65:58 | req.params.requestId | -| tst.js:78:9:78:19 | req.cookies | -| tst.js:78:9:78:19 | req.cookies | -| tst.js:78:9:78:28 | req.cookies.cookieId | -| tst.js:78:9:78:28 | req.cookies.cookieId | -| tst.js:78:9:78:41 | req.coo ... secret" | -| tst.js:78:9:78:41 | req.coo ... secret" | -| tst.js:91:10:91:17 | req.body | -| tst.js:91:10:91:17 | req.body | -| tst.js:91:10:91:17 | req.body | -| tst.js:98:13:98:32 | req.query.vulnerable | -| tst.js:98:13:98:32 | req.query.vulnerable | -| tst.js:98:13:98:32 | req.query.vulnerable | -| tst.js:105:13:105:32 | req.query.vulnerable | -| tst.js:105:13:105:32 | req.query.vulnerable | -| tst.js:105:13:105:32 | req.query.vulnerable | -| tst.js:113:13:113:32 | req.query.vulnerable | -| tst.js:113:13:113:32 | req.query.vulnerable | -| tst.js:113:13:113:32 | req.query.vulnerable | edges -| example_bypass.js:6:9:6:19 | req.cookies | example_bypass.js:6:9:6:34 | req.coo ... nUserId | -| example_bypass.js:6:9:6:19 | req.cookies | example_bypass.js:6:9:6:34 | req.coo ... nUserId | -| example_bypass.js:6:9:6:19 | req.cookies | example_bypass.js:6:9:6:34 | req.coo ... nUserId | -| example_bypass.js:6:9:6:19 | req.cookies | example_bypass.js:6:9:6:34 | req.coo ... nUserId | -| example_bypass.js:6:40:6:56 | req.params.userId | example_bypass.js:6:40:6:56 | req.params.userId | -| example_bypass.js:17:46:17:62 | req.params.userId | example_bypass.js:17:46:17:62 | req.params.userId | -| tst.js:9:8:9:26 | req.params.shutDown | tst.js:9:8:9:26 | req.params.shutDown | -| tst.js:13:9:13:19 | req.cookies | tst.js:13:9:13:30 | req.coo ... inThing | -| tst.js:13:9:13:19 | req.cookies | tst.js:13:9:13:30 | req.coo ... inThing | -| tst.js:13:9:13:19 | req.cookies | tst.js:13:9:13:30 | req.coo ... inThing | -| tst.js:13:9:13:19 | req.cookies | tst.js:13:9:13:30 | req.coo ... inThing | -| tst.js:27:9:27:37 | v3 | tst.js:28:9:28:10 | v3 | -| tst.js:27:9:27:37 | v3 | tst.js:28:9:28:10 | v3 | -| tst.js:27:14:27:37 | id(req. ... okieId) | tst.js:27:9:27:37 | v3 | -| tst.js:27:17:27:27 | req.cookies | tst.js:27:17:27:36 | req.cookies.cookieId | -| tst.js:27:17:27:27 | req.cookies | tst.js:27:17:27:36 | req.cookies.cookieId | -| tst.js:27:17:27:36 | req.cookies.cookieId | tst.js:27:14:27:37 | id(req. ... okieId) | -| tst.js:33:13:33:23 | req.cookies | tst.js:33:13:33:32 | req.cookies.cookieId | -| tst.js:33:13:33:23 | req.cookies | tst.js:33:13:33:32 | req.cookies.cookieId | -| tst.js:33:13:33:23 | req.cookies | tst.js:33:13:33:32 | req.cookies.cookieId | -| tst.js:33:13:33:23 | req.cookies | tst.js:33:13:33:32 | req.cookies.cookieId | -| tst.js:38:9:38:19 | req.cookies | tst.js:38:9:38:28 | req.cookies.cookieId | -| tst.js:38:9:38:19 | req.cookies | tst.js:38:9:38:28 | req.cookies.cookieId | -| tst.js:38:9:38:19 | req.cookies | tst.js:38:9:38:28 | req.cookies.cookieId | -| tst.js:38:9:38:19 | req.cookies | tst.js:38:9:38:28 | req.cookies.cookieId | -| tst.js:44:8:44:23 | req.params.login | tst.js:44:8:44:23 | req.params.login | -| tst.js:57:8:57:23 | req.params.login | tst.js:57:8:57:23 | req.params.login | -| tst.js:61:9:61:19 | req.cookies | tst.js:61:9:61:28 | req.cookies.cookieId | -| tst.js:61:9:61:19 | req.cookies | tst.js:61:9:61:28 | req.cookies.cookieId | -| tst.js:61:9:61:19 | req.cookies | tst.js:61:9:61:28 | req.cookies.cookieId | -| tst.js:61:9:61:19 | req.cookies | tst.js:61:9:61:28 | req.cookies.cookieId | -| tst.js:61:34:61:53 | req.params.requestId | tst.js:61:34:61:53 | req.params.requestId | -| tst.js:65:14:65:24 | req.cookies | tst.js:65:14:65:33 | req.cookies.cookieId | -| tst.js:65:14:65:24 | req.cookies | tst.js:65:14:65:33 | req.cookies.cookieId | -| tst.js:65:14:65:24 | req.cookies | tst.js:65:14:65:33 | req.cookies.cookieId | -| tst.js:65:14:65:24 | req.cookies | tst.js:65:14:65:33 | req.cookies.cookieId | -| tst.js:65:39:65:58 | req.params.requestId | tst.js:65:39:65:58 | req.params.requestId | -| tst.js:78:9:78:19 | req.cookies | tst.js:78:9:78:28 | req.cookies.cookieId | -| tst.js:78:9:78:19 | req.cookies | tst.js:78:9:78:28 | req.cookies.cookieId | -| tst.js:78:9:78:19 | req.cookies | tst.js:78:9:78:28 | req.cookies.cookieId | -| tst.js:78:9:78:19 | req.cookies | tst.js:78:9:78:28 | req.cookies.cookieId | -| tst.js:78:9:78:28 | req.cookies.cookieId | tst.js:78:9:78:41 | req.coo ... secret" | -| tst.js:78:9:78:28 | req.cookies.cookieId | tst.js:78:9:78:41 | req.coo ... secret" | -| tst.js:91:10:91:17 | req.body | tst.js:91:10:91:17 | req.body | -| tst.js:98:13:98:32 | req.query.vulnerable | tst.js:98:13:98:32 | req.query.vulnerable | -| tst.js:105:13:105:32 | req.query.vulnerable | tst.js:105:13:105:32 | req.query.vulnerable | -| tst.js:113:13:113:32 | req.query.vulnerable | tst.js:113:13:113:32 | req.query.vulnerable | +| example_bypass.js:6:9:6:19 | req.cookies | example_bypass.js:6:9:6:34 | req.coo ... nUserId | provenance | | +| tst.js:13:9:13:19 | req.cookies | tst.js:13:9:13:30 | req.coo ... inThing | provenance | | +| tst.js:24:17:24:17 | v | tst.js:25:16:25:16 | v | provenance | | +| tst.js:27:9:27:37 | v3 | tst.js:28:9:28:10 | v3 | provenance | | +| tst.js:27:14:27:37 | id(req. ... okieId) | tst.js:27:9:27:37 | v3 | provenance | | +| tst.js:27:17:27:27 | req.cookies | tst.js:27:17:27:36 | req.cookies.cookieId | provenance | | +| tst.js:27:17:27:36 | req.cookies.cookieId | tst.js:24:17:24:17 | v | provenance | | +| tst.js:27:17:27:36 | req.cookies.cookieId | tst.js:27:14:27:37 | id(req. ... okieId) | provenance | | +| tst.js:33:13:33:23 | req.cookies | tst.js:33:13:33:32 | req.cookies.cookieId | provenance | | +| tst.js:38:9:38:19 | req.cookies | tst.js:38:9:38:28 | req.cookies.cookieId | provenance | | +| tst.js:61:9:61:19 | req.cookies | tst.js:61:9:61:28 | req.cookies.cookieId | provenance | | +| tst.js:65:14:65:24 | req.cookies | tst.js:65:14:65:33 | req.cookies.cookieId | provenance | | +| tst.js:78:9:78:19 | req.cookies | tst.js:78:9:78:28 | req.cookies.cookieId | provenance | | +| tst.js:78:9:78:19 | req.cookies | tst.js:78:9:78:28 | req.cookies.cookieId | provenance | | +| tst.js:78:9:78:28 | req.cookies.cookieId | tst.js:78:9:78:41 | req.coo ... secret" | provenance | Config | +nodes +| example_bypass.js:6:9:6:19 | req.cookies | semmle.label | req.cookies | +| example_bypass.js:6:9:6:34 | req.coo ... nUserId | semmle.label | req.coo ... nUserId | +| example_bypass.js:6:40:6:56 | req.params.userId | semmle.label | req.params.userId | +| example_bypass.js:17:46:17:62 | req.params.userId | semmle.label | req.params.userId | +| tst.js:9:8:9:26 | req.params.shutDown | semmle.label | req.params.shutDown | +| tst.js:13:9:13:19 | req.cookies | semmle.label | req.cookies | +| tst.js:13:9:13:30 | req.coo ... inThing | semmle.label | req.coo ... inThing | +| tst.js:24:17:24:17 | v | semmle.label | v | +| tst.js:25:16:25:16 | v | semmle.label | v | +| tst.js:27:9:27:37 | v3 | semmle.label | v3 | +| tst.js:27:14:27:37 | id(req. ... okieId) | semmle.label | id(req. ... okieId) | +| tst.js:27:17:27:27 | req.cookies | semmle.label | req.cookies | +| tst.js:27:17:27:36 | req.cookies.cookieId | semmle.label | req.cookies.cookieId | +| tst.js:28:9:28:10 | v3 | semmle.label | v3 | +| tst.js:33:13:33:23 | req.cookies | semmle.label | req.cookies | +| tst.js:33:13:33:32 | req.cookies.cookieId | semmle.label | req.cookies.cookieId | +| tst.js:38:9:38:19 | req.cookies | semmle.label | req.cookies | +| tst.js:38:9:38:28 | req.cookies.cookieId | semmle.label | req.cookies.cookieId | +| tst.js:44:8:44:23 | req.params.login | semmle.label | req.params.login | +| tst.js:57:8:57:23 | req.params.login | semmle.label | req.params.login | +| tst.js:61:9:61:19 | req.cookies | semmle.label | req.cookies | +| tst.js:61:9:61:28 | req.cookies.cookieId | semmle.label | req.cookies.cookieId | +| tst.js:61:34:61:53 | req.params.requestId | semmle.label | req.params.requestId | +| tst.js:65:14:65:24 | req.cookies | semmle.label | req.cookies | +| tst.js:65:14:65:33 | req.cookies.cookieId | semmle.label | req.cookies.cookieId | +| tst.js:65:39:65:58 | req.params.requestId | semmle.label | req.params.requestId | +| tst.js:78:9:78:19 | req.cookies | semmle.label | req.cookies | +| tst.js:78:9:78:28 | req.cookies.cookieId | semmle.label | req.cookies.cookieId | +| tst.js:78:9:78:28 | req.cookies.cookieId | semmle.label | req.cookies.cookieId | +| tst.js:78:9:78:41 | req.coo ... secret" | semmle.label | req.coo ... secret" | +| tst.js:91:10:91:17 | req.body | semmle.label | req.body | +| tst.js:98:13:98:32 | req.query.vulnerable | semmle.label | req.query.vulnerable | +| tst.js:105:13:105:32 | req.query.vulnerable | semmle.label | req.query.vulnerable | +| tst.js:113:13:113:32 | req.query.vulnerable | semmle.label | req.query.vulnerable | +subpaths +| tst.js:27:17:27:36 | req.cookies.cookieId | tst.js:24:17:24:17 | v | tst.js:25:16:25:16 | v | tst.js:27:14:27:37 | id(req. ... okieId) | #select | tst.js:9:8:9:26 | req.params.shutDown | tst.js:9:8:9:26 | req.params.shutDown | tst.js:9:8:9:26 | req.params.shutDown | This condition guards a sensitive $@, but a $@ controls it. | tst.js:10:9:10:22 | process.exit() | action | tst.js:9:8:9:26 | req.params.shutDown | user-provided value | | tst.js:13:9:13:30 | req.coo ... inThing | tst.js:13:9:13:19 | req.cookies | tst.js:13:9:13:30 | req.coo ... inThing | This condition guards a sensitive $@, but a $@ controls it. | tst.js:14:9:14:17 | o.login() | action | tst.js:13:9:13:19 | req.cookies | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-829/InsecureDownload.expected b/javascript/ql/test/query-tests/Security/CWE-829/InsecureDownload.expected index 8f3d1e04673b..d697f55bdd79 100644 --- a/javascript/ql/test/query-tests/Security/CWE-829/InsecureDownload.expected +++ b/javascript/ql/test/query-tests/Security/CWE-829/InsecureDownload.expected @@ -1,43 +1,44 @@ nodes -| insecure-download.js:5:16:5:28 | installer.url | -| insecure-download.js:5:16:5:28 | installer.url | -| insecure-download.js:9:27:9:138 | 'http:/ ... ll.exe' | -| insecure-download.js:9:27:9:138 | 'http:/ ... ll.exe' | -| insecure-download.js:15:18:15:40 | buildTo ... llerUrl | -| insecure-download.js:30:12:30:42 | "http:/ ... fe.APK" | -| insecure-download.js:30:12:30:42 | "http:/ ... fe.APK" | -| insecure-download.js:30:12:30:42 | "http:/ ... fe.APK" | -| insecure-download.js:36:9:36:45 | url | -| insecure-download.js:36:15:36:45 | "http:/ ... fe.APK" | -| insecure-download.js:36:15:36:45 | "http:/ ... fe.APK" | -| insecure-download.js:37:23:37:25 | url | -| insecure-download.js:37:23:37:25 | url | -| insecure-download.js:39:26:39:28 | url | -| insecure-download.js:39:26:39:28 | url | -| insecure-download.js:41:12:41:41 | "ftp:// ... fe.APK" | -| insecure-download.js:41:12:41:41 | "ftp:// ... fe.APK" | -| insecure-download.js:41:12:41:41 | "ftp:// ... fe.APK" | -| insecure-download.js:48:12:48:38 | "http:/ ... unsafe" | -| insecure-download.js:48:12:48:38 | "http:/ ... unsafe" | -| insecure-download.js:48:12:48:38 | "http:/ ... unsafe" | -| insecure-download.js:52:11:52:45 | "http:/ ... nknown" | -| insecure-download.js:52:11:52:45 | "http:/ ... nknown" | -| insecure-download.js:52:11:52:45 | "http:/ ... nknown" | +| insecure-download.js:4:28:4:36 | installer [url] | semmle.label | installer [url] | +| insecure-download.js:5:16:5:24 | installer [url] | semmle.label | installer [url] | +| insecure-download.js:5:16:5:28 | installer.url | semmle.label | installer.url | +| insecure-download.js:7:9:11:5 | constants [buildTools, installerUrl] | semmle.label | constants [buildTools, installerUrl] | +| insecure-download.js:7:21:11:5 | {\\n ... }\\n } [buildTools, installerUrl] | semmle.label | {\\n ... }\\n } [buildTools, installerUrl] | +| insecure-download.js:8:21:10:9 | {\\n ... } [installerUrl] | semmle.label | {\\n ... } [installerUrl] | +| insecure-download.js:9:27:9:138 | 'http:/ ... ll.exe' | semmle.label | 'http:/ ... ll.exe' | +| insecure-download.js:13:15:13:47 | buildTools [installerUrl] | semmle.label | buildTools [installerUrl] | +| insecure-download.js:13:28:13:36 | constants [buildTools, installerUrl] | semmle.label | constants [buildTools, installerUrl] | +| insecure-download.js:13:28:13:47 | constants.buildTools [installerUrl] | semmle.label | constants.buildTools [installerUrl] | +| insecure-download.js:14:16:16:9 | {\\n ... } [url] | semmle.label | {\\n ... } [url] | +| insecure-download.js:15:18:15:27 | buildTools [installerUrl] | semmle.label | buildTools [installerUrl] | +| insecure-download.js:15:18:15:40 | buildTo ... llerUrl | semmle.label | buildTo ... llerUrl | +| insecure-download.js:19:19:19:46 | getBuil ... rPath() [url] | semmle.label | getBuil ... rPath() [url] | +| insecure-download.js:30:12:30:42 | "http:/ ... fe.APK" | semmle.label | "http:/ ... fe.APK" | +| insecure-download.js:36:9:36:45 | url | semmle.label | url | +| insecure-download.js:36:15:36:45 | "http:/ ... fe.APK" | semmle.label | "http:/ ... fe.APK" | +| insecure-download.js:37:23:37:25 | url | semmle.label | url | +| insecure-download.js:39:26:39:28 | url | semmle.label | url | +| insecure-download.js:41:12:41:41 | "ftp:// ... fe.APK" | semmle.label | "ftp:// ... fe.APK" | +| insecure-download.js:48:12:48:38 | "http:/ ... unsafe" | semmle.label | "http:/ ... unsafe" | +| insecure-download.js:52:11:52:45 | "http:/ ... nknown" | semmle.label | "http:/ ... nknown" | edges -| insecure-download.js:9:27:9:138 | 'http:/ ... ll.exe' | insecure-download.js:15:18:15:40 | buildTo ... llerUrl | -| insecure-download.js:9:27:9:138 | 'http:/ ... ll.exe' | insecure-download.js:15:18:15:40 | buildTo ... llerUrl | -| insecure-download.js:15:18:15:40 | buildTo ... llerUrl | insecure-download.js:5:16:5:28 | installer.url | -| insecure-download.js:15:18:15:40 | buildTo ... llerUrl | insecure-download.js:5:16:5:28 | installer.url | -| insecure-download.js:30:12:30:42 | "http:/ ... fe.APK" | insecure-download.js:30:12:30:42 | "http:/ ... fe.APK" | -| insecure-download.js:36:9:36:45 | url | insecure-download.js:37:23:37:25 | url | -| insecure-download.js:36:9:36:45 | url | insecure-download.js:37:23:37:25 | url | -| insecure-download.js:36:9:36:45 | url | insecure-download.js:39:26:39:28 | url | -| insecure-download.js:36:9:36:45 | url | insecure-download.js:39:26:39:28 | url | -| insecure-download.js:36:15:36:45 | "http:/ ... fe.APK" | insecure-download.js:36:9:36:45 | url | -| insecure-download.js:36:15:36:45 | "http:/ ... fe.APK" | insecure-download.js:36:9:36:45 | url | -| insecure-download.js:41:12:41:41 | "ftp:// ... fe.APK" | insecure-download.js:41:12:41:41 | "ftp:// ... fe.APK" | -| insecure-download.js:48:12:48:38 | "http:/ ... unsafe" | insecure-download.js:48:12:48:38 | "http:/ ... unsafe" | -| insecure-download.js:52:11:52:45 | "http:/ ... nknown" | insecure-download.js:52:11:52:45 | "http:/ ... nknown" | +| insecure-download.js:4:28:4:36 | installer [url] | insecure-download.js:5:16:5:24 | installer [url] | provenance | | +| insecure-download.js:5:16:5:24 | installer [url] | insecure-download.js:5:16:5:28 | installer.url | provenance | | +| insecure-download.js:7:9:11:5 | constants [buildTools, installerUrl] | insecure-download.js:13:28:13:36 | constants [buildTools, installerUrl] | provenance | | +| insecure-download.js:7:21:11:5 | {\\n ... }\\n } [buildTools, installerUrl] | insecure-download.js:7:9:11:5 | constants [buildTools, installerUrl] | provenance | | +| insecure-download.js:8:21:10:9 | {\\n ... } [installerUrl] | insecure-download.js:7:21:11:5 | {\\n ... }\\n } [buildTools, installerUrl] | provenance | | +| insecure-download.js:9:27:9:138 | 'http:/ ... ll.exe' | insecure-download.js:8:21:10:9 | {\\n ... } [installerUrl] | provenance | | +| insecure-download.js:13:15:13:47 | buildTools [installerUrl] | insecure-download.js:15:18:15:27 | buildTools [installerUrl] | provenance | | +| insecure-download.js:13:28:13:36 | constants [buildTools, installerUrl] | insecure-download.js:13:28:13:47 | constants.buildTools [installerUrl] | provenance | | +| insecure-download.js:13:28:13:47 | constants.buildTools [installerUrl] | insecure-download.js:13:15:13:47 | buildTools [installerUrl] | provenance | | +| insecure-download.js:14:16:16:9 | {\\n ... } [url] | insecure-download.js:19:19:19:46 | getBuil ... rPath() [url] | provenance | | +| insecure-download.js:15:18:15:27 | buildTools [installerUrl] | insecure-download.js:15:18:15:40 | buildTo ... llerUrl | provenance | | +| insecure-download.js:15:18:15:40 | buildTo ... llerUrl | insecure-download.js:14:16:16:9 | {\\n ... } [url] | provenance | | +| insecure-download.js:19:19:19:46 | getBuil ... rPath() [url] | insecure-download.js:4:28:4:36 | installer [url] | provenance | | +| insecure-download.js:36:9:36:45 | url | insecure-download.js:37:23:37:25 | url | provenance | | +| insecure-download.js:36:9:36:45 | url | insecure-download.js:39:26:39:28 | url | provenance | | +| insecure-download.js:36:15:36:45 | "http:/ ... fe.APK" | insecure-download.js:36:9:36:45 | url | provenance | | +subpaths #select | insecure-download.js:5:16:5:28 | installer.url | insecure-download.js:9:27:9:138 | 'http:/ ... ll.exe' | insecure-download.js:5:16:5:28 | installer.url | $@ of sensitive file from $@. | insecure-download.js:5:9:5:44 | nugget( ... => { }) | Download | insecure-download.js:9:27:9:138 | 'http:/ ... ll.exe' | HTTP source | | insecure-download.js:30:12:30:42 | "http:/ ... fe.APK" | insecure-download.js:30:12:30:42 | "http:/ ... fe.APK" | insecure-download.js:30:12:30:42 | "http:/ ... fe.APK" | $@ of sensitive file from $@. | insecure-download.js:30:5:30:43 | nugget( ... e.APK") | Download | insecure-download.js:30:12:30:42 | "http:/ ... fe.APK" | HTTP source | diff --git a/javascript/ql/test/query-tests/Security/CWE-834/LoopBoundInjection.expected b/javascript/ql/test/query-tests/Security/CWE-834/LoopBoundInjection.expected index 7000c777eee1..511e776ed3c8 100644 --- a/javascript/ql/test/query-tests/Security/CWE-834/LoopBoundInjection.expected +++ b/javascript/ql/test/query-tests/Security/CWE-834/LoopBoundInjection.expected @@ -1,86 +1,51 @@ -nodes -| LoopBoundInjectionBad.js:8:13:8:20 | req.body | -| LoopBoundInjectionBad.js:8:13:8:20 | req.body | -| LoopBoundInjectionBad.js:10:15:10:22 | req.body | -| LoopBoundInjectionBad.js:10:15:10:22 | req.body | -| LoopBoundInjectionBad.js:12:25:12:32 | req.body | -| LoopBoundInjectionBad.js:12:25:12:32 | req.body | -| LoopBoundInjectionBad.js:14:19:14:26 | req.body | -| LoopBoundInjectionBad.js:14:19:14:26 | req.body | -| LoopBoundInjectionBad.js:17:18:17:20 | val | -| LoopBoundInjectionBad.js:20:25:20:27 | val | -| LoopBoundInjectionBad.js:20:25:20:27 | val | -| LoopBoundInjectionBad.js:25:20:25:22 | val | -| LoopBoundInjectionBad.js:29:16:29:18 | val | -| LoopBoundInjectionBad.js:29:16:29:18 | val | -| LoopBoundInjectionBad.js:35:30:35:32 | val | -| LoopBoundInjectionBad.js:38:15:38:17 | val | -| LoopBoundInjectionBad.js:38:15:38:17 | val | -| LoopBoundInjectionBad.js:46:24:46:26 | val | -| LoopBoundInjectionBad.js:51:25:51:27 | val | -| LoopBoundInjectionBad.js:51:25:51:27 | val | -| LoopBoundInjectionExitBad.js:8:9:8:16 | req.body | -| LoopBoundInjectionExitBad.js:8:9:8:16 | req.body | -| LoopBoundInjectionExitBad.js:10:9:10:16 | req.body | -| LoopBoundInjectionExitBad.js:10:9:10:16 | req.body | -| LoopBoundInjectionExitBad.js:12:10:12:17 | req.body | -| LoopBoundInjectionExitBad.js:12:10:12:17 | req.body | -| LoopBoundInjectionExitBad.js:14:14:14:21 | req.body | -| LoopBoundInjectionExitBad.js:14:14:14:21 | req.body | -| LoopBoundInjectionExitBad.js:17:17:17:19 | val | -| LoopBoundInjectionExitBad.js:20:22:20:24 | val | -| LoopBoundInjectionExitBad.js:20:22:20:24 | val | -| LoopBoundInjectionExitBad.js:31:17:31:19 | val | -| LoopBoundInjectionExitBad.js:34:22:34:24 | val | -| LoopBoundInjectionExitBad.js:34:22:34:24 | val | -| LoopBoundInjectionExitBad.js:46:18:46:20 | val | -| LoopBoundInjectionExitBad.js:49:22:49:24 | val | -| LoopBoundInjectionExitBad.js:49:22:49:24 | val | -| LoopBoundInjectionExitBad.js:59:22:59:24 | val | -| LoopBoundInjectionExitBad.js:60:8:60:10 | val | -| LoopBoundInjectionExitBad.js:60:8:60:10 | val | -| LoopBoundInjectionLodash.js:9:13:9:20 | req.body | -| LoopBoundInjectionLodash.js:9:13:9:20 | req.body | -| LoopBoundInjectionLodash.js:12:18:12:20 | val | -| LoopBoundInjectionLodash.js:13:13:13:15 | val | -| LoopBoundInjectionLodash.js:13:13:13:15 | val | edges -| LoopBoundInjectionBad.js:8:13:8:20 | req.body | LoopBoundInjectionBad.js:17:18:17:20 | val | -| LoopBoundInjectionBad.js:8:13:8:20 | req.body | LoopBoundInjectionBad.js:17:18:17:20 | val | -| LoopBoundInjectionBad.js:10:15:10:22 | req.body | LoopBoundInjectionBad.js:25:20:25:22 | val | -| LoopBoundInjectionBad.js:10:15:10:22 | req.body | LoopBoundInjectionBad.js:25:20:25:22 | val | -| LoopBoundInjectionBad.js:12:25:12:32 | req.body | LoopBoundInjectionBad.js:35:30:35:32 | val | -| LoopBoundInjectionBad.js:12:25:12:32 | req.body | LoopBoundInjectionBad.js:35:30:35:32 | val | -| LoopBoundInjectionBad.js:14:19:14:26 | req.body | LoopBoundInjectionBad.js:46:24:46:26 | val | -| LoopBoundInjectionBad.js:14:19:14:26 | req.body | LoopBoundInjectionBad.js:46:24:46:26 | val | -| LoopBoundInjectionBad.js:17:18:17:20 | val | LoopBoundInjectionBad.js:20:25:20:27 | val | -| LoopBoundInjectionBad.js:17:18:17:20 | val | LoopBoundInjectionBad.js:20:25:20:27 | val | -| LoopBoundInjectionBad.js:25:20:25:22 | val | LoopBoundInjectionBad.js:29:16:29:18 | val | -| LoopBoundInjectionBad.js:25:20:25:22 | val | LoopBoundInjectionBad.js:29:16:29:18 | val | -| LoopBoundInjectionBad.js:35:30:35:32 | val | LoopBoundInjectionBad.js:38:15:38:17 | val | -| LoopBoundInjectionBad.js:35:30:35:32 | val | LoopBoundInjectionBad.js:38:15:38:17 | val | -| LoopBoundInjectionBad.js:46:24:46:26 | val | LoopBoundInjectionBad.js:51:25:51:27 | val | -| LoopBoundInjectionBad.js:46:24:46:26 | val | LoopBoundInjectionBad.js:51:25:51:27 | val | -| LoopBoundInjectionExitBad.js:8:9:8:16 | req.body | LoopBoundInjectionExitBad.js:17:17:17:19 | val | -| LoopBoundInjectionExitBad.js:8:9:8:16 | req.body | LoopBoundInjectionExitBad.js:17:17:17:19 | val | -| LoopBoundInjectionExitBad.js:10:9:10:16 | req.body | LoopBoundInjectionExitBad.js:31:17:31:19 | val | -| LoopBoundInjectionExitBad.js:10:9:10:16 | req.body | LoopBoundInjectionExitBad.js:31:17:31:19 | val | -| LoopBoundInjectionExitBad.js:12:10:12:17 | req.body | LoopBoundInjectionExitBad.js:46:18:46:20 | val | -| LoopBoundInjectionExitBad.js:12:10:12:17 | req.body | LoopBoundInjectionExitBad.js:46:18:46:20 | val | -| LoopBoundInjectionExitBad.js:14:14:14:21 | req.body | LoopBoundInjectionExitBad.js:59:22:59:24 | val | -| LoopBoundInjectionExitBad.js:14:14:14:21 | req.body | LoopBoundInjectionExitBad.js:59:22:59:24 | val | -| LoopBoundInjectionExitBad.js:17:17:17:19 | val | LoopBoundInjectionExitBad.js:20:22:20:24 | val | -| LoopBoundInjectionExitBad.js:17:17:17:19 | val | LoopBoundInjectionExitBad.js:20:22:20:24 | val | -| LoopBoundInjectionExitBad.js:31:17:31:19 | val | LoopBoundInjectionExitBad.js:34:22:34:24 | val | -| LoopBoundInjectionExitBad.js:31:17:31:19 | val | LoopBoundInjectionExitBad.js:34:22:34:24 | val | -| LoopBoundInjectionExitBad.js:46:18:46:20 | val | LoopBoundInjectionExitBad.js:49:22:49:24 | val | -| LoopBoundInjectionExitBad.js:46:18:46:20 | val | LoopBoundInjectionExitBad.js:49:22:49:24 | val | -| LoopBoundInjectionExitBad.js:59:22:59:24 | val | LoopBoundInjectionExitBad.js:60:8:60:10 | val | -| LoopBoundInjectionExitBad.js:59:22:59:24 | val | LoopBoundInjectionExitBad.js:60:8:60:10 | val | -| LoopBoundInjectionLodash.js:9:13:9:20 | req.body | LoopBoundInjectionLodash.js:12:18:12:20 | val | -| LoopBoundInjectionLodash.js:9:13:9:20 | req.body | LoopBoundInjectionLodash.js:12:18:12:20 | val | -| LoopBoundInjectionLodash.js:12:18:12:20 | val | LoopBoundInjectionLodash.js:13:13:13:15 | val | -| LoopBoundInjectionLodash.js:12:18:12:20 | val | LoopBoundInjectionLodash.js:13:13:13:15 | val | +| LoopBoundInjectionBad.js:8:13:8:20 | req.body | LoopBoundInjectionBad.js:17:18:17:20 | val | provenance | | +| LoopBoundInjectionBad.js:10:15:10:22 | req.body | LoopBoundInjectionBad.js:25:20:25:22 | val | provenance | | +| LoopBoundInjectionBad.js:12:25:12:32 | req.body | LoopBoundInjectionBad.js:35:30:35:32 | val | provenance | | +| LoopBoundInjectionBad.js:14:19:14:26 | req.body | LoopBoundInjectionBad.js:46:24:46:26 | val | provenance | | +| LoopBoundInjectionBad.js:17:18:17:20 | val | LoopBoundInjectionBad.js:20:25:20:27 | val | provenance | | +| LoopBoundInjectionBad.js:25:20:25:22 | val | LoopBoundInjectionBad.js:29:16:29:18 | val | provenance | | +| LoopBoundInjectionBad.js:35:30:35:32 | val | LoopBoundInjectionBad.js:38:15:38:17 | val | provenance | | +| LoopBoundInjectionBad.js:46:24:46:26 | val | LoopBoundInjectionBad.js:51:25:51:27 | val | provenance | | +| LoopBoundInjectionExitBad.js:8:9:8:16 | req.body | LoopBoundInjectionExitBad.js:17:17:17:19 | val | provenance | | +| LoopBoundInjectionExitBad.js:10:9:10:16 | req.body | LoopBoundInjectionExitBad.js:31:17:31:19 | val | provenance | | +| LoopBoundInjectionExitBad.js:12:10:12:17 | req.body | LoopBoundInjectionExitBad.js:46:18:46:20 | val | provenance | | +| LoopBoundInjectionExitBad.js:14:14:14:21 | req.body | LoopBoundInjectionExitBad.js:59:22:59:24 | val | provenance | | +| LoopBoundInjectionExitBad.js:17:17:17:19 | val | LoopBoundInjectionExitBad.js:20:22:20:24 | val | provenance | | +| LoopBoundInjectionExitBad.js:31:17:31:19 | val | LoopBoundInjectionExitBad.js:34:22:34:24 | val | provenance | | +| LoopBoundInjectionExitBad.js:46:18:46:20 | val | LoopBoundInjectionExitBad.js:49:22:49:24 | val | provenance | | +| LoopBoundInjectionExitBad.js:59:22:59:24 | val | LoopBoundInjectionExitBad.js:60:8:60:10 | val | provenance | | +| LoopBoundInjectionLodash.js:9:13:9:20 | req.body | LoopBoundInjectionLodash.js:12:18:12:20 | val | provenance | | +| LoopBoundInjectionLodash.js:12:18:12:20 | val | LoopBoundInjectionLodash.js:13:13:13:15 | val | provenance | | +nodes +| LoopBoundInjectionBad.js:8:13:8:20 | req.body | semmle.label | req.body | +| LoopBoundInjectionBad.js:10:15:10:22 | req.body | semmle.label | req.body | +| LoopBoundInjectionBad.js:12:25:12:32 | req.body | semmle.label | req.body | +| LoopBoundInjectionBad.js:14:19:14:26 | req.body | semmle.label | req.body | +| LoopBoundInjectionBad.js:17:18:17:20 | val | semmle.label | val | +| LoopBoundInjectionBad.js:20:25:20:27 | val | semmle.label | val | +| LoopBoundInjectionBad.js:25:20:25:22 | val | semmle.label | val | +| LoopBoundInjectionBad.js:29:16:29:18 | val | semmle.label | val | +| LoopBoundInjectionBad.js:35:30:35:32 | val | semmle.label | val | +| LoopBoundInjectionBad.js:38:15:38:17 | val | semmle.label | val | +| LoopBoundInjectionBad.js:46:24:46:26 | val | semmle.label | val | +| LoopBoundInjectionBad.js:51:25:51:27 | val | semmle.label | val | +| LoopBoundInjectionExitBad.js:8:9:8:16 | req.body | semmle.label | req.body | +| LoopBoundInjectionExitBad.js:10:9:10:16 | req.body | semmle.label | req.body | +| LoopBoundInjectionExitBad.js:12:10:12:17 | req.body | semmle.label | req.body | +| LoopBoundInjectionExitBad.js:14:14:14:21 | req.body | semmle.label | req.body | +| LoopBoundInjectionExitBad.js:17:17:17:19 | val | semmle.label | val | +| LoopBoundInjectionExitBad.js:20:22:20:24 | val | semmle.label | val | +| LoopBoundInjectionExitBad.js:31:17:31:19 | val | semmle.label | val | +| LoopBoundInjectionExitBad.js:34:22:34:24 | val | semmle.label | val | +| LoopBoundInjectionExitBad.js:46:18:46:20 | val | semmle.label | val | +| LoopBoundInjectionExitBad.js:49:22:49:24 | val | semmle.label | val | +| LoopBoundInjectionExitBad.js:59:22:59:24 | val | semmle.label | val | +| LoopBoundInjectionExitBad.js:60:8:60:10 | val | semmle.label | val | +| LoopBoundInjectionLodash.js:9:13:9:20 | req.body | semmle.label | req.body | +| LoopBoundInjectionLodash.js:12:18:12:20 | val | semmle.label | val | +| LoopBoundInjectionLodash.js:13:13:13:15 | val | semmle.label | val | +subpaths #select | LoopBoundInjectionBad.js:20:25:20:27 | val | LoopBoundInjectionBad.js:8:13:8:20 | req.body | LoopBoundInjectionBad.js:20:25:20:27 | val | Iteration over a user-controlled object with a potentially unbounded .length property from a $@. | LoopBoundInjectionBad.js:8:13:8:20 | req.body | user-provided value | | LoopBoundInjectionBad.js:29:16:29:18 | val | LoopBoundInjectionBad.js:10:15:10:22 | req.body | LoopBoundInjectionBad.js:29:16:29:18 | val | Iteration over a user-controlled object with a potentially unbounded .length property from a $@. | LoopBoundInjectionBad.js:10:15:10:22 | req.body | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-843/TypeConfusionThroughParameterTampering.expected b/javascript/ql/test/query-tests/Security/CWE-843/TypeConfusionThroughParameterTampering.expected index 13c97e3f327b..27de08dc8461 100644 --- a/javascript/ql/test/query-tests/Security/CWE-843/TypeConfusionThroughParameterTampering.expected +++ b/javascript/ql/test/query-tests/Security/CWE-843/TypeConfusionThroughParameterTampering.expected @@ -1,81 +1,76 @@ -nodes -| tst.js:5:9:5:27 | foo | -| tst.js:5:15:5:27 | req.query.foo | -| tst.js:5:15:5:27 | req.query.foo | -| tst.js:6:5:6:7 | foo | -| tst.js:6:5:6:7 | foo | -| tst.js:8:5:8:7 | foo | -| tst.js:8:5:8:7 | foo | -| tst.js:11:9:11:11 | foo | -| tst.js:11:9:11:11 | foo | -| tst.js:14:16:14:18 | bar | -| tst.js:15:9:15:11 | bar | -| tst.js:15:9:15:11 | bar | -| tst.js:17:7:17:9 | foo | -| tst.js:27:5:27:7 | foo | -| tst.js:27:5:27:7 | foo | -| tst.js:28:5:28:7 | foo | -| tst.js:28:5:28:7 | foo | -| tst.js:45:9:45:35 | foo | -| tst.js:45:15:45:35 | ctx.req ... ery.foo | -| tst.js:45:15:45:35 | ctx.req ... ery.foo | -| tst.js:46:5:46:7 | foo | -| tst.js:46:5:46:7 | foo | -| tst.js:77:25:77:38 | req.query.path | -| tst.js:77:25:77:38 | req.query.path | -| tst.js:80:23:80:23 | p | -| tst.js:81:9:81:9 | p | -| tst.js:81:9:81:9 | p | -| tst.js:82:9:82:9 | p | -| tst.js:82:9:82:9 | p | -| tst.js:90:5:90:12 | data.foo | -| tst.js:90:5:90:12 | data.foo | -| tst.js:90:5:90:12 | data.foo | -| tst.js:92:9:92:16 | data.foo | -| tst.js:92:9:92:16 | data.foo | -| tst.js:92:9:92:16 | data.foo | -| tst.js:98:9:98:16 | data.foo | -| tst.js:98:9:98:16 | data.foo | -| tst.js:98:9:98:16 | data.foo | -| tst.js:103:9:103:29 | data | -| tst.js:103:16:103:29 | req.query.data | -| tst.js:103:16:103:29 | req.query.data | -| tst.js:104:5:104:8 | data | -| tst.js:104:5:104:8 | data | edges -| tst.js:5:9:5:27 | foo | tst.js:6:5:6:7 | foo | -| tst.js:5:9:5:27 | foo | tst.js:6:5:6:7 | foo | -| tst.js:5:9:5:27 | foo | tst.js:8:5:8:7 | foo | -| tst.js:5:9:5:27 | foo | tst.js:8:5:8:7 | foo | -| tst.js:5:9:5:27 | foo | tst.js:11:9:11:11 | foo | -| tst.js:5:9:5:27 | foo | tst.js:11:9:11:11 | foo | -| tst.js:5:9:5:27 | foo | tst.js:17:7:17:9 | foo | -| tst.js:5:9:5:27 | foo | tst.js:27:5:27:7 | foo | -| tst.js:5:9:5:27 | foo | tst.js:27:5:27:7 | foo | -| tst.js:5:9:5:27 | foo | tst.js:28:5:28:7 | foo | -| tst.js:5:9:5:27 | foo | tst.js:28:5:28:7 | foo | -| tst.js:5:15:5:27 | req.query.foo | tst.js:5:9:5:27 | foo | -| tst.js:5:15:5:27 | req.query.foo | tst.js:5:9:5:27 | foo | -| tst.js:14:16:14:18 | bar | tst.js:15:9:15:11 | bar | -| tst.js:14:16:14:18 | bar | tst.js:15:9:15:11 | bar | -| tst.js:17:7:17:9 | foo | tst.js:14:16:14:18 | bar | -| tst.js:45:9:45:35 | foo | tst.js:46:5:46:7 | foo | -| tst.js:45:9:45:35 | foo | tst.js:46:5:46:7 | foo | -| tst.js:45:15:45:35 | ctx.req ... ery.foo | tst.js:45:9:45:35 | foo | -| tst.js:45:15:45:35 | ctx.req ... ery.foo | tst.js:45:9:45:35 | foo | -| tst.js:77:25:77:38 | req.query.path | tst.js:80:23:80:23 | p | -| tst.js:77:25:77:38 | req.query.path | tst.js:80:23:80:23 | p | -| tst.js:80:23:80:23 | p | tst.js:81:9:81:9 | p | -| tst.js:80:23:80:23 | p | tst.js:81:9:81:9 | p | -| tst.js:80:23:80:23 | p | tst.js:82:9:82:9 | p | -| tst.js:80:23:80:23 | p | tst.js:82:9:82:9 | p | -| tst.js:90:5:90:12 | data.foo | tst.js:90:5:90:12 | data.foo | -| tst.js:92:9:92:16 | data.foo | tst.js:92:9:92:16 | data.foo | -| tst.js:98:9:98:16 | data.foo | tst.js:98:9:98:16 | data.foo | -| tst.js:103:9:103:29 | data | tst.js:104:5:104:8 | data | -| tst.js:103:9:103:29 | data | tst.js:104:5:104:8 | data | -| tst.js:103:16:103:29 | req.query.data | tst.js:103:9:103:29 | data | -| tst.js:103:16:103:29 | req.query.data | tst.js:103:9:103:29 | data | +| tst.js:5:9:5:27 | foo | tst.js:6:5:6:7 | foo | provenance | | +| tst.js:5:9:5:27 | foo | tst.js:6:5:6:7 | foo | provenance | | +| tst.js:5:9:5:27 | foo | tst.js:8:5:8:7 | foo | provenance | | +| tst.js:5:9:5:27 | foo | tst.js:8:5:8:7 | foo | provenance | | +| tst.js:5:9:5:27 | foo | tst.js:17:7:17:9 | foo | provenance | | +| tst.js:5:9:5:27 | foo | tst.js:21:5:21:7 | foo | provenance | | +| tst.js:5:9:5:27 | foo | tst.js:22:5:22:7 | foo | provenance | | +| tst.js:5:9:5:27 | foo | tst.js:23:5:23:7 | foo | provenance | | +| tst.js:5:9:5:27 | foo | tst.js:25:5:25:7 | foo | provenance | | +| tst.js:5:9:5:27 | foo | tst.js:27:5:27:7 | foo | provenance | | +| tst.js:5:9:5:27 | foo | tst.js:27:5:27:7 | foo | provenance | | +| tst.js:5:9:5:27 | foo | tst.js:28:5:28:7 | foo | provenance | | +| tst.js:5:15:5:27 | req.query.foo | tst.js:5:9:5:27 | foo | provenance | | +| tst.js:6:5:6:7 | foo | tst.js:8:5:8:7 | foo | provenance | | +| tst.js:6:5:6:7 | foo | tst.js:8:5:8:7 | foo | provenance | | +| tst.js:8:5:8:7 | foo | tst.js:10:5:12:5 | functio ... K\\n } [foo] | provenance | | +| tst.js:8:5:8:7 | foo | tst.js:17:7:17:9 | foo | provenance | | +| tst.js:10:5:12:5 | functio ... K\\n } [foo] | tst.js:10:14:10:14 | f [foo] | provenance | | +| tst.js:10:5:12:5 | functio ... K\\n } [foo] | tst.js:11:9:11:11 | foo | provenance | | +| tst.js:10:14:10:14 | f [foo] | tst.js:39:12:39:12 | f [foo] | provenance | | +| tst.js:14:16:14:18 | bar | tst.js:15:9:15:11 | bar | provenance | | +| tst.js:17:7:17:9 | foo | tst.js:14:16:14:18 | bar | provenance | | +| tst.js:17:7:17:9 | foo | tst.js:21:5:21:7 | foo | provenance | | +| tst.js:21:5:21:7 | foo | tst.js:22:5:22:7 | foo | provenance | | +| tst.js:22:5:22:7 | foo | tst.js:23:5:23:7 | foo | provenance | | +| tst.js:23:5:23:7 | foo | tst.js:25:5:25:7 | foo | provenance | | +| tst.js:25:5:25:7 | foo | tst.js:27:5:27:7 | foo | provenance | | +| tst.js:25:5:25:7 | foo | tst.js:27:5:27:7 | foo | provenance | | +| tst.js:27:5:27:7 | foo | tst.js:28:5:28:7 | foo | provenance | | +| tst.js:39:12:39:12 | f [foo] | tst.js:11:9:11:11 | foo | provenance | | +| tst.js:45:9:45:35 | foo | tst.js:46:5:46:7 | foo | provenance | | +| tst.js:45:15:45:35 | ctx.req ... ery.foo | tst.js:45:9:45:35 | foo | provenance | | +| tst.js:77:25:77:38 | req.query.path | tst.js:80:23:80:23 | p | provenance | | +| tst.js:80:23:80:23 | p | tst.js:81:9:81:9 | p | provenance | | +| tst.js:80:23:80:23 | p | tst.js:82:9:82:9 | p | provenance | | +| tst.js:103:9:103:29 | data | tst.js:104:5:104:8 | data | provenance | | +| tst.js:103:16:103:29 | req.query.data | tst.js:103:9:103:29 | data | provenance | | +nodes +| tst.js:5:9:5:27 | foo | semmle.label | foo | +| tst.js:5:15:5:27 | req.query.foo | semmle.label | req.query.foo | +| tst.js:6:5:6:7 | foo | semmle.label | foo | +| tst.js:6:5:6:7 | foo | semmle.label | foo | +| tst.js:8:5:8:7 | foo | semmle.label | foo | +| tst.js:8:5:8:7 | foo | semmle.label | foo | +| tst.js:10:5:12:5 | functio ... K\\n } [foo] | semmle.label | functio ... K\\n } [foo] | +| tst.js:10:14:10:14 | f [foo] | semmle.label | f [foo] | +| tst.js:11:9:11:11 | foo | semmle.label | foo | +| tst.js:14:16:14:18 | bar | semmle.label | bar | +| tst.js:15:9:15:11 | bar | semmle.label | bar | +| tst.js:17:7:17:9 | foo | semmle.label | foo | +| tst.js:21:5:21:7 | foo | semmle.label | foo | +| tst.js:22:5:22:7 | foo | semmle.label | foo | +| tst.js:23:5:23:7 | foo | semmle.label | foo | +| tst.js:25:5:25:7 | foo | semmle.label | foo | +| tst.js:27:5:27:7 | foo | semmle.label | foo | +| tst.js:27:5:27:7 | foo | semmle.label | foo | +| tst.js:28:5:28:7 | foo | semmle.label | foo | +| tst.js:39:12:39:12 | f [foo] | semmle.label | f [foo] | +| tst.js:45:9:45:35 | foo | semmle.label | foo | +| tst.js:45:15:45:35 | ctx.req ... ery.foo | semmle.label | ctx.req ... ery.foo | +| tst.js:46:5:46:7 | foo | semmle.label | foo | +| tst.js:77:25:77:38 | req.query.path | semmle.label | req.query.path | +| tst.js:80:23:80:23 | p | semmle.label | p | +| tst.js:81:9:81:9 | p | semmle.label | p | +| tst.js:82:9:82:9 | p | semmle.label | p | +| tst.js:90:5:90:12 | data.foo | semmle.label | data.foo | +| tst.js:92:9:92:16 | data.foo | semmle.label | data.foo | +| tst.js:98:9:98:16 | data.foo | semmle.label | data.foo | +| tst.js:103:9:103:29 | data | semmle.label | data | +| tst.js:103:16:103:29 | req.query.data | semmle.label | req.query.data | +| tst.js:104:5:104:8 | data | semmle.label | data | +subpaths #select | tst.js:6:5:6:7 | foo | tst.js:5:15:5:27 | req.query.foo | tst.js:6:5:6:7 | foo | Potential type confusion as $@ may be either an array or a string. | tst.js:5:15:5:27 | req.query.foo | this HTTP request parameter | | tst.js:8:5:8:7 | foo | tst.js:5:15:5:27 | req.query.foo | tst.js:8:5:8:7 | foo | Potential type confusion as $@ may be either an array or a string. | tst.js:5:15:5:27 | req.query.foo | this HTTP request parameter | diff --git a/javascript/ql/test/query-tests/Security/CWE-912/HttpToFileAccess.expected b/javascript/ql/test/query-tests/Security/CWE-912/HttpToFileAccess.expected index e5e9fb9b0511..0928df48ef9a 100644 --- a/javascript/ql/test/query-tests/Security/CWE-912/HttpToFileAccess.expected +++ b/javascript/ql/test/query-tests/Security/CWE-912/HttpToFileAccess.expected @@ -1,33 +1,22 @@ -nodes -| HttpToFileAccess.js:5:18:5:18 | d | -| HttpToFileAccess.js:5:18:5:18 | d | -| HttpToFileAccess.js:6:37:6:37 | d | -| HttpToFileAccess.js:6:37:6:37 | d | -| tst.js:15:26:15:26 | c | -| tst.js:15:26:15:26 | c | -| tst.js:16:33:16:33 | c | -| tst.js:16:33:16:33 | c | -| tst.js:19:25:19:25 | c | -| tst.js:19:25:19:25 | c | -| tst.js:24:22:24:22 | c | -| tst.js:24:22:24:22 | c | edges -| HttpToFileAccess.js:5:18:5:18 | d | HttpToFileAccess.js:6:37:6:37 | d | -| HttpToFileAccess.js:5:18:5:18 | d | HttpToFileAccess.js:6:37:6:37 | d | -| HttpToFileAccess.js:5:18:5:18 | d | HttpToFileAccess.js:6:37:6:37 | d | -| HttpToFileAccess.js:5:18:5:18 | d | HttpToFileAccess.js:6:37:6:37 | d | -| tst.js:15:26:15:26 | c | tst.js:16:33:16:33 | c | -| tst.js:15:26:15:26 | c | tst.js:16:33:16:33 | c | -| tst.js:15:26:15:26 | c | tst.js:16:33:16:33 | c | -| tst.js:15:26:15:26 | c | tst.js:16:33:16:33 | c | -| tst.js:15:26:15:26 | c | tst.js:19:25:19:25 | c | -| tst.js:15:26:15:26 | c | tst.js:19:25:19:25 | c | -| tst.js:15:26:15:26 | c | tst.js:19:25:19:25 | c | -| tst.js:15:26:15:26 | c | tst.js:19:25:19:25 | c | -| tst.js:15:26:15:26 | c | tst.js:24:22:24:22 | c | -| tst.js:15:26:15:26 | c | tst.js:24:22:24:22 | c | -| tst.js:15:26:15:26 | c | tst.js:24:22:24:22 | c | -| tst.js:15:26:15:26 | c | tst.js:24:22:24:22 | c | +| HttpToFileAccess.js:5:18:5:18 | d | HttpToFileAccess.js:6:37:6:37 | d | provenance | | +| tst.js:15:26:15:26 | c | tst.js:16:33:16:33 | c | provenance | | +| tst.js:15:26:15:26 | c | tst.js:16:33:16:33 | c | provenance | | +| tst.js:15:26:15:26 | c | tst.js:19:25:19:25 | c | provenance | | +| tst.js:15:26:15:26 | c | tst.js:19:25:19:25 | c | provenance | | +| tst.js:16:33:16:33 | c | tst.js:19:25:19:25 | c | provenance | | +| tst.js:16:33:16:33 | c | tst.js:19:25:19:25 | c | provenance | | +| tst.js:19:25:19:25 | c | tst.js:24:22:24:22 | c | provenance | | +nodes +| HttpToFileAccess.js:5:18:5:18 | d | semmle.label | d | +| HttpToFileAccess.js:6:37:6:37 | d | semmle.label | d | +| tst.js:15:26:15:26 | c | semmle.label | c | +| tst.js:16:33:16:33 | c | semmle.label | c | +| tst.js:16:33:16:33 | c | semmle.label | c | +| tst.js:19:25:19:25 | c | semmle.label | c | +| tst.js:19:25:19:25 | c | semmle.label | c | +| tst.js:24:22:24:22 | c | semmle.label | c | +subpaths #select | HttpToFileAccess.js:6:37:6:37 | d | HttpToFileAccess.js:5:18:5:18 | d | HttpToFileAccess.js:6:37:6:37 | d | Write to file system depends on $@. | HttpToFileAccess.js:5:18:5:18 | d | Untrusted data | | tst.js:16:33:16:33 | c | tst.js:15:26:15:26 | c | tst.js:16:33:16:33 | c | Write to file system depends on $@. | tst.js:15:26:15:26 | c | Untrusted data | diff --git a/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingAssignment/Consistency.expected b/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingAssignment/Consistency.expected index e69de29bb2d1..8d013c40b5fb 100644 --- a/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingAssignment/Consistency.expected +++ b/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingAssignment/Consistency.expected @@ -0,0 +1 @@ +| query-tests/Security/CWE-915/PrototypePollutingAssignment/lib.js:70 | expected an alert, but found none | NOT OK | Config | diff --git a/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingAssignment/Consistency.ql b/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingAssignment/Consistency.ql index 7a440ac58bba..636d6e3bbdaa 100644 --- a/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingAssignment/Consistency.ql +++ b/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingAssignment/Consistency.ql @@ -2,6 +2,15 @@ import javascript import testUtilities.ConsistencyChecking import semmle.javascript.security.dataflow.PrototypePollutingAssignmentQuery -class Config extends ConsistencyConfiguration, Configuration { +class Config extends ConsistencyConfiguration { + Config() { this = "Config" } + override File getAFile() { any() } + + override DataFlow::Node getAnAlert() { + exists(DataFlow::Node source | + PrototypePollutingAssignmentFlow::flow(source, result) and + not isIgnoredLibraryFlow(source, result) + ) + } } diff --git a/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingAssignment/PrototypePollutingAssignment.expected b/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingAssignment/PrototypePollutingAssignment.expected index 891aeff42218..46afcf5a14f8 100644 --- a/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingAssignment/PrototypePollutingAssignment.expected +++ b/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingAssignment/PrototypePollutingAssignment.expected @@ -1,371 +1,230 @@ -nodes -| lib.js:1:38:1:40 | obj | -| lib.js:1:43:1:46 | path | -| lib.js:1:43:1:46 | path | -| lib.js:1:43:1:46 | path | -| lib.js:2:7:2:27 | currentPath | -| lib.js:2:7:2:27 | currentPath | -| lib.js:2:21:2:24 | path | -| lib.js:2:21:2:24 | path | -| lib.js:2:21:2:27 | path[0] | -| lib.js:2:21:2:27 | path[0] | -| lib.js:6:7:6:9 | obj | -| lib.js:6:7:6:9 | obj | -| lib.js:11:17:11:32 | obj[currentPath] | -| lib.js:11:17:11:32 | obj[currentPath] | -| lib.js:11:21:11:31 | currentPath | -| lib.js:11:21:11:31 | currentPath | -| lib.js:11:35:11:38 | path | -| lib.js:11:35:11:38 | path | -| lib.js:11:35:11:47 | path.slice(1) | -| lib.js:11:35:11:47 | path.slice(1) | -| lib.js:14:38:14:41 | path | -| lib.js:14:38:14:41 | path | -| lib.js:15:3:15:14 | obj[path[0]] | -| lib.js:15:3:15:14 | obj[path[0]] | -| lib.js:15:7:15:10 | path | -| lib.js:15:7:15:13 | path[0] | -| lib.js:20:7:20:25 | path | -| lib.js:20:14:20:22 | arguments | -| lib.js:20:14:20:22 | arguments | -| lib.js:20:14:20:25 | arguments[1] | -| lib.js:22:3:22:14 | obj[path[0]] | -| lib.js:22:3:22:14 | obj[path[0]] | -| lib.js:22:7:22:10 | path | -| lib.js:22:7:22:13 | path[0] | -| lib.js:25:44:25:47 | path | -| lib.js:25:44:25:47 | path | -| lib.js:26:10:26:21 | obj[path[0]] | -| lib.js:26:10:26:21 | obj[path[0]] | -| lib.js:26:14:26:17 | path | -| lib.js:26:14:26:20 | path[0] | -| lib.js:30:9:30:52 | args | -| lib.js:30:16:30:52 | Array.p ... uments) | -| lib.js:30:43:30:51 | arguments | -| lib.js:30:43:30:51 | arguments | -| lib.js:32:7:32:20 | path | -| lib.js:32:14:32:17 | args | -| lib.js:32:14:32:20 | args[1] | -| lib.js:34:3:34:14 | obj[path[0]] | -| lib.js:34:3:34:14 | obj[path[0]] | -| lib.js:34:7:34:10 | path | -| lib.js:34:7:34:13 | path[0] | -| lib.js:38:9:38:36 | args | -| lib.js:38:16:38:36 | Array.f ... uments) | -| lib.js:38:27:38:35 | arguments | -| lib.js:38:27:38:35 | arguments | -| lib.js:40:7:40:20 | path | -| lib.js:40:14:40:17 | args | -| lib.js:40:14:40:20 | args[1] | -| lib.js:42:3:42:14 | obj[path[0]] | -| lib.js:42:3:42:14 | obj[path[0]] | -| lib.js:42:7:42:10 | path | -| lib.js:42:7:42:13 | path[0] | -| lib.js:45:13:45:13 | s | -| lib.js:45:13:45:13 | s | -| lib.js:46:10:46:10 | s | -| lib.js:52:9:52:22 | path | -| lib.js:52:16:52:22 | id("x") | -| lib.js:55:11:55:22 | obj[path[0]] | -| lib.js:55:11:55:22 | obj[path[0]] | -| lib.js:55:15:55:18 | path | -| lib.js:55:15:55:21 | path[0] | -| lib.js:59:18:59:18 | s | -| lib.js:59:18:59:18 | s | -| lib.js:61:17:61:17 | s | -| lib.js:68:11:68:26 | path | -| lib.js:68:18:68:26 | this.path | -| lib.js:70:13:70:24 | obj[path[0]] | -| lib.js:70:13:70:24 | obj[path[0]] | -| lib.js:70:17:70:20 | path | -| lib.js:70:17:70:23 | path[0] | -| lib.js:83:7:83:25 | path | -| lib.js:83:14:83:22 | arguments | -| lib.js:83:14:83:22 | arguments | -| lib.js:83:14:83:25 | arguments[1] | -| lib.js:86:7:86:26 | proto | -| lib.js:86:15:86:26 | obj[path[0]] | -| lib.js:86:19:86:22 | path | -| lib.js:86:19:86:25 | path[0] | -| lib.js:87:10:87:14 | proto | -| lib.js:87:10:87:14 | proto | -| lib.js:90:43:90:46 | path | -| lib.js:90:43:90:46 | path | -| lib.js:91:7:91:28 | maybeProto | -| lib.js:91:20:91:28 | obj[path] | -| lib.js:91:24:91:27 | path | -| lib.js:92:3:92:12 | maybeProto | -| lib.js:92:3:92:12 | maybeProto | -| lib.js:95:3:95:12 | maybeProto | -| lib.js:95:3:95:12 | maybeProto | -| lib.js:104:7:104:24 | one | -| lib.js:104:13:104:21 | arguments | -| lib.js:104:13:104:21 | arguments | -| lib.js:104:13:104:24 | arguments[1] | -| lib.js:108:3:108:10 | obj[one] | -| lib.js:108:3:108:10 | obj[one] | -| lib.js:108:7:108:9 | one | -| lib.js:118:29:118:32 | path | -| lib.js:118:29:118:32 | path | -| lib.js:119:13:119:24 | obj[path[0]] | -| lib.js:119:13:119:24 | obj[path[0]] | -| lib.js:119:17:119:20 | path | -| lib.js:119:17:119:23 | path[0] | -| lib.js:127:14:127:17 | path | -| lib.js:127:14:127:17 | path | -| lib.js:128:9:128:20 | obj[path[0]] | -| lib.js:128:9:128:20 | obj[path[0]] | -| lib.js:128:13:128:16 | path | -| lib.js:128:13:128:19 | path[0] | -| otherlib/src/otherlibimpl.js:1:37:1:40 | path | -| otherlib/src/otherlibimpl.js:1:37:1:40 | path | -| otherlib/src/otherlibimpl.js:2:3:2:14 | obj[path[0]] | -| otherlib/src/otherlibimpl.js:2:3:2:14 | obj[path[0]] | -| otherlib/src/otherlibimpl.js:2:7:2:10 | path | -| otherlib/src/otherlibimpl.js:2:7:2:13 | path[0] | -| sublib/other.js:5:28:5:31 | path | -| sublib/other.js:5:28:5:31 | path | -| sublib/other.js:6:7:6:18 | obj[path[0]] | -| sublib/other.js:6:7:6:18 | obj[path[0]] | -| sublib/other.js:6:11:6:14 | path | -| sublib/other.js:6:11:6:17 | path[0] | -| sublib/sub.js:1:37:1:40 | path | -| sublib/sub.js:1:37:1:40 | path | -| sublib/sub.js:2:3:2:14 | obj[path[0]] | -| sublib/sub.js:2:3:2:14 | obj[path[0]] | -| sublib/sub.js:2:7:2:10 | path | -| sublib/sub.js:2:7:2:13 | path[0] | -| tst.js:5:9:5:38 | taint | -| tst.js:5:17:5:38 | String( ... y.data) | -| tst.js:5:24:5:37 | req.query.data | -| tst.js:5:24:5:37 | req.query.data | -| tst.js:8:5:8:17 | object[taint] | -| tst.js:8:5:8:17 | object[taint] | -| tst.js:8:12:8:16 | taint | -| tst.js:9:5:9:17 | object[taint] | -| tst.js:9:5:9:17 | object[taint] | -| tst.js:9:12:9:16 | taint | -| tst.js:12:18:12:30 | object[taint] | -| tst.js:12:25:12:29 | taint | -| tst.js:14:5:14:32 | unsafeG ... taint) | -| tst.js:14:5:14:32 | unsafeG ... taint) | -| tst.js:14:27:14:31 | taint | -| tst.js:33:23:33:25 | obj | -| tst.js:34:5:34:7 | obj | -| tst.js:34:5:34:7 | obj | -| tst.js:39:9:39:11 | obj | -| tst.js:39:9:39:11 | obj | -| tst.js:45:9:45:11 | obj | -| tst.js:45:9:45:11 | obj | -| tst.js:48:9:48:11 | obj | -| tst.js:48:9:48:11 | obj | -| tst.js:77:9:77:38 | taint | -| tst.js:77:17:77:38 | String( ... y.data) | -| tst.js:77:24:77:37 | req.query.data | -| tst.js:77:24:77:37 | req.query.data | -| tst.js:80:5:80:17 | object[taint] | -| tst.js:80:5:80:17 | object[taint] | -| tst.js:80:12:80:16 | taint | -| tst.js:82:5:82:22 | object["" + taint] | -| tst.js:82:5:82:22 | object["" + taint] | -| tst.js:82:12:82:21 | "" + taint | -| tst.js:82:17:82:21 | taint | -| tst.js:87:9:87:21 | object[taint] | -| tst.js:87:9:87:21 | object[taint] | -| tst.js:87:16:87:20 | taint | -| tst.js:94:5:94:37 | obj[req ... ', '')] | -| tst.js:94:5:94:37 | obj[req ... ', '')] | -| tst.js:94:9:94:19 | req.query.x | -| tst.js:94:9:94:19 | req.query.x | -| tst.js:94:9:94:36 | req.que ... _', '') | -| tst.js:97:5:97:46 | obj[req ... g, '')] | -| tst.js:97:5:97:46 | obj[req ... g, '')] | -| tst.js:97:9:97:19 | req.query.x | -| tst.js:97:9:97:19 | req.query.x | -| tst.js:97:9:97:45 | req.que ... /g, '') | -| tst.js:102:9:102:38 | taint | -| tst.js:102:17:102:38 | String( ... y.data) | -| tst.js:102:24:102:37 | req.query.data | -| tst.js:102:24:102:37 | req.query.data | -| tst.js:105:5:105:17 | object[taint] | -| tst.js:105:5:105:17 | object[taint] | -| tst.js:105:12:105:16 | taint | edges -| lib.js:1:38:1:40 | obj | lib.js:6:7:6:9 | obj | -| lib.js:1:38:1:40 | obj | lib.js:6:7:6:9 | obj | -| lib.js:1:43:1:46 | path | lib.js:2:21:2:24 | path | -| lib.js:1:43:1:46 | path | lib.js:2:21:2:24 | path | -| lib.js:1:43:1:46 | path | lib.js:2:21:2:24 | path | -| lib.js:1:43:1:46 | path | lib.js:11:35:11:38 | path | -| lib.js:1:43:1:46 | path | lib.js:11:35:11:38 | path | -| lib.js:1:43:1:46 | path | lib.js:11:35:11:38 | path | -| lib.js:2:7:2:27 | currentPath | lib.js:11:21:11:31 | currentPath | -| lib.js:2:7:2:27 | currentPath | lib.js:11:21:11:31 | currentPath | -| lib.js:2:21:2:24 | path | lib.js:2:21:2:27 | path[0] | -| lib.js:2:21:2:24 | path | lib.js:2:21:2:27 | path[0] | -| lib.js:2:21:2:27 | path[0] | lib.js:2:7:2:27 | currentPath | -| lib.js:2:21:2:27 | path[0] | lib.js:2:7:2:27 | currentPath | -| lib.js:11:17:11:32 | obj[currentPath] | lib.js:1:38:1:40 | obj | -| lib.js:11:17:11:32 | obj[currentPath] | lib.js:1:38:1:40 | obj | -| lib.js:11:21:11:31 | currentPath | lib.js:11:17:11:32 | obj[currentPath] | -| lib.js:11:21:11:31 | currentPath | lib.js:11:17:11:32 | obj[currentPath] | -| lib.js:11:35:11:38 | path | lib.js:11:35:11:47 | path.slice(1) | -| lib.js:11:35:11:38 | path | lib.js:11:35:11:47 | path.slice(1) | -| lib.js:11:35:11:47 | path.slice(1) | lib.js:1:43:1:46 | path | -| lib.js:11:35:11:47 | path.slice(1) | lib.js:1:43:1:46 | path | -| lib.js:14:38:14:41 | path | lib.js:15:7:15:10 | path | -| lib.js:14:38:14:41 | path | lib.js:15:7:15:10 | path | -| lib.js:15:7:15:10 | path | lib.js:15:7:15:13 | path[0] | -| lib.js:15:7:15:13 | path[0] | lib.js:15:3:15:14 | obj[path[0]] | -| lib.js:15:7:15:13 | path[0] | lib.js:15:3:15:14 | obj[path[0]] | -| lib.js:20:7:20:25 | path | lib.js:22:7:22:10 | path | -| lib.js:20:14:20:22 | arguments | lib.js:20:14:20:25 | arguments[1] | -| lib.js:20:14:20:22 | arguments | lib.js:20:14:20:25 | arguments[1] | -| lib.js:20:14:20:25 | arguments[1] | lib.js:20:7:20:25 | path | -| lib.js:22:7:22:10 | path | lib.js:22:7:22:13 | path[0] | -| lib.js:22:7:22:13 | path[0] | lib.js:22:3:22:14 | obj[path[0]] | -| lib.js:22:7:22:13 | path[0] | lib.js:22:3:22:14 | obj[path[0]] | -| lib.js:25:44:25:47 | path | lib.js:26:14:26:17 | path | -| lib.js:25:44:25:47 | path | lib.js:26:14:26:17 | path | -| lib.js:26:14:26:17 | path | lib.js:26:14:26:20 | path[0] | -| lib.js:26:14:26:20 | path[0] | lib.js:26:10:26:21 | obj[path[0]] | -| lib.js:26:14:26:20 | path[0] | lib.js:26:10:26:21 | obj[path[0]] | -| lib.js:30:9:30:52 | args | lib.js:32:14:32:17 | args | -| lib.js:30:16:30:52 | Array.p ... uments) | lib.js:30:9:30:52 | args | -| lib.js:30:43:30:51 | arguments | lib.js:30:16:30:52 | Array.p ... uments) | -| lib.js:30:43:30:51 | arguments | lib.js:30:16:30:52 | Array.p ... uments) | -| lib.js:32:7:32:20 | path | lib.js:34:7:34:10 | path | -| lib.js:32:14:32:17 | args | lib.js:32:14:32:20 | args[1] | -| lib.js:32:14:32:20 | args[1] | lib.js:32:7:32:20 | path | -| lib.js:34:7:34:10 | path | lib.js:34:7:34:13 | path[0] | -| lib.js:34:7:34:13 | path[0] | lib.js:34:3:34:14 | obj[path[0]] | -| lib.js:34:7:34:13 | path[0] | lib.js:34:3:34:14 | obj[path[0]] | -| lib.js:38:9:38:36 | args | lib.js:40:14:40:17 | args | -| lib.js:38:16:38:36 | Array.f ... uments) | lib.js:38:9:38:36 | args | -| lib.js:38:27:38:35 | arguments | lib.js:38:16:38:36 | Array.f ... uments) | -| lib.js:38:27:38:35 | arguments | lib.js:38:16:38:36 | Array.f ... uments) | -| lib.js:40:7:40:20 | path | lib.js:42:7:42:10 | path | -| lib.js:40:14:40:17 | args | lib.js:40:14:40:20 | args[1] | -| lib.js:40:14:40:20 | args[1] | lib.js:40:7:40:20 | path | -| lib.js:42:7:42:10 | path | lib.js:42:7:42:13 | path[0] | -| lib.js:42:7:42:13 | path[0] | lib.js:42:3:42:14 | obj[path[0]] | -| lib.js:42:7:42:13 | path[0] | lib.js:42:3:42:14 | obj[path[0]] | -| lib.js:45:13:45:13 | s | lib.js:46:10:46:10 | s | -| lib.js:45:13:45:13 | s | lib.js:46:10:46:10 | s | -| lib.js:46:10:46:10 | s | lib.js:52:16:52:22 | id("x") | -| lib.js:52:9:52:22 | path | lib.js:55:15:55:18 | path | -| lib.js:52:16:52:22 | id("x") | lib.js:52:9:52:22 | path | -| lib.js:55:15:55:18 | path | lib.js:55:15:55:21 | path[0] | -| lib.js:55:15:55:21 | path[0] | lib.js:55:11:55:22 | obj[path[0]] | -| lib.js:55:15:55:21 | path[0] | lib.js:55:11:55:22 | obj[path[0]] | -| lib.js:59:18:59:18 | s | lib.js:61:17:61:17 | s | -| lib.js:59:18:59:18 | s | lib.js:61:17:61:17 | s | -| lib.js:61:17:61:17 | s | lib.js:68:11:68:26 | path | -| lib.js:61:17:61:17 | s | lib.js:68:18:68:26 | this.path | -| lib.js:61:17:61:17 | s | lib.js:70:17:70:20 | path | -| lib.js:68:11:68:26 | path | lib.js:70:17:70:20 | path | -| lib.js:68:18:68:26 | this.path | lib.js:68:11:68:26 | path | -| lib.js:70:17:70:20 | path | lib.js:70:17:70:23 | path[0] | -| lib.js:70:17:70:23 | path[0] | lib.js:70:13:70:24 | obj[path[0]] | -| lib.js:70:17:70:23 | path[0] | lib.js:70:13:70:24 | obj[path[0]] | -| lib.js:83:7:83:25 | path | lib.js:86:19:86:22 | path | -| lib.js:83:14:83:22 | arguments | lib.js:83:14:83:25 | arguments[1] | -| lib.js:83:14:83:22 | arguments | lib.js:83:14:83:25 | arguments[1] | -| lib.js:83:14:83:25 | arguments[1] | lib.js:83:7:83:25 | path | -| lib.js:86:7:86:26 | proto | lib.js:87:10:87:14 | proto | -| lib.js:86:7:86:26 | proto | lib.js:87:10:87:14 | proto | -| lib.js:86:15:86:26 | obj[path[0]] | lib.js:86:7:86:26 | proto | -| lib.js:86:19:86:22 | path | lib.js:86:19:86:25 | path[0] | -| lib.js:86:19:86:25 | path[0] | lib.js:86:15:86:26 | obj[path[0]] | -| lib.js:90:43:90:46 | path | lib.js:91:24:91:27 | path | -| lib.js:90:43:90:46 | path | lib.js:91:24:91:27 | path | -| lib.js:91:7:91:28 | maybeProto | lib.js:92:3:92:12 | maybeProto | -| lib.js:91:7:91:28 | maybeProto | lib.js:92:3:92:12 | maybeProto | -| lib.js:91:7:91:28 | maybeProto | lib.js:95:3:95:12 | maybeProto | -| lib.js:91:7:91:28 | maybeProto | lib.js:95:3:95:12 | maybeProto | -| lib.js:91:20:91:28 | obj[path] | lib.js:91:7:91:28 | maybeProto | -| lib.js:91:24:91:27 | path | lib.js:91:20:91:28 | obj[path] | -| lib.js:104:7:104:24 | one | lib.js:108:7:108:9 | one | -| lib.js:104:13:104:21 | arguments | lib.js:104:13:104:24 | arguments[1] | -| lib.js:104:13:104:21 | arguments | lib.js:104:13:104:24 | arguments[1] | -| lib.js:104:13:104:24 | arguments[1] | lib.js:104:7:104:24 | one | -| lib.js:108:7:108:9 | one | lib.js:108:3:108:10 | obj[one] | -| lib.js:108:7:108:9 | one | lib.js:108:3:108:10 | obj[one] | -| lib.js:118:29:118:32 | path | lib.js:119:17:119:20 | path | -| lib.js:118:29:118:32 | path | lib.js:119:17:119:20 | path | -| lib.js:119:17:119:20 | path | lib.js:119:17:119:23 | path[0] | -| lib.js:119:17:119:23 | path[0] | lib.js:119:13:119:24 | obj[path[0]] | -| lib.js:119:17:119:23 | path[0] | lib.js:119:13:119:24 | obj[path[0]] | -| lib.js:127:14:127:17 | path | lib.js:128:13:128:16 | path | -| lib.js:127:14:127:17 | path | lib.js:128:13:128:16 | path | -| lib.js:128:13:128:16 | path | lib.js:128:13:128:19 | path[0] | -| lib.js:128:13:128:19 | path[0] | lib.js:128:9:128:20 | obj[path[0]] | -| lib.js:128:13:128:19 | path[0] | lib.js:128:9:128:20 | obj[path[0]] | -| otherlib/src/otherlibimpl.js:1:37:1:40 | path | otherlib/src/otherlibimpl.js:2:7:2:10 | path | -| otherlib/src/otherlibimpl.js:1:37:1:40 | path | otherlib/src/otherlibimpl.js:2:7:2:10 | path | -| otherlib/src/otherlibimpl.js:2:7:2:10 | path | otherlib/src/otherlibimpl.js:2:7:2:13 | path[0] | -| otherlib/src/otherlibimpl.js:2:7:2:13 | path[0] | otherlib/src/otherlibimpl.js:2:3:2:14 | obj[path[0]] | -| otherlib/src/otherlibimpl.js:2:7:2:13 | path[0] | otherlib/src/otherlibimpl.js:2:3:2:14 | obj[path[0]] | -| sublib/other.js:5:28:5:31 | path | sublib/other.js:6:11:6:14 | path | -| sublib/other.js:5:28:5:31 | path | sublib/other.js:6:11:6:14 | path | -| sublib/other.js:6:11:6:14 | path | sublib/other.js:6:11:6:17 | path[0] | -| sublib/other.js:6:11:6:17 | path[0] | sublib/other.js:6:7:6:18 | obj[path[0]] | -| sublib/other.js:6:11:6:17 | path[0] | sublib/other.js:6:7:6:18 | obj[path[0]] | -| sublib/sub.js:1:37:1:40 | path | sublib/sub.js:2:7:2:10 | path | -| sublib/sub.js:1:37:1:40 | path | sublib/sub.js:2:7:2:10 | path | -| sublib/sub.js:2:7:2:10 | path | sublib/sub.js:2:7:2:13 | path[0] | -| sublib/sub.js:2:7:2:13 | path[0] | sublib/sub.js:2:3:2:14 | obj[path[0]] | -| sublib/sub.js:2:7:2:13 | path[0] | sublib/sub.js:2:3:2:14 | obj[path[0]] | -| tst.js:5:9:5:38 | taint | tst.js:8:12:8:16 | taint | -| tst.js:5:9:5:38 | taint | tst.js:9:12:9:16 | taint | -| tst.js:5:9:5:38 | taint | tst.js:12:25:12:29 | taint | -| tst.js:5:9:5:38 | taint | tst.js:14:27:14:31 | taint | -| tst.js:5:17:5:38 | String( ... y.data) | tst.js:5:9:5:38 | taint | -| tst.js:5:24:5:37 | req.query.data | tst.js:5:17:5:38 | String( ... y.data) | -| tst.js:5:24:5:37 | req.query.data | tst.js:5:17:5:38 | String( ... y.data) | -| tst.js:8:12:8:16 | taint | tst.js:8:5:8:17 | object[taint] | -| tst.js:8:12:8:16 | taint | tst.js:8:5:8:17 | object[taint] | -| tst.js:9:12:9:16 | taint | tst.js:9:5:9:17 | object[taint] | -| tst.js:9:12:9:16 | taint | tst.js:9:5:9:17 | object[taint] | -| tst.js:12:18:12:30 | object[taint] | tst.js:33:23:33:25 | obj | -| tst.js:12:25:12:29 | taint | tst.js:12:18:12:30 | object[taint] | -| tst.js:14:27:14:31 | taint | tst.js:14:5:14:32 | unsafeG ... taint) | -| tst.js:14:27:14:31 | taint | tst.js:14:5:14:32 | unsafeG ... taint) | -| tst.js:33:23:33:25 | obj | tst.js:34:5:34:7 | obj | -| tst.js:33:23:33:25 | obj | tst.js:34:5:34:7 | obj | -| tst.js:33:23:33:25 | obj | tst.js:39:9:39:11 | obj | -| tst.js:33:23:33:25 | obj | tst.js:39:9:39:11 | obj | -| tst.js:33:23:33:25 | obj | tst.js:45:9:45:11 | obj | -| tst.js:33:23:33:25 | obj | tst.js:45:9:45:11 | obj | -| tst.js:33:23:33:25 | obj | tst.js:48:9:48:11 | obj | -| tst.js:33:23:33:25 | obj | tst.js:48:9:48:11 | obj | -| tst.js:77:9:77:38 | taint | tst.js:80:12:80:16 | taint | -| tst.js:77:9:77:38 | taint | tst.js:82:17:82:21 | taint | -| tst.js:77:9:77:38 | taint | tst.js:87:16:87:20 | taint | -| tst.js:77:17:77:38 | String( ... y.data) | tst.js:77:9:77:38 | taint | -| tst.js:77:24:77:37 | req.query.data | tst.js:77:17:77:38 | String( ... y.data) | -| tst.js:77:24:77:37 | req.query.data | tst.js:77:17:77:38 | String( ... y.data) | -| tst.js:80:12:80:16 | taint | tst.js:80:5:80:17 | object[taint] | -| tst.js:80:12:80:16 | taint | tst.js:80:5:80:17 | object[taint] | -| tst.js:82:12:82:21 | "" + taint | tst.js:82:5:82:22 | object["" + taint] | -| tst.js:82:12:82:21 | "" + taint | tst.js:82:5:82:22 | object["" + taint] | -| tst.js:82:17:82:21 | taint | tst.js:82:12:82:21 | "" + taint | -| tst.js:87:16:87:20 | taint | tst.js:87:9:87:21 | object[taint] | -| tst.js:87:16:87:20 | taint | tst.js:87:9:87:21 | object[taint] | -| tst.js:94:9:94:19 | req.query.x | tst.js:94:9:94:36 | req.que ... _', '') | -| tst.js:94:9:94:19 | req.query.x | tst.js:94:9:94:36 | req.que ... _', '') | -| tst.js:94:9:94:36 | req.que ... _', '') | tst.js:94:5:94:37 | obj[req ... ', '')] | -| tst.js:94:9:94:36 | req.que ... _', '') | tst.js:94:5:94:37 | obj[req ... ', '')] | -| tst.js:97:9:97:19 | req.query.x | tst.js:97:9:97:45 | req.que ... /g, '') | -| tst.js:97:9:97:19 | req.query.x | tst.js:97:9:97:45 | req.que ... /g, '') | -| tst.js:97:9:97:45 | req.que ... /g, '') | tst.js:97:5:97:46 | obj[req ... g, '')] | -| tst.js:97:9:97:45 | req.que ... /g, '') | tst.js:97:5:97:46 | obj[req ... g, '')] | -| tst.js:102:9:102:38 | taint | tst.js:105:12:105:16 | taint | -| tst.js:102:17:102:38 | String( ... y.data) | tst.js:102:9:102:38 | taint | -| tst.js:102:24:102:37 | req.query.data | tst.js:102:17:102:38 | String( ... y.data) | -| tst.js:102:24:102:37 | req.query.data | tst.js:102:17:102:38 | String( ... y.data) | -| tst.js:105:12:105:16 | taint | tst.js:105:5:105:17 | object[taint] | -| tst.js:105:12:105:16 | taint | tst.js:105:5:105:17 | object[taint] | +| lib.js:1:38:1:40 | obj | lib.js:6:7:6:9 | obj | provenance | | +| lib.js:1:43:1:46 | path | lib.js:2:21:2:24 | path | provenance | | +| lib.js:2:7:2:27 | currentPath | lib.js:11:21:11:31 | currentPath | provenance | | +| lib.js:2:21:2:24 | path | lib.js:2:21:2:27 | path[0] | provenance | Config | +| lib.js:2:21:2:27 | path[0] | lib.js:2:7:2:27 | currentPath | provenance | | +| lib.js:11:17:11:32 | obj[currentPath] | lib.js:1:38:1:40 | obj | provenance | | +| lib.js:11:21:11:31 | currentPath | lib.js:11:17:11:32 | obj[currentPath] | provenance | Config | +| lib.js:14:38:14:41 | path | lib.js:15:7:15:10 | path | provenance | | +| lib.js:15:7:15:10 | path | lib.js:15:7:15:13 | path[0] | provenance | Config | +| lib.js:15:7:15:13 | path[0] | lib.js:15:3:15:14 | obj[path[0]] | provenance | Config | +| lib.js:20:7:20:25 | path | lib.js:22:7:22:10 | path | provenance | | +| lib.js:20:14:20:22 | arguments | lib.js:20:14:20:25 | arguments[1] | provenance | Config | +| lib.js:20:14:20:25 | arguments[1] | lib.js:20:7:20:25 | path | provenance | | +| lib.js:22:7:22:10 | path | lib.js:22:7:22:13 | path[0] | provenance | Config | +| lib.js:22:7:22:13 | path[0] | lib.js:22:3:22:14 | obj[path[0]] | provenance | Config | +| lib.js:25:44:25:47 | path | lib.js:26:14:26:17 | path | provenance | | +| lib.js:26:14:26:17 | path | lib.js:26:14:26:20 | path[0] | provenance | Config | +| lib.js:26:14:26:20 | path[0] | lib.js:26:10:26:21 | obj[path[0]] | provenance | Config | +| lib.js:30:9:30:52 | args | lib.js:32:14:32:17 | args | provenance | | +| lib.js:30:16:30:52 | Array.p ... uments) | lib.js:30:9:30:52 | args | provenance | | +| lib.js:30:16:30:52 | reflective call | lib.js:30:16:30:52 | Array.p ... uments) | provenance | | +| lib.js:30:43:30:51 | arguments | lib.js:30:16:30:52 | reflective call | provenance | Config | +| lib.js:32:7:32:20 | path | lib.js:34:7:34:10 | path | provenance | | +| lib.js:32:14:32:17 | args | lib.js:32:14:32:20 | args[1] | provenance | Config | +| lib.js:32:14:32:20 | args[1] | lib.js:32:7:32:20 | path | provenance | | +| lib.js:34:7:34:10 | path | lib.js:34:7:34:13 | path[0] | provenance | Config | +| lib.js:34:7:34:13 | path[0] | lib.js:34:3:34:14 | obj[path[0]] | provenance | Config | +| lib.js:38:9:38:36 | args | lib.js:40:14:40:17 | args | provenance | | +| lib.js:38:16:38:36 | Array.f ... uments) | lib.js:38:9:38:36 | args | provenance | | +| lib.js:38:27:38:35 | arguments | lib.js:38:16:38:36 | Array.f ... uments) | provenance | Config | +| lib.js:40:7:40:20 | path | lib.js:42:7:42:10 | path | provenance | | +| lib.js:40:14:40:17 | args | lib.js:40:14:40:20 | args[1] | provenance | Config | +| lib.js:40:14:40:20 | args[1] | lib.js:40:7:40:20 | path | provenance | | +| lib.js:42:7:42:10 | path | lib.js:42:7:42:13 | path[0] | provenance | Config | +| lib.js:42:7:42:13 | path[0] | lib.js:42:3:42:14 | obj[path[0]] | provenance | Config | +| lib.js:83:7:83:25 | path | lib.js:86:19:86:22 | path | provenance | | +| lib.js:83:14:83:22 | arguments | lib.js:83:14:83:25 | arguments[1] | provenance | Config | +| lib.js:83:14:83:25 | arguments[1] | lib.js:83:7:83:25 | path | provenance | | +| lib.js:86:7:86:26 | proto | lib.js:87:10:87:14 | proto | provenance | | +| lib.js:86:15:86:26 | obj[path[0]] | lib.js:86:7:86:26 | proto | provenance | | +| lib.js:86:19:86:22 | path | lib.js:86:19:86:25 | path[0] | provenance | Config | +| lib.js:86:19:86:25 | path[0] | lib.js:86:15:86:26 | obj[path[0]] | provenance | Config | +| lib.js:90:43:90:46 | path | lib.js:91:24:91:27 | path | provenance | | +| lib.js:91:7:91:28 | maybeProto | lib.js:92:3:92:12 | maybeProto | provenance | | +| lib.js:91:7:91:28 | maybeProto | lib.js:95:3:95:12 | maybeProto | provenance | | +| lib.js:91:20:91:28 | obj[path] | lib.js:91:7:91:28 | maybeProto | provenance | | +| lib.js:91:24:91:27 | path | lib.js:91:20:91:28 | obj[path] | provenance | Config | +| lib.js:104:7:104:24 | one | lib.js:108:7:108:9 | one | provenance | | +| lib.js:104:13:104:21 | arguments | lib.js:104:13:104:24 | arguments[1] | provenance | Config | +| lib.js:104:13:104:24 | arguments[1] | lib.js:104:7:104:24 | one | provenance | | +| lib.js:108:7:108:9 | one | lib.js:108:3:108:10 | obj[one] | provenance | Config | +| lib.js:118:29:118:32 | path | lib.js:119:17:119:20 | path | provenance | | +| lib.js:119:17:119:20 | path | lib.js:119:17:119:23 | path[0] | provenance | Config | +| lib.js:119:17:119:23 | path[0] | lib.js:119:13:119:24 | obj[path[0]] | provenance | Config | +| lib.js:127:14:127:17 | path | lib.js:128:13:128:16 | path | provenance | | +| lib.js:128:13:128:16 | path | lib.js:128:13:128:19 | path[0] | provenance | Config | +| lib.js:128:13:128:19 | path[0] | lib.js:128:9:128:20 | obj[path[0]] | provenance | Config | +| otherlib/src/otherlibimpl.js:1:37:1:40 | path | otherlib/src/otherlibimpl.js:2:7:2:10 | path | provenance | | +| otherlib/src/otherlibimpl.js:2:7:2:10 | path | otherlib/src/otherlibimpl.js:2:7:2:13 | path[0] | provenance | Config | +| otherlib/src/otherlibimpl.js:2:7:2:13 | path[0] | otherlib/src/otherlibimpl.js:2:3:2:14 | obj[path[0]] | provenance | Config | +| sublib/other.js:5:28:5:31 | path | sublib/other.js:6:11:6:14 | path | provenance | | +| sublib/other.js:6:11:6:14 | path | sublib/other.js:6:11:6:17 | path[0] | provenance | Config | +| sublib/other.js:6:11:6:17 | path[0] | sublib/other.js:6:7:6:18 | obj[path[0]] | provenance | Config | +| sublib/sub.js:1:37:1:40 | path | sublib/sub.js:2:7:2:10 | path | provenance | | +| sublib/sub.js:2:7:2:10 | path | sublib/sub.js:2:7:2:13 | path[0] | provenance | Config | +| sublib/sub.js:2:7:2:13 | path[0] | sublib/sub.js:2:3:2:14 | obj[path[0]] | provenance | Config | +| tst.js:5:9:5:38 | taint | tst.js:8:12:8:16 | taint | provenance | | +| tst.js:5:9:5:38 | taint | tst.js:9:12:9:16 | taint | provenance | | +| tst.js:5:9:5:38 | taint | tst.js:12:25:12:29 | taint | provenance | | +| tst.js:5:9:5:38 | taint | tst.js:14:27:14:31 | taint | provenance | | +| tst.js:5:17:5:38 | String( ... y.data) | tst.js:5:9:5:38 | taint | provenance | | +| tst.js:5:24:5:37 | req.query.data | tst.js:5:17:5:38 | String( ... y.data) | provenance | Config | +| tst.js:8:12:8:16 | taint | tst.js:8:5:8:17 | object[taint] | provenance | Config | +| tst.js:9:12:9:16 | taint | tst.js:9:5:9:17 | object[taint] | provenance | Config | +| tst.js:12:18:12:30 | object[taint] | tst.js:33:23:33:25 | obj | provenance | | +| tst.js:12:25:12:29 | taint | tst.js:12:18:12:30 | object[taint] | provenance | Config | +| tst.js:14:27:14:31 | taint | tst.js:14:5:14:32 | unsafeG ... taint) | provenance | Config | +| tst.js:14:27:14:31 | taint | tst.js:55:29:55:32 | prop | provenance | | +| tst.js:33:23:33:25 | obj | tst.js:34:5:34:7 | obj | provenance | | +| tst.js:33:23:33:25 | obj | tst.js:39:9:39:11 | obj | provenance | | +| tst.js:33:23:33:25 | obj | tst.js:45:9:45:11 | obj | provenance | | +| tst.js:33:23:33:25 | obj | tst.js:48:9:48:11 | obj | provenance | | +| tst.js:55:29:55:32 | prop | tst.js:56:22:56:25 | prop | provenance | | +| tst.js:56:18:56:26 | obj[prop] | tst.js:56:12:56:33 | obj ? o ... : null | provenance | | +| tst.js:56:22:56:25 | prop | tst.js:56:18:56:26 | obj[prop] | provenance | Config | +| tst.js:77:9:77:38 | taint | tst.js:80:12:80:16 | taint | provenance | | +| tst.js:77:9:77:38 | taint | tst.js:82:17:82:21 | taint | provenance | | +| tst.js:77:9:77:38 | taint | tst.js:87:16:87:20 | taint | provenance | | +| tst.js:77:17:77:38 | String( ... y.data) | tst.js:77:9:77:38 | taint | provenance | | +| tst.js:77:24:77:37 | req.query.data | tst.js:77:17:77:38 | String( ... y.data) | provenance | Config | +| tst.js:80:12:80:16 | taint | tst.js:80:5:80:17 | object[taint] | provenance | Config | +| tst.js:82:12:82:21 | "" + taint | tst.js:82:5:82:22 | object["" + taint] | provenance | Config | +| tst.js:82:17:82:21 | taint | tst.js:82:12:82:21 | "" + taint | provenance | Config | +| tst.js:87:16:87:20 | taint | tst.js:87:9:87:21 | object[taint] | provenance | Config | +| tst.js:94:9:94:19 | req.query.x | tst.js:94:9:94:36 | req.que ... _', '') | provenance | Config | +| tst.js:94:9:94:36 | req.que ... _', '') | tst.js:94:5:94:37 | obj[req ... ', '')] | provenance | Config | +| tst.js:97:9:97:19 | req.query.x | tst.js:97:9:97:45 | req.que ... /g, '') | provenance | Config | +| tst.js:97:9:97:45 | req.que ... /g, '') | tst.js:97:5:97:46 | obj[req ... g, '')] | provenance | Config | +| tst.js:102:9:102:38 | taint | tst.js:105:12:105:16 | taint | provenance | | +| tst.js:102:17:102:38 | String( ... y.data) | tst.js:102:9:102:38 | taint | provenance | | +| tst.js:102:24:102:37 | req.query.data | tst.js:102:17:102:38 | String( ... y.data) | provenance | Config | +| tst.js:105:12:105:16 | taint | tst.js:105:5:105:17 | object[taint] | provenance | Config | +nodes +| lib.js:1:38:1:40 | obj | semmle.label | obj | +| lib.js:1:43:1:46 | path | semmle.label | path | +| lib.js:2:7:2:27 | currentPath | semmle.label | currentPath | +| lib.js:2:21:2:24 | path | semmle.label | path | +| lib.js:2:21:2:27 | path[0] | semmle.label | path[0] | +| lib.js:6:7:6:9 | obj | semmle.label | obj | +| lib.js:11:17:11:32 | obj[currentPath] | semmle.label | obj[currentPath] | +| lib.js:11:21:11:31 | currentPath | semmle.label | currentPath | +| lib.js:14:38:14:41 | path | semmle.label | path | +| lib.js:15:3:15:14 | obj[path[0]] | semmle.label | obj[path[0]] | +| lib.js:15:7:15:10 | path | semmle.label | path | +| lib.js:15:7:15:13 | path[0] | semmle.label | path[0] | +| lib.js:20:7:20:25 | path | semmle.label | path | +| lib.js:20:14:20:22 | arguments | semmle.label | arguments | +| lib.js:20:14:20:25 | arguments[1] | semmle.label | arguments[1] | +| lib.js:22:3:22:14 | obj[path[0]] | semmle.label | obj[path[0]] | +| lib.js:22:7:22:10 | path | semmle.label | path | +| lib.js:22:7:22:13 | path[0] | semmle.label | path[0] | +| lib.js:25:44:25:47 | path | semmle.label | path | +| lib.js:26:10:26:21 | obj[path[0]] | semmle.label | obj[path[0]] | +| lib.js:26:14:26:17 | path | semmle.label | path | +| lib.js:26:14:26:20 | path[0] | semmle.label | path[0] | +| lib.js:30:9:30:52 | args | semmle.label | args | +| lib.js:30:16:30:52 | Array.p ... uments) | semmle.label | Array.p ... uments) | +| lib.js:30:16:30:52 | reflective call | semmle.label | reflective call | +| lib.js:30:43:30:51 | arguments | semmle.label | arguments | +| lib.js:32:7:32:20 | path | semmle.label | path | +| lib.js:32:14:32:17 | args | semmle.label | args | +| lib.js:32:14:32:20 | args[1] | semmle.label | args[1] | +| lib.js:34:3:34:14 | obj[path[0]] | semmle.label | obj[path[0]] | +| lib.js:34:7:34:10 | path | semmle.label | path | +| lib.js:34:7:34:13 | path[0] | semmle.label | path[0] | +| lib.js:38:9:38:36 | args | semmle.label | args | +| lib.js:38:16:38:36 | Array.f ... uments) | semmle.label | Array.f ... uments) | +| lib.js:38:27:38:35 | arguments | semmle.label | arguments | +| lib.js:40:7:40:20 | path | semmle.label | path | +| lib.js:40:14:40:17 | args | semmle.label | args | +| lib.js:40:14:40:20 | args[1] | semmle.label | args[1] | +| lib.js:42:3:42:14 | obj[path[0]] | semmle.label | obj[path[0]] | +| lib.js:42:7:42:10 | path | semmle.label | path | +| lib.js:42:7:42:13 | path[0] | semmle.label | path[0] | +| lib.js:83:7:83:25 | path | semmle.label | path | +| lib.js:83:14:83:22 | arguments | semmle.label | arguments | +| lib.js:83:14:83:25 | arguments[1] | semmle.label | arguments[1] | +| lib.js:86:7:86:26 | proto | semmle.label | proto | +| lib.js:86:15:86:26 | obj[path[0]] | semmle.label | obj[path[0]] | +| lib.js:86:19:86:22 | path | semmle.label | path | +| lib.js:86:19:86:25 | path[0] | semmle.label | path[0] | +| lib.js:87:10:87:14 | proto | semmle.label | proto | +| lib.js:90:43:90:46 | path | semmle.label | path | +| lib.js:91:7:91:28 | maybeProto | semmle.label | maybeProto | +| lib.js:91:20:91:28 | obj[path] | semmle.label | obj[path] | +| lib.js:91:24:91:27 | path | semmle.label | path | +| lib.js:92:3:92:12 | maybeProto | semmle.label | maybeProto | +| lib.js:95:3:95:12 | maybeProto | semmle.label | maybeProto | +| lib.js:104:7:104:24 | one | semmle.label | one | +| lib.js:104:13:104:21 | arguments | semmle.label | arguments | +| lib.js:104:13:104:24 | arguments[1] | semmle.label | arguments[1] | +| lib.js:108:3:108:10 | obj[one] | semmle.label | obj[one] | +| lib.js:108:7:108:9 | one | semmle.label | one | +| lib.js:118:29:118:32 | path | semmle.label | path | +| lib.js:119:13:119:24 | obj[path[0]] | semmle.label | obj[path[0]] | +| lib.js:119:17:119:20 | path | semmle.label | path | +| lib.js:119:17:119:23 | path[0] | semmle.label | path[0] | +| lib.js:127:14:127:17 | path | semmle.label | path | +| lib.js:128:9:128:20 | obj[path[0]] | semmle.label | obj[path[0]] | +| lib.js:128:13:128:16 | path | semmle.label | path | +| lib.js:128:13:128:19 | path[0] | semmle.label | path[0] | +| otherlib/src/otherlibimpl.js:1:37:1:40 | path | semmle.label | path | +| otherlib/src/otherlibimpl.js:2:3:2:14 | obj[path[0]] | semmle.label | obj[path[0]] | +| otherlib/src/otherlibimpl.js:2:7:2:10 | path | semmle.label | path | +| otherlib/src/otherlibimpl.js:2:7:2:13 | path[0] | semmle.label | path[0] | +| sublib/other.js:5:28:5:31 | path | semmle.label | path | +| sublib/other.js:6:7:6:18 | obj[path[0]] | semmle.label | obj[path[0]] | +| sublib/other.js:6:11:6:14 | path | semmle.label | path | +| sublib/other.js:6:11:6:17 | path[0] | semmle.label | path[0] | +| sublib/sub.js:1:37:1:40 | path | semmle.label | path | +| sublib/sub.js:2:3:2:14 | obj[path[0]] | semmle.label | obj[path[0]] | +| sublib/sub.js:2:7:2:10 | path | semmle.label | path | +| sublib/sub.js:2:7:2:13 | path[0] | semmle.label | path[0] | +| tst.js:5:9:5:38 | taint | semmle.label | taint | +| tst.js:5:17:5:38 | String( ... y.data) | semmle.label | String( ... y.data) | +| tst.js:5:24:5:37 | req.query.data | semmle.label | req.query.data | +| tst.js:8:5:8:17 | object[taint] | semmle.label | object[taint] | +| tst.js:8:12:8:16 | taint | semmle.label | taint | +| tst.js:9:5:9:17 | object[taint] | semmle.label | object[taint] | +| tst.js:9:12:9:16 | taint | semmle.label | taint | +| tst.js:12:18:12:30 | object[taint] | semmle.label | object[taint] | +| tst.js:12:25:12:29 | taint | semmle.label | taint | +| tst.js:14:5:14:32 | unsafeG ... taint) | semmle.label | unsafeG ... taint) | +| tst.js:14:27:14:31 | taint | semmle.label | taint | +| tst.js:33:23:33:25 | obj | semmle.label | obj | +| tst.js:34:5:34:7 | obj | semmle.label | obj | +| tst.js:39:9:39:11 | obj | semmle.label | obj | +| tst.js:45:9:45:11 | obj | semmle.label | obj | +| tst.js:48:9:48:11 | obj | semmle.label | obj | +| tst.js:55:29:55:32 | prop | semmle.label | prop | +| tst.js:56:12:56:33 | obj ? o ... : null | semmle.label | obj ? o ... : null | +| tst.js:56:18:56:26 | obj[prop] | semmle.label | obj[prop] | +| tst.js:56:22:56:25 | prop | semmle.label | prop | +| tst.js:77:9:77:38 | taint | semmle.label | taint | +| tst.js:77:17:77:38 | String( ... y.data) | semmle.label | String( ... y.data) | +| tst.js:77:24:77:37 | req.query.data | semmle.label | req.query.data | +| tst.js:80:5:80:17 | object[taint] | semmle.label | object[taint] | +| tst.js:80:12:80:16 | taint | semmle.label | taint | +| tst.js:82:5:82:22 | object["" + taint] | semmle.label | object["" + taint] | +| tst.js:82:12:82:21 | "" + taint | semmle.label | "" + taint | +| tst.js:82:17:82:21 | taint | semmle.label | taint | +| tst.js:87:9:87:21 | object[taint] | semmle.label | object[taint] | +| tst.js:87:16:87:20 | taint | semmle.label | taint | +| tst.js:94:5:94:37 | obj[req ... ', '')] | semmle.label | obj[req ... ', '')] | +| tst.js:94:9:94:19 | req.query.x | semmle.label | req.query.x | +| tst.js:94:9:94:36 | req.que ... _', '') | semmle.label | req.que ... _', '') | +| tst.js:97:5:97:46 | obj[req ... g, '')] | semmle.label | obj[req ... g, '')] | +| tst.js:97:9:97:19 | req.query.x | semmle.label | req.query.x | +| tst.js:97:9:97:45 | req.que ... /g, '') | semmle.label | req.que ... /g, '') | +| tst.js:102:9:102:38 | taint | semmle.label | taint | +| tst.js:102:17:102:38 | String( ... y.data) | semmle.label | String( ... y.data) | +| tst.js:102:24:102:37 | req.query.data | semmle.label | req.query.data | +| tst.js:105:5:105:17 | object[taint] | semmle.label | object[taint] | +| tst.js:105:12:105:16 | taint | semmle.label | taint | +subpaths +| tst.js:14:27:14:31 | taint | tst.js:55:29:55:32 | prop | tst.js:56:12:56:33 | obj ? o ... : null | tst.js:14:5:14:32 | unsafeG ... taint) | #select | lib.js:6:7:6:9 | obj | lib.js:1:43:1:46 | path | lib.js:6:7:6:9 | obj | This assignment may alter Object.prototype if a malicious '__proto__' string is injected from $@. | lib.js:1:43:1:46 | path | library input | | lib.js:15:3:15:14 | obj[path[0]] | lib.js:14:38:14:41 | path | lib.js:15:3:15:14 | obj[path[0]] | This assignment may alter Object.prototype if a malicious '__proto__' string is injected from $@. | lib.js:14:38:14:41 | path | library input | @@ -373,7 +232,6 @@ edges | lib.js:26:10:26:21 | obj[path[0]] | lib.js:25:44:25:47 | path | lib.js:26:10:26:21 | obj[path[0]] | This assignment may alter Object.prototype if a malicious '__proto__' string is injected from $@. | lib.js:25:44:25:47 | path | library input | | lib.js:34:3:34:14 | obj[path[0]] | lib.js:30:43:30:51 | arguments | lib.js:34:3:34:14 | obj[path[0]] | This assignment may alter Object.prototype if a malicious '__proto__' string is injected from $@. | lib.js:30:43:30:51 | arguments | library input | | lib.js:42:3:42:14 | obj[path[0]] | lib.js:38:27:38:35 | arguments | lib.js:42:3:42:14 | obj[path[0]] | This assignment may alter Object.prototype if a malicious '__proto__' string is injected from $@. | lib.js:38:27:38:35 | arguments | library input | -| lib.js:70:13:70:24 | obj[path[0]] | lib.js:59:18:59:18 | s | lib.js:70:13:70:24 | obj[path[0]] | This assignment may alter Object.prototype if a malicious '__proto__' string is injected from $@. | lib.js:59:18:59:18 | s | library input | | lib.js:87:10:87:14 | proto | lib.js:83:14:83:22 | arguments | lib.js:87:10:87:14 | proto | This assignment may alter Object.prototype if a malicious '__proto__' string is injected from $@. | lib.js:83:14:83:22 | arguments | library input | | lib.js:108:3:108:10 | obj[one] | lib.js:104:13:104:21 | arguments | lib.js:108:3:108:10 | obj[one] | This assignment may alter Object.prototype if a malicious '__proto__' string is injected from $@. | lib.js:104:13:104:21 | arguments | library input | | lib.js:119:13:119:24 | obj[path[0]] | lib.js:118:29:118:32 | path | lib.js:119:13:119:24 | obj[path[0]] | This assignment may alter Object.prototype if a malicious '__proto__' string is injected from $@. | lib.js:118:29:118:32 | path | library input | diff --git a/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingFunction/PrototypePollutingFunction.expected b/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingFunction/PrototypePollutingFunction.expected index 28a0fc8bd832..1c21a6995335 100644 --- a/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingFunction/PrototypePollutingFunction.expected +++ b/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingFunction/PrototypePollutingFunction.expected @@ -1,3523 +1,1346 @@ nodes -| examples/PrototypePollutingFunction.js:1:16:1:18 | dst | -| examples/PrototypePollutingFunction.js:1:16:1:18 | dst | -| examples/PrototypePollutingFunction.js:1:21:1:23 | src | -| examples/PrototypePollutingFunction.js:1:21:1:23 | src | -| examples/PrototypePollutingFunction.js:2:14:2:16 | key | -| examples/PrototypePollutingFunction.js:2:14:2:16 | key | -| examples/PrototypePollutingFunction.js:2:14:2:16 | key | -| examples/PrototypePollutingFunction.js:5:19:5:21 | dst | -| examples/PrototypePollutingFunction.js:5:19:5:21 | dst | -| examples/PrototypePollutingFunction.js:5:19:5:26 | dst[key] | -| examples/PrototypePollutingFunction.js:5:19:5:26 | dst[key] | -| examples/PrototypePollutingFunction.js:5:19:5:26 | dst[key] | -| examples/PrototypePollutingFunction.js:5:19:5:26 | dst[key] | -| examples/PrototypePollutingFunction.js:5:23:5:25 | key | -| examples/PrototypePollutingFunction.js:5:23:5:25 | key | -| examples/PrototypePollutingFunction.js:5:29:5:31 | src | -| examples/PrototypePollutingFunction.js:5:29:5:31 | src | -| examples/PrototypePollutingFunction.js:5:29:5:36 | src[key] | -| examples/PrototypePollutingFunction.js:5:29:5:36 | src[key] | -| examples/PrototypePollutingFunction.js:5:29:5:36 | src[key] | -| examples/PrototypePollutingFunction.js:5:29:5:36 | src[key] | -| examples/PrototypePollutingFunction.js:5:29:5:36 | src[key] | -| examples/PrototypePollutingFunction.js:5:33:5:35 | key | -| examples/PrototypePollutingFunction.js:5:33:5:35 | key | -| examples/PrototypePollutingFunction.js:7:13:7:15 | dst | -| examples/PrototypePollutingFunction.js:7:13:7:15 | dst | -| examples/PrototypePollutingFunction.js:7:13:7:15 | dst | -| examples/PrototypePollutingFunction.js:7:17:7:19 | key | -| examples/PrototypePollutingFunction.js:7:17:7:19 | key | -| examples/PrototypePollutingFunction.js:7:17:7:19 | key | -| examples/PrototypePollutingFunction.js:7:24:7:26 | src | -| examples/PrototypePollutingFunction.js:7:24:7:26 | src | -| examples/PrototypePollutingFunction.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction.js:7:28:7:30 | key | -| examples/PrototypePollutingFunction.js:7:28:7:30 | key | -| examples/PrototypePollutingFunction_fixed2.js:1:21:1:23 | src | -| examples/PrototypePollutingFunction_fixed2.js:1:21:1:23 | src | -| examples/PrototypePollutingFunction_fixed2.js:6:29:6:31 | src | -| examples/PrototypePollutingFunction_fixed2.js:6:29:6:31 | src | -| examples/PrototypePollutingFunction_fixed2.js:6:29:6:36 | src[key] | -| examples/PrototypePollutingFunction_fixed2.js:6:29:6:36 | src[key] | -| examples/PrototypePollutingFunction_fixed2.js:6:29:6:36 | src[key] | -| examples/PrototypePollutingFunction_fixed2.js:6:29:6:36 | src[key] | -| examples/PrototypePollutingFunction_fixed2.js:6:29:6:36 | src[key] | -| examples/PrototypePollutingFunction_fixed2.js:8:24:8:26 | src | -| examples/PrototypePollutingFunction_fixed2.js:8:24:8:26 | src | -| examples/PrototypePollutingFunction_fixed2.js:8:24:8:31 | src[key] | -| examples/PrototypePollutingFunction_fixed2.js:8:24:8:31 | src[key] | -| examples/PrototypePollutingFunction_fixed2.js:8:24:8:31 | src[key] | -| examples/PrototypePollutingFunction_fixed2.js:8:24:8:31 | src[key] | -| examples/PrototypePollutingFunction_fixed2.js:8:24:8:31 | src[key] | -| examples/PrototypePollutingFunction_fixed2.js:8:24:8:31 | src[key] | -| examples/PrototypePollutingFunction_fixed.js:1:21:1:23 | src | -| examples/PrototypePollutingFunction_fixed.js:1:21:1:23 | src | -| examples/PrototypePollutingFunction_fixed.js:2:14:2:16 | key | -| examples/PrototypePollutingFunction_fixed.js:2:14:2:16 | key | -| examples/PrototypePollutingFunction_fixed.js:2:14:2:16 | key | -| examples/PrototypePollutingFunction_fixed.js:5:29:5:31 | src | -| examples/PrototypePollutingFunction_fixed.js:5:29:5:31 | src | -| examples/PrototypePollutingFunction_fixed.js:5:29:5:36 | src[key] | -| examples/PrototypePollutingFunction_fixed.js:5:29:5:36 | src[key] | -| examples/PrototypePollutingFunction_fixed.js:5:29:5:36 | src[key] | -| examples/PrototypePollutingFunction_fixed.js:5:29:5:36 | src[key] | -| examples/PrototypePollutingFunction_fixed.js:5:29:5:36 | src[key] | -| examples/PrototypePollutingFunction_fixed.js:7:17:7:19 | key | -| examples/PrototypePollutingFunction_fixed.js:7:17:7:19 | key | -| examples/PrototypePollutingFunction_fixed.js:7:17:7:19 | key | -| examples/PrototypePollutingFunction_fixed.js:7:24:7:26 | src | -| examples/PrototypePollutingFunction_fixed.js:7:24:7:26 | src | -| examples/PrototypePollutingFunction_fixed.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction_fixed.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction_fixed.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction_fixed.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction_fixed.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction_fixed.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction_fixed.js:7:28:7:30 | key | -| examples/PrototypePollutingFunction_fixed.js:7:28:7:30 | key | -| path-assignment.js:8:13:8:25 | key | -| path-assignment.js:8:13:8:25 | key | -| path-assignment.js:8:19:8:25 | keys[i] | -| path-assignment.js:8:19:8:25 | keys[i] | -| path-assignment.js:8:19:8:25 | keys[i] | -| path-assignment.js:13:13:13:32 | target | -| path-assignment.js:13:13:13:32 | target | -| path-assignment.js:13:22:13:27 | target | -| path-assignment.js:13:22:13:27 | target | -| path-assignment.js:13:22:13:32 | target[key] | -| path-assignment.js:13:22:13:32 | target[key] | -| path-assignment.js:13:29:13:31 | key | -| path-assignment.js:13:29:13:31 | key | -| path-assignment.js:15:13:15:18 | target | -| path-assignment.js:15:13:15:18 | target | -| path-assignment.js:15:13:15:18 | target | -| path-assignment.js:15:20:15:22 | key | -| path-assignment.js:15:20:15:22 | key | -| path-assignment.js:15:20:15:22 | key | -| path-assignment.js:41:13:41:25 | key | -| path-assignment.js:41:13:41:25 | key | -| path-assignment.js:41:19:41:25 | keys[i] | -| path-assignment.js:41:19:41:25 | keys[i] | -| path-assignment.js:41:19:41:25 | keys[i] | -| path-assignment.js:42:9:42:48 | target | -| path-assignment.js:42:9:42:48 | target | -| path-assignment.js:42:18:42:23 | target | -| path-assignment.js:42:18:42:23 | target | -| path-assignment.js:42:18:42:23 | target | -| path-assignment.js:42:18:42:48 | target[ ... ] \|\| {} | -| path-assignment.js:42:18:42:48 | target[ ... ] \|\| {} | -| path-assignment.js:42:25:42:27 | key | -| path-assignment.js:42:25:42:27 | key | -| path-assignment.js:42:25:42:27 | key | -| path-assignment.js:42:32:42:37 | target | -| path-assignment.js:42:32:42:37 | target | -| path-assignment.js:42:32:42:42 | target[key] | -| path-assignment.js:42:32:42:42 | target[key] | -| path-assignment.js:42:32:42:48 | target[key] \|\| {} | -| path-assignment.js:42:32:42:48 | target[key] \|\| {} | -| path-assignment.js:42:32:42:48 | target[key] \|\| {} | -| path-assignment.js:42:39:42:41 | key | -| path-assignment.js:42:39:42:41 | key | -| path-assignment.js:44:5:44:10 | target | -| path-assignment.js:44:5:44:10 | target | -| path-assignment.js:44:5:44:10 | target | -| path-assignment.js:44:12:44:18 | keys[i] | -| path-assignment.js:44:12:44:18 | keys[i] | -| path-assignment.js:44:12:44:18 | keys[i] | -| path-assignment.js:44:12:44:18 | keys[i] | -| path-assignment.js:58:13:58:25 | key | -| path-assignment.js:58:13:58:25 | key | -| path-assignment.js:58:19:58:25 | keys[i] | -| path-assignment.js:58:19:58:25 | keys[i] | -| path-assignment.js:58:19:58:25 | keys[i] | -| path-assignment.js:59:9:59:48 | target | -| path-assignment.js:59:9:59:48 | target | -| path-assignment.js:59:18:59:23 | target | -| path-assignment.js:59:18:59:23 | target | -| path-assignment.js:59:18:59:23 | target | -| path-assignment.js:59:18:59:48 | target[ ... ] \|\| {} | -| path-assignment.js:59:18:59:48 | target[ ... ] \|\| {} | -| path-assignment.js:59:25:59:27 | key | -| path-assignment.js:59:25:59:27 | key | -| path-assignment.js:59:25:59:27 | key | -| path-assignment.js:59:32:59:37 | target | -| path-assignment.js:59:32:59:37 | target | -| path-assignment.js:59:32:59:42 | target[key] | -| path-assignment.js:59:32:59:42 | target[key] | -| path-assignment.js:59:32:59:48 | target[key] \|\| {} | -| path-assignment.js:59:32:59:48 | target[key] \|\| {} | -| path-assignment.js:59:32:59:48 | target[key] \|\| {} | -| path-assignment.js:59:39:59:41 | key | -| path-assignment.js:59:39:59:41 | key | -| path-assignment.js:61:5:61:10 | target | -| path-assignment.js:61:5:61:10 | target | -| path-assignment.js:61:5:61:10 | target | -| path-assignment.js:61:12:61:18 | keys[i] | -| path-assignment.js:61:12:61:18 | keys[i] | -| path-assignment.js:61:12:61:18 | keys[i] | -| path-assignment.js:61:12:61:18 | keys[i] | -| path-assignment.js:68:13:68:25 | key | -| path-assignment.js:68:13:68:25 | key | -| path-assignment.js:68:19:68:25 | keys[i] | -| path-assignment.js:68:19:68:25 | keys[i] | -| path-assignment.js:68:19:68:25 | keys[i] | -| path-assignment.js:69:9:69:48 | target | -| path-assignment.js:69:9:69:48 | target | -| path-assignment.js:69:18:69:23 | target | -| path-assignment.js:69:18:69:23 | target | -| path-assignment.js:69:18:69:23 | target | -| path-assignment.js:69:18:69:48 | target[ ... ] \|\| {} | -| path-assignment.js:69:18:69:48 | target[ ... ] \|\| {} | -| path-assignment.js:69:25:69:27 | key | -| path-assignment.js:69:25:69:27 | key | -| path-assignment.js:69:25:69:27 | key | -| path-assignment.js:69:32:69:37 | target | -| path-assignment.js:69:32:69:37 | target | -| path-assignment.js:69:32:69:42 | target[key] | -| path-assignment.js:69:32:69:42 | target[key] | -| path-assignment.js:69:32:69:48 | target[key] \|\| {} | -| path-assignment.js:69:32:69:48 | target[key] \|\| {} | -| path-assignment.js:69:32:69:48 | target[key] \|\| {} | -| path-assignment.js:69:39:69:41 | key | -| path-assignment.js:69:39:69:41 | key | -| path-assignment.js:71:5:71:10 | target | -| path-assignment.js:71:5:71:10 | target | -| path-assignment.js:71:5:71:10 | target | -| path-assignment.js:71:12:71:18 | keys[i] | -| path-assignment.js:71:12:71:18 | keys[i] | -| path-assignment.js:71:12:71:18 | keys[i] | -| path-assignment.js:71:12:71:18 | keys[i] | -| tests.js:3:25:3:27 | dst | -| tests.js:3:25:3:27 | dst | -| tests.js:3:30:3:32 | src | -| tests.js:3:30:3:32 | src | -| tests.js:4:14:4:16 | key | -| tests.js:4:14:4:16 | key | -| tests.js:4:14:4:16 | key | -| tests.js:6:28:6:30 | dst | -| tests.js:6:28:6:30 | dst | -| tests.js:6:28:6:35 | dst[key] | -| tests.js:6:28:6:35 | dst[key] | -| tests.js:6:28:6:35 | dst[key] | -| tests.js:6:28:6:35 | dst[key] | -| tests.js:6:32:6:34 | key | -| tests.js:6:32:6:34 | key | -| tests.js:6:38:6:40 | src | -| tests.js:6:38:6:40 | src | -| tests.js:6:38:6:45 | src[key] | -| tests.js:6:38:6:45 | src[key] | -| tests.js:6:38:6:45 | src[key] | -| tests.js:6:38:6:45 | src[key] | -| tests.js:6:38:6:45 | src[key] | -| tests.js:6:42:6:44 | key | -| tests.js:6:42:6:44 | key | -| tests.js:8:13:8:15 | dst | -| tests.js:8:13:8:15 | dst | -| tests.js:8:13:8:15 | dst | -| tests.js:8:17:8:19 | key | -| tests.js:8:17:8:19 | key | -| tests.js:8:17:8:19 | key | -| tests.js:8:24:8:26 | src | -| tests.js:8:24:8:26 | src | -| tests.js:8:24:8:31 | src[key] | -| tests.js:8:24:8:31 | src[key] | -| tests.js:8:24:8:31 | src[key] | -| tests.js:8:24:8:31 | src[key] | -| tests.js:8:24:8:31 | src[key] | -| tests.js:8:24:8:31 | src[key] | -| tests.js:8:28:8:30 | key | -| tests.js:8:28:8:30 | key | -| tests.js:13:24:13:26 | dst | -| tests.js:13:24:13:26 | dst | -| tests.js:13:29:13:31 | src | -| tests.js:13:29:13:31 | src | -| tests.js:14:30:14:32 | key | -| tests.js:14:30:14:32 | key | -| tests.js:14:30:14:32 | key | -| tests.js:16:27:16:29 | dst | -| tests.js:16:27:16:29 | dst | -| tests.js:16:27:16:34 | dst[key] | -| tests.js:16:27:16:34 | dst[key] | -| tests.js:16:27:16:34 | dst[key] | -| tests.js:16:27:16:34 | dst[key] | -| tests.js:16:31:16:33 | key | -| tests.js:16:31:16:33 | key | -| tests.js:16:37:16:39 | src | -| tests.js:16:37:16:39 | src | -| tests.js:16:37:16:44 | src[key] | -| tests.js:16:37:16:44 | src[key] | -| tests.js:16:37:16:44 | src[key] | -| tests.js:16:37:16:44 | src[key] | -| tests.js:16:37:16:44 | src[key] | -| tests.js:16:41:16:43 | key | -| tests.js:16:41:16:43 | key | -| tests.js:18:13:18:15 | dst | -| tests.js:18:13:18:15 | dst | -| tests.js:18:13:18:15 | dst | -| tests.js:18:17:18:19 | key | -| tests.js:18:17:18:19 | key | -| tests.js:18:17:18:19 | key | -| tests.js:18:24:18:26 | src | -| tests.js:18:24:18:26 | src | -| tests.js:18:24:18:31 | src[key] | -| tests.js:18:24:18:31 | src[key] | -| tests.js:18:24:18:31 | src[key] | -| tests.js:18:24:18:31 | src[key] | -| tests.js:18:24:18:31 | src[key] | -| tests.js:18:24:18:31 | src[key] | -| tests.js:18:28:18:30 | key | -| tests.js:18:28:18:30 | key | -| tests.js:23:19:23:21 | dst | -| tests.js:23:19:23:21 | dst | -| tests.js:25:18:25:20 | key | -| tests.js:25:18:25:20 | key | -| tests.js:25:18:25:20 | key | -| tests.js:26:25:26:27 | dst | -| tests.js:26:25:26:27 | dst | -| tests.js:26:30:26:40 | source[key] | -| tests.js:26:30:26:40 | source[key] | -| tests.js:26:30:26:40 | source[key] | -| tests.js:26:37:26:39 | key | -| tests.js:26:37:26:39 | key | -| tests.js:26:43:26:45 | key | -| tests.js:26:43:26:45 | key | -| tests.js:31:22:31:24 | dst | -| tests.js:31:22:31:24 | dst | -| tests.js:31:27:31:31 | value | -| tests.js:31:27:31:31 | value | -| tests.js:31:34:31:36 | key | -| tests.js:31:34:31:36 | key | -| tests.js:32:9:32:27 | dstValue | -| tests.js:32:9:32:27 | dstValue | -| tests.js:32:20:32:22 | dst | -| tests.js:32:20:32:22 | dst | -| tests.js:32:20:32:27 | dst[key] | -| tests.js:32:20:32:27 | dst[key] | -| tests.js:32:24:32:26 | key | -| tests.js:32:24:32:26 | key | -| tests.js:34:18:34:25 | dstValue | -| tests.js:34:18:34:25 | dstValue | -| tests.js:36:9:36:11 | dst | -| tests.js:36:9:36:11 | dst | -| tests.js:36:9:36:11 | dst | -| tests.js:36:13:36:15 | key | -| tests.js:36:13:36:15 | key | -| tests.js:36:13:36:15 | key | -| tests.js:36:20:36:24 | value | -| tests.js:36:20:36:24 | value | -| tests.js:36:20:36:24 | value | -| tests.js:40:27:40:29 | dst | -| tests.js:40:32:40:34 | src | -| tests.js:40:32:40:34 | src | -| tests.js:41:14:41:16 | key | -| tests.js:41:14:41:16 | key | -| tests.js:44:30:44:32 | dst | -| tests.js:44:30:44:37 | dst[key] | -| tests.js:44:30:44:37 | dst[key] | -| tests.js:44:34:44:36 | key | -| tests.js:44:40:44:42 | src | -| tests.js:44:40:44:42 | src | -| tests.js:44:40:44:47 | src[key] | -| tests.js:44:40:44:47 | src[key] | -| tests.js:44:40:44:47 | src[key] | -| tests.js:44:40:44:47 | src[key] | -| tests.js:44:40:44:47 | src[key] | -| tests.js:44:44:44:46 | key | -| tests.js:46:13:46:15 | dst | -| tests.js:46:13:46:15 | dst | -| tests.js:46:17:46:19 | key | -| tests.js:46:17:46:19 | key | -| tests.js:46:24:46:26 | src | -| tests.js:46:24:46:26 | src | -| tests.js:46:24:46:31 | src[key] | -| tests.js:46:24:46:31 | src[key] | -| tests.js:46:24:46:31 | src[key] | -| tests.js:46:24:46:31 | src[key] | -| tests.js:46:24:46:31 | src[key] | -| tests.js:46:24:46:31 | src[key] | -| tests.js:46:28:46:30 | key | -| tests.js:51:26:51:28 | dst | -| tests.js:51:31:51:33 | src | -| tests.js:51:31:51:33 | src | -| tests.js:52:14:52:16 | key | -| tests.js:52:14:52:16 | key | -| tests.js:55:29:55:31 | dst | -| tests.js:55:29:55:36 | dst[key] | -| tests.js:55:29:55:36 | dst[key] | -| tests.js:55:33:55:35 | key | -| tests.js:55:39:55:41 | src | -| tests.js:55:39:55:41 | src | -| tests.js:55:39:55:46 | src[key] | -| tests.js:55:39:55:46 | src[key] | -| tests.js:55:39:55:46 | src[key] | -| tests.js:55:39:55:46 | src[key] | -| tests.js:55:39:55:46 | src[key] | -| tests.js:55:43:55:45 | key | -| tests.js:57:13:57:15 | dst | -| tests.js:57:13:57:15 | dst | -| tests.js:57:17:57:19 | key | -| tests.js:57:17:57:19 | key | -| tests.js:57:24:57:26 | src | -| tests.js:57:24:57:26 | src | -| tests.js:57:24:57:31 | src[key] | -| tests.js:57:24:57:31 | src[key] | -| tests.js:57:24:57:31 | src[key] | -| tests.js:57:24:57:31 | src[key] | -| tests.js:57:24:57:31 | src[key] | -| tests.js:57:24:57:31 | src[key] | -| tests.js:57:28:57:30 | key | -| tests.js:62:33:62:35 | src | -| tests.js:62:33:62:35 | src | -| tests.js:66:41:66:43 | src | -| tests.js:66:41:66:43 | src | -| tests.js:66:41:66:48 | src[key] | -| tests.js:66:41:66:48 | src[key] | -| tests.js:66:41:66:48 | src[key] | -| tests.js:66:41:66:48 | src[key] | -| tests.js:66:41:66:48 | src[key] | -| tests.js:68:24:68:26 | src | -| tests.js:68:24:68:26 | src | -| tests.js:68:24:68:31 | src[key] | -| tests.js:68:24:68:31 | src[key] | -| tests.js:68:24:68:31 | src[key] | -| tests.js:68:24:68:31 | src[key] | -| tests.js:68:24:68:31 | src[key] | -| tests.js:68:24:68:31 | src[key] | -| tests.js:77:27:77:29 | src | -| tests.js:77:27:77:29 | src | -| tests.js:81:39:81:41 | src | -| tests.js:81:39:81:41 | src | -| tests.js:81:39:81:46 | src[key] | -| tests.js:81:39:81:46 | src[key] | -| tests.js:81:39:81:46 | src[key] | -| tests.js:81:39:81:46 | src[key] | -| tests.js:81:39:81:46 | src[key] | -| tests.js:83:28:83:30 | src | -| tests.js:83:28:83:30 | src | -| tests.js:83:28:83:35 | src[key] | -| tests.js:83:28:83:35 | src[key] | -| tests.js:83:28:83:35 | src[key] | -| tests.js:83:28:83:35 | src[key] | -| tests.js:83:28:83:35 | src[key] | -| tests.js:83:28:83:35 | src[key] | -| tests.js:89:34:89:36 | src | -| tests.js:89:34:89:36 | src | -| tests.js:90:14:90:16 | key | -| tests.js:90:14:90:16 | key | -| tests.js:90:14:90:16 | key | -| tests.js:94:42:94:44 | src | -| tests.js:94:42:94:44 | src | -| tests.js:94:42:94:49 | src[key] | -| tests.js:94:42:94:49 | src[key] | -| tests.js:94:42:94:49 | src[key] | -| tests.js:94:42:94:49 | src[key] | -| tests.js:94:42:94:49 | src[key] | -| tests.js:96:17:96:19 | key | -| tests.js:96:17:96:19 | key | -| tests.js:96:17:96:19 | key | -| tests.js:96:24:96:26 | src | -| tests.js:96:24:96:26 | src | -| tests.js:96:24:96:31 | src[key] | -| tests.js:96:24:96:31 | src[key] | -| tests.js:96:24:96:31 | src[key] | -| tests.js:96:24:96:31 | src[key] | -| tests.js:96:24:96:31 | src[key] | -| tests.js:96:24:96:31 | src[key] | -| tests.js:96:28:96:30 | key | -| tests.js:96:28:96:30 | key | -| tests.js:101:32:101:34 | dst | -| tests.js:101:32:101:34 | dst | -| tests.js:101:37:101:39 | src | -| tests.js:101:37:101:39 | src | -| tests.js:102:14:102:16 | key | -| tests.js:102:14:102:16 | key | -| tests.js:102:14:102:16 | key | -| tests.js:107:35:107:37 | dst | -| tests.js:107:35:107:37 | dst | -| tests.js:107:35:107:42 | dst[key] | -| tests.js:107:35:107:42 | dst[key] | -| tests.js:107:35:107:42 | dst[key] | -| tests.js:107:35:107:42 | dst[key] | -| tests.js:107:39:107:41 | key | -| tests.js:107:39:107:41 | key | -| tests.js:107:45:107:47 | src | -| tests.js:107:45:107:47 | src | -| tests.js:107:45:107:52 | src[key] | -| tests.js:107:45:107:52 | src[key] | -| tests.js:107:45:107:52 | src[key] | -| tests.js:107:45:107:52 | src[key] | -| tests.js:107:45:107:52 | src[key] | -| tests.js:107:49:107:51 | key | -| tests.js:107:49:107:51 | key | -| tests.js:109:13:109:15 | dst | -| tests.js:109:13:109:15 | dst | -| tests.js:109:13:109:15 | dst | -| tests.js:109:17:109:19 | key | -| tests.js:109:17:109:19 | key | -| tests.js:109:17:109:19 | key | -| tests.js:109:24:109:26 | src | -| tests.js:109:24:109:26 | src | -| tests.js:109:24:109:31 | src[key] | -| tests.js:109:24:109:31 | src[key] | -| tests.js:109:24:109:31 | src[key] | -| tests.js:109:24:109:31 | src[key] | -| tests.js:109:24:109:31 | src[key] | -| tests.js:109:24:109:31 | src[key] | -| tests.js:109:28:109:30 | key | -| tests.js:109:28:109:30 | key | -| tests.js:116:41:116:43 | src | -| tests.js:116:41:116:43 | src | -| tests.js:117:14:117:16 | key | -| tests.js:117:14:117:16 | key | -| tests.js:117:14:117:16 | key | -| tests.js:119:49:119:51 | src | -| tests.js:119:49:119:51 | src | -| tests.js:119:49:119:56 | src[key] | -| tests.js:119:49:119:56 | src[key] | -| tests.js:119:49:119:56 | src[key] | -| tests.js:119:49:119:56 | src[key] | -| tests.js:119:49:119:56 | src[key] | -| tests.js:121:17:121:19 | key | -| tests.js:121:17:121:19 | key | -| tests.js:121:17:121:19 | key | -| tests.js:121:24:121:26 | src | -| tests.js:121:24:121:26 | src | -| tests.js:121:24:121:31 | src[key] | -| tests.js:121:24:121:31 | src[key] | -| tests.js:121:24:121:31 | src[key] | -| tests.js:121:24:121:31 | src[key] | -| tests.js:121:24:121:31 | src[key] | -| tests.js:121:24:121:31 | src[key] | -| tests.js:121:28:121:30 | key | -| tests.js:121:28:121:30 | key | -| tests.js:149:31:149:33 | dst | -| tests.js:149:31:149:33 | dst | -| tests.js:149:31:149:33 | dst | -| tests.js:149:31:149:33 | dst | -| tests.js:149:36:149:38 | src | -| tests.js:149:36:149:38 | src | -| tests.js:149:36:149:38 | src | -| tests.js:149:36:149:38 | src | -| tests.js:150:14:150:16 | key | -| tests.js:150:14:150:16 | key | -| tests.js:150:14:150:16 | key | -| tests.js:152:22:152:24 | dst | -| tests.js:152:22:152:24 | dst | -| tests.js:152:22:152:24 | dst | -| tests.js:152:22:152:24 | dst | -| tests.js:152:27:152:29 | src | -| tests.js:152:27:152:29 | src | -| tests.js:152:27:152:29 | src | -| tests.js:152:27:152:29 | src | -| tests.js:152:32:152:34 | key | -| tests.js:152:32:152:34 | key | -| tests.js:154:13:154:15 | dst | -| tests.js:154:13:154:15 | dst | -| tests.js:154:13:154:15 | dst | -| tests.js:154:13:154:15 | dst | -| tests.js:154:13:154:15 | dst | -| tests.js:154:17:154:19 | key | -| tests.js:154:17:154:19 | key | -| tests.js:154:17:154:19 | key | -| tests.js:154:24:154:26 | src | -| tests.js:154:24:154:26 | src | -| tests.js:154:24:154:26 | src | -| tests.js:154:24:154:26 | src | -| tests.js:154:24:154:31 | src[key] | -| tests.js:154:24:154:31 | src[key] | -| tests.js:154:24:154:31 | src[key] | -| tests.js:154:24:154:31 | src[key] | -| tests.js:154:24:154:31 | src[key] | -| tests.js:154:24:154:31 | src[key] | -| tests.js:154:24:154:31 | src[key] | -| tests.js:154:24:154:31 | src[key] | -| tests.js:154:28:154:30 | key | -| tests.js:154:28:154:30 | key | -| tests.js:159:36:159:38 | dst | -| tests.js:159:36:159:38 | dst | -| tests.js:159:36:159:38 | dst | -| tests.js:159:36:159:38 | dst | -| tests.js:159:41:159:43 | src | -| tests.js:159:41:159:43 | src | -| tests.js:159:41:159:43 | src | -| tests.js:159:41:159:43 | src | -| tests.js:160:26:160:28 | dst | -| tests.js:160:26:160:28 | dst | -| tests.js:160:26:160:28 | dst | -| tests.js:160:26:160:28 | dst | -| tests.js:160:31:160:33 | src | -| tests.js:160:31:160:33 | src | -| tests.js:160:31:160:33 | src | -| tests.js:160:31:160:33 | src | -| tests.js:160:37:160:39 | dst | -| tests.js:160:37:160:39 | dst | -| tests.js:160:37:160:39 | dst | -| tests.js:160:37:160:39 | dst | -| tests.js:160:42:160:44 | src | -| tests.js:160:42:160:44 | src | -| tests.js:160:42:160:44 | src | -| tests.js:160:42:160:44 | src | -| tests.js:160:47:160:49 | key | -| tests.js:160:47:160:49 | key | -| tests.js:160:47:160:49 | key | -| tests.js:160:47:160:49 | key | -| tests.js:161:35:161:37 | dst | -| tests.js:161:35:161:37 | dst | -| tests.js:161:35:161:37 | dst | -| tests.js:161:35:161:37 | dst | -| tests.js:161:35:161:42 | dst[key] | -| tests.js:161:35:161:42 | dst[key] | -| tests.js:161:35:161:42 | dst[key] | -| tests.js:161:35:161:42 | dst[key] | -| tests.js:161:39:161:41 | key | -| tests.js:161:39:161:41 | key | -| tests.js:161:39:161:41 | key | -| tests.js:161:39:161:41 | key | -| tests.js:161:45:161:47 | src | -| tests.js:161:45:161:47 | src | -| tests.js:161:45:161:47 | src | -| tests.js:161:45:161:47 | src | -| tests.js:161:45:161:52 | src[key] | -| tests.js:161:45:161:52 | src[key] | -| tests.js:161:45:161:52 | src[key] | -| tests.js:161:45:161:52 | src[key] | -| tests.js:161:49:161:51 | key | -| tests.js:161:49:161:51 | key | -| tests.js:161:49:161:51 | key | -| tests.js:161:49:161:51 | key | -| tests.js:165:37:165:39 | src | -| tests.js:165:37:165:39 | src | -| tests.js:166:14:166:16 | key | -| tests.js:166:14:166:16 | key | -| tests.js:166:14:166:16 | key | -| tests.js:169:45:169:47 | src | -| tests.js:169:45:169:47 | src | -| tests.js:169:45:169:52 | src[key] | -| tests.js:169:45:169:52 | src[key] | -| tests.js:169:45:169:52 | src[key] | -| tests.js:169:45:169:52 | src[key] | -| tests.js:169:45:169:52 | src[key] | -| tests.js:169:49:169:51 | key | -| tests.js:169:49:169:51 | key | -| tests.js:171:17:171:19 | key | -| tests.js:171:17:171:19 | key | -| tests.js:171:17:171:19 | key | -| tests.js:171:24:171:26 | src | -| tests.js:171:24:171:26 | src | -| tests.js:171:24:171:31 | src[key] | -| tests.js:171:24:171:31 | src[key] | -| tests.js:171:24:171:31 | src[key] | -| tests.js:171:24:171:31 | src[key] | -| tests.js:171:24:171:31 | src[key] | -| tests.js:171:24:171:31 | src[key] | -| tests.js:171:28:171:30 | key | -| tests.js:171:28:171:30 | key | -| tests.js:178:33:178:35 | src | -| tests.js:178:33:178:35 | src | -| tests.js:182:41:182:43 | src | -| tests.js:182:41:182:43 | src | -| tests.js:182:41:182:48 | src[key] | -| tests.js:182:41:182:48 | src[key] | -| tests.js:182:41:182:48 | src[key] | -| tests.js:182:41:182:48 | src[key] | -| tests.js:182:41:182:48 | src[key] | -| tests.js:184:24:184:26 | src | -| tests.js:184:24:184:26 | src | -| tests.js:184:24:184:31 | src[key] | -| tests.js:184:24:184:31 | src[key] | -| tests.js:184:24:184:31 | src[key] | -| tests.js:184:24:184:31 | src[key] | -| tests.js:184:24:184:31 | src[key] | -| tests.js:184:24:184:31 | src[key] | -| tests.js:189:32:189:34 | dst | -| tests.js:189:32:189:34 | dst | -| tests.js:189:37:189:39 | src | -| tests.js:189:37:189:39 | src | -| tests.js:192:13:192:25 | key | -| tests.js:192:13:192:25 | key | -| tests.js:192:19:192:25 | keys[i] | -| tests.js:192:19:192:25 | keys[i] | -| tests.js:192:19:192:25 | keys[i] | -| tests.js:194:35:194:37 | dst | -| tests.js:194:35:194:37 | dst | -| tests.js:194:35:194:42 | dst[key] | -| tests.js:194:35:194:42 | dst[key] | -| tests.js:194:35:194:42 | dst[key] | -| tests.js:194:35:194:42 | dst[key] | -| tests.js:194:39:194:41 | key | -| tests.js:194:39:194:41 | key | -| tests.js:194:45:194:47 | src | -| tests.js:194:45:194:47 | src | -| tests.js:194:45:194:52 | src[key] | -| tests.js:194:45:194:52 | src[key] | -| tests.js:194:45:194:52 | src[key] | -| tests.js:194:45:194:52 | src[key] | -| tests.js:194:45:194:52 | src[key] | -| tests.js:194:49:194:51 | key | -| tests.js:194:49:194:51 | key | -| tests.js:196:13:196:15 | dst | -| tests.js:196:13:196:15 | dst | -| tests.js:196:13:196:15 | dst | -| tests.js:196:17:196:19 | key | -| tests.js:196:17:196:19 | key | -| tests.js:196:17:196:19 | key | -| tests.js:196:24:196:26 | src | -| tests.js:196:24:196:26 | src | -| tests.js:196:24:196:31 | src[key] | -| tests.js:196:24:196:31 | src[key] | -| tests.js:196:24:196:31 | src[key] | -| tests.js:196:24:196:31 | src[key] | -| tests.js:196:24:196:31 | src[key] | -| tests.js:196:24:196:31 | src[key] | -| tests.js:196:28:196:30 | key | -| tests.js:196:28:196:30 | key | -| tests.js:201:39:201:41 | dst | -| tests.js:201:39:201:41 | dst | -| tests.js:201:44:201:46 | src | -| tests.js:201:44:201:46 | src | -| tests.js:206:42:206:44 | dst | -| tests.js:206:42:206:44 | dst | -| tests.js:206:42:206:53 | dst[keys[i]] | -| tests.js:206:42:206:53 | dst[keys[i]] | -| tests.js:206:42:206:53 | dst[keys[i]] | -| tests.js:206:42:206:53 | dst[keys[i]] | -| tests.js:206:46:206:52 | keys[i] | -| tests.js:206:46:206:52 | keys[i] | -| tests.js:206:46:206:52 | keys[i] | -| tests.js:206:56:206:58 | src | -| tests.js:206:56:206:58 | src | -| tests.js:206:56:206:67 | src[keys[i]] | -| tests.js:206:56:206:67 | src[keys[i]] | -| tests.js:206:56:206:67 | src[keys[i]] | -| tests.js:206:56:206:67 | src[keys[i]] | -| tests.js:206:56:206:67 | src[keys[i]] | -| tests.js:206:60:206:66 | keys[i] | -| tests.js:206:60:206:66 | keys[i] | -| tests.js:206:60:206:66 | keys[i] | -| tests.js:208:13:208:15 | dst | -| tests.js:208:13:208:15 | dst | -| tests.js:208:13:208:15 | dst | -| tests.js:208:17:208:23 | keys[i] | -| tests.js:208:17:208:23 | keys[i] | -| tests.js:208:17:208:23 | keys[i] | -| tests.js:208:17:208:23 | keys[i] | -| tests.js:208:28:208:30 | src | -| tests.js:208:28:208:30 | src | -| tests.js:208:28:208:39 | src[keys[i]] | -| tests.js:208:28:208:39 | src[keys[i]] | -| tests.js:208:28:208:39 | src[keys[i]] | -| tests.js:208:28:208:39 | src[keys[i]] | -| tests.js:208:28:208:39 | src[keys[i]] | -| tests.js:208:28:208:39 | src[keys[i]] | -| tests.js:208:32:208:38 | keys[i] | -| tests.js:208:32:208:38 | keys[i] | -| tests.js:208:32:208:38 | keys[i] | -| tests.js:213:23:213:26 | key1 | -| tests.js:213:23:213:26 | key1 | -| tests.js:213:29:213:32 | key2 | -| tests.js:213:29:213:32 | key2 | -| tests.js:213:35:213:39 | value | -| tests.js:213:35:213:39 | value | -| tests.js:217:5:217:13 | map[key1] | -| tests.js:217:5:217:13 | map[key1] | -| tests.js:217:5:217:13 | map[key1] | -| tests.js:217:9:217:12 | key1 | -| tests.js:217:9:217:12 | key1 | -| tests.js:217:15:217:18 | key2 | -| tests.js:217:15:217:18 | key2 | -| tests.js:217:15:217:18 | key2 | -| tests.js:217:23:217:27 | value | -| tests.js:217:23:217:27 | value | -| tests.js:217:23:217:27 | value | -| tests.js:223:14:223:16 | key | -| tests.js:223:14:223:16 | key | -| tests.js:223:14:223:16 | key | -| tests.js:224:23:224:25 | key | -| tests.js:224:23:224:25 | key | -| tests.js:224:33:224:41 | data[key] | -| tests.js:224:33:224:41 | data[key] | -| tests.js:224:33:224:41 | data[key] | -| tests.js:224:38:224:40 | key | -| tests.js:224:38:224:40 | key | -| tests.js:225:28:225:30 | key | -| tests.js:225:28:225:30 | key | -| tests.js:225:33:225:41 | data[key] | -| tests.js:225:33:225:41 | data[key] | -| tests.js:225:33:225:41 | data[key] | -| tests.js:225:38:225:40 | key | -| tests.js:225:38:225:40 | key | -| tests.js:229:26:229:29 | key1 | -| tests.js:229:26:229:29 | key1 | -| tests.js:229:32:229:35 | key2 | -| tests.js:229:32:229:35 | key2 | -| tests.js:229:38:229:42 | value | -| tests.js:229:38:229:42 | value | -| tests.js:233:5:233:13 | map[key1] | -| tests.js:233:5:233:13 | map[key1] | -| tests.js:233:5:233:13 | map[key1] | -| tests.js:233:9:233:12 | key1 | -| tests.js:233:9:233:12 | key1 | -| tests.js:233:15:233:18 | key2 | -| tests.js:233:15:233:18 | key2 | -| tests.js:233:15:233:18 | key2 | -| tests.js:233:23:233:27 | value | -| tests.js:233:23:233:27 | value | -| tests.js:233:23:233:27 | value | -| tests.js:238:14:238:16 | key | -| tests.js:238:14:238:16 | key | -| tests.js:238:14:238:16 | key | -| tests.js:239:24:239:26 | key | -| tests.js:239:24:239:26 | key | -| tests.js:239:34:239:42 | data[key] | -| tests.js:239:34:239:42 | data[key] | -| tests.js:239:34:239:42 | data[key] | -| tests.js:239:39:239:41 | key | -| tests.js:239:39:239:41 | key | -| tests.js:240:31:240:33 | key | -| tests.js:240:31:240:33 | key | -| tests.js:240:36:240:44 | data[key] | -| tests.js:240:36:240:44 | data[key] | -| tests.js:240:36:240:44 | data[key] | -| tests.js:240:41:240:43 | key | -| tests.js:240:41:240:43 | key | -| tests.js:263:27:263:29 | dst | -| tests.js:263:27:263:29 | dst | -| tests.js:265:13:265:26 | key | -| tests.js:265:13:265:26 | key | -| tests.js:265:19:265:26 | entry[0] | -| tests.js:265:19:265:26 | entry[0] | -| tests.js:265:19:265:26 | entry[0] | -| tests.js:266:13:266:28 | value | -| tests.js:266:13:266:28 | value | -| tests.js:266:21:266:28 | entry[1] | -| tests.js:266:21:266:28 | entry[1] | -| tests.js:266:21:266:28 | entry[1] | -| tests.js:268:30:268:32 | dst | -| tests.js:268:30:268:32 | dst | -| tests.js:268:30:268:37 | dst[key] | -| tests.js:268:30:268:37 | dst[key] | -| tests.js:268:30:268:37 | dst[key] | -| tests.js:268:30:268:37 | dst[key] | -| tests.js:268:34:268:36 | key | -| tests.js:268:34:268:36 | key | -| tests.js:270:13:270:15 | dst | -| tests.js:270:13:270:15 | dst | -| tests.js:270:13:270:15 | dst | -| tests.js:270:17:270:19 | key | -| tests.js:270:17:270:19 | key | -| tests.js:270:17:270:19 | key | -| tests.js:270:24:270:28 | value | -| tests.js:270:24:270:28 | value | -| tests.js:270:24:270:28 | value | -| tests.js:275:27:275:29 | dst | -| tests.js:275:27:275:29 | dst | -| tests.js:275:32:275:34 | src | -| tests.js:275:32:275:34 | src | -| tests.js:276:34:276:36 | key | -| tests.js:276:34:276:36 | key | -| tests.js:276:34:276:36 | key | -| tests.js:278:30:278:32 | dst | -| tests.js:278:30:278:32 | dst | -| tests.js:278:30:278:37 | dst[key] | -| tests.js:278:30:278:37 | dst[key] | -| tests.js:278:30:278:37 | dst[key] | -| tests.js:278:30:278:37 | dst[key] | -| tests.js:278:34:278:36 | key | -| tests.js:278:34:278:36 | key | -| tests.js:278:40:278:42 | src | -| tests.js:278:40:278:42 | src | -| tests.js:278:40:278:47 | src[key] | -| tests.js:278:40:278:47 | src[key] | -| tests.js:278:40:278:47 | src[key] | -| tests.js:278:40:278:47 | src[key] | -| tests.js:278:40:278:47 | src[key] | -| tests.js:278:44:278:46 | key | -| tests.js:278:44:278:46 | key | -| tests.js:280:13:280:15 | dst | -| tests.js:280:13:280:15 | dst | -| tests.js:280:13:280:15 | dst | -| tests.js:280:17:280:19 | key | -| tests.js:280:17:280:19 | key | -| tests.js:280:17:280:19 | key | -| tests.js:280:24:280:26 | src | -| tests.js:280:24:280:26 | src | -| tests.js:280:24:280:31 | src[key] | -| tests.js:280:24:280:31 | src[key] | -| tests.js:280:24:280:31 | src[key] | -| tests.js:280:24:280:31 | src[key] | -| tests.js:280:24:280:31 | src[key] | -| tests.js:280:24:280:31 | src[key] | -| tests.js:280:28:280:30 | key | -| tests.js:280:28:280:30 | key | -| tests.js:301:27:301:29 | dst | -| tests.js:301:27:301:29 | dst | -| tests.js:301:32:301:34 | src | -| tests.js:302:14:302:16 | key | -| tests.js:302:14:302:16 | key | -| tests.js:302:14:302:16 | key | -| tests.js:304:17:304:32 | value | -| tests.js:304:17:304:32 | value | -| tests.js:304:17:304:32 | value | -| tests.js:304:25:304:27 | src | -| tests.js:304:25:304:32 | src[key] | -| tests.js:304:25:304:32 | src[key] | -| tests.js:304:25:304:32 | src[key] | -| tests.js:304:25:304:32 | src[key] | -| tests.js:304:29:304:31 | key | -| tests.js:304:29:304:31 | key | -| tests.js:306:34:306:36 | dst | -| tests.js:306:34:306:36 | dst | -| tests.js:306:34:306:41 | dst[key] | -| tests.js:306:34:306:41 | dst[key] | -| tests.js:306:34:306:41 | dst[key] | -| tests.js:306:34:306:41 | dst[key] | -| tests.js:306:38:306:40 | key | -| tests.js:306:38:306:40 | key | -| tests.js:306:44:306:48 | value | -| tests.js:306:44:306:48 | value | -| tests.js:308:17:308:19 | dst | -| tests.js:308:17:308:19 | dst | -| tests.js:308:17:308:19 | dst | -| tests.js:308:21:308:23 | key | -| tests.js:308:21:308:23 | key | -| tests.js:308:21:308:23 | key | -| tests.js:308:28:308:32 | value | -| tests.js:308:28:308:32 | value | -| tests.js:308:28:308:32 | value | -| tests.js:308:28:308:32 | value | -| tests.js:314:31:314:33 | dst | -| tests.js:314:31:314:33 | dst | -| tests.js:314:36:314:38 | src | -| tests.js:315:14:315:16 | key | -| tests.js:315:14:315:16 | key | -| tests.js:315:14:315:16 | key | -| tests.js:318:17:318:32 | value | -| tests.js:318:17:318:32 | value | -| tests.js:318:17:318:32 | value | -| tests.js:318:25:318:27 | src | -| tests.js:318:25:318:32 | src[key] | -| tests.js:318:25:318:32 | src[key] | -| tests.js:318:25:318:32 | src[key] | -| tests.js:318:25:318:32 | src[key] | -| tests.js:318:29:318:31 | key | -| tests.js:318:29:318:31 | key | -| tests.js:320:38:320:40 | dst | -| tests.js:320:38:320:40 | dst | -| tests.js:320:38:320:45 | dst[key] | -| tests.js:320:38:320:45 | dst[key] | -| tests.js:320:38:320:45 | dst[key] | -| tests.js:320:38:320:45 | dst[key] | -| tests.js:320:42:320:44 | key | -| tests.js:320:42:320:44 | key | -| tests.js:320:48:320:52 | value | -| tests.js:320:48:320:52 | value | -| tests.js:322:17:322:19 | dst | -| tests.js:322:17:322:19 | dst | -| tests.js:322:17:322:19 | dst | -| tests.js:322:21:322:23 | key | -| tests.js:322:21:322:23 | key | -| tests.js:322:21:322:23 | key | -| tests.js:322:28:322:32 | value | -| tests.js:322:28:322:32 | value | -| tests.js:322:28:322:32 | value | -| tests.js:322:28:322:32 | value | -| tests.js:328:30:328:32 | src | -| tests.js:328:30:328:32 | src | -| tests.js:336:42:336:44 | src | -| tests.js:336:42:336:44 | src | -| tests.js:336:42:336:49 | src[key] | -| tests.js:336:42:336:49 | src[key] | -| tests.js:336:42:336:49 | src[key] | -| tests.js:336:42:336:49 | src[key] | -| tests.js:336:42:336:49 | src[key] | -| tests.js:338:28:338:30 | src | -| tests.js:338:28:338:30 | src | -| tests.js:338:28:338:35 | src[key] | -| tests.js:338:28:338:35 | src[key] | -| tests.js:338:28:338:35 | src[key] | -| tests.js:338:28:338:35 | src[key] | -| tests.js:338:28:338:35 | src[key] | -| tests.js:338:28:338:35 | src[key] | -| tests.js:348:32:348:37 | target | -| tests.js:348:40:348:45 | source | -| tests.js:350:37:350:39 | key | -| tests.js:350:37:350:39 | key | -| tests.js:355:17:355:22 | target | -| tests.js:355:17:355:22 | target | -| tests.js:355:24:355:26 | key | -| tests.js:355:24:355:26 | key | -| tests.js:355:31:355:86 | mergePl ... ptions) | -| tests.js:355:31:355:86 | mergePl ... ptions) | -| tests.js:355:31:355:86 | mergePl ... ptions) | -| tests.js:355:53:355:58 | target | -| tests.js:355:53:355:63 | target[key] | -| tests.js:355:53:355:63 | target[key] | -| tests.js:355:60:355:62 | key | -| tests.js:355:66:355:71 | source | -| tests.js:355:66:355:76 | source[key] | -| tests.js:355:66:355:76 | source[key] | -| tests.js:355:66:355:76 | source[key] | -| tests.js:357:17:357:22 | target | -| tests.js:357:17:357:22 | target | -| tests.js:357:24:357:26 | key | -| tests.js:357:24:357:26 | key | -| tests.js:357:31:357:36 | source | -| tests.js:357:31:357:41 | source[key] | -| tests.js:357:31:357:41 | source[key] | -| tests.js:357:31:357:41 | source[key] | -| tests.js:357:31:357:41 | source[key] | -| tests.js:357:31:357:41 | source[key] | -| tests.js:357:38:357:40 | key | -| tests.js:364:49:364:54 | source | -| tests.js:366:18:366:20 | key | -| tests.js:366:18:366:20 | key | -| tests.js:371:24:371:26 | key | -| tests.js:371:24:371:26 | key | -| tests.js:371:31:371:95 | mergePl ... ptions) | -| tests.js:371:31:371:95 | mergePl ... ptions) | -| tests.js:371:62:371:72 | target[key] | -| tests.js:371:69:371:71 | key | -| tests.js:371:75:371:80 | source | -| tests.js:371:75:371:85 | source[key] | -| tests.js:371:75:371:85 | source[key] | -| tests.js:371:75:371:85 | source[key] | -| tests.js:373:24:373:26 | key | -| tests.js:373:24:373:26 | key | -| tests.js:373:31:373:36 | source | -| tests.js:373:31:373:41 | source[key] | -| tests.js:373:31:373:41 | source[key] | -| tests.js:373:31:373:41 | source[key] | -| tests.js:373:31:373:41 | source[key] | -| tests.js:373:31:373:41 | source[key] | -| tests.js:373:38:373:40 | key | -| tests.js:381:14:381:16 | key | -| tests.js:381:14:381:16 | key | -| tests.js:381:14:381:16 | key | -| tests.js:383:22:383:24 | key | -| tests.js:383:22:383:24 | key | -| tests.js:383:27:383:34 | obj[key] | -| tests.js:383:27:383:34 | obj[key] | -| tests.js:383:27:383:34 | obj[key] | -| tests.js:383:31:383:33 | key | -| tests.js:383:31:383:33 | key | -| tests.js:388:29:388:31 | dst | -| tests.js:388:29:388:31 | dst | -| tests.js:388:34:388:36 | src | -| tests.js:388:34:388:36 | src | -| tests.js:389:22:389:24 | key | -| tests.js:389:22:389:24 | key | -| tests.js:391:32:391:34 | dst | -| tests.js:391:32:391:34 | dst | -| tests.js:391:32:391:39 | dst[key] | -| tests.js:391:32:391:39 | dst[key] | -| tests.js:391:36:391:38 | key | -| tests.js:391:36:391:38 | key | -| tests.js:391:42:391:44 | src | -| tests.js:391:42:391:44 | src | -| tests.js:391:42:391:49 | src[key] | -| tests.js:391:42:391:49 | src[key] | -| tests.js:391:46:391:48 | key | -| tests.js:391:46:391:48 | key | -| tests.js:393:13:393:15 | dst | -| tests.js:393:13:393:15 | dst | -| tests.js:393:13:393:15 | dst | -| tests.js:393:17:393:19 | key | -| tests.js:393:17:393:19 | key | -| tests.js:393:17:393:19 | key | -| tests.js:393:24:393:26 | src | -| tests.js:393:24:393:26 | src | -| tests.js:393:24:393:31 | src[key] | -| tests.js:393:24:393:31 | src[key] | -| tests.js:393:24:393:31 | src[key] | -| tests.js:393:28:393:30 | key | -| tests.js:393:28:393:30 | key | -| tests.js:398:30:398:32 | dst | -| tests.js:398:30:398:32 | dst | -| tests.js:398:35:398:37 | src | -| tests.js:398:35:398:37 | src | -| tests.js:399:17:399:19 | src | -| tests.js:399:17:399:19 | src | -| tests.js:399:23:399:25 | key | -| tests.js:399:23:399:25 | key | -| tests.js:399:28:399:32 | value | -| tests.js:399:28:399:32 | value | -| tests.js:401:33:401:35 | dst | -| tests.js:401:33:401:35 | dst | -| tests.js:401:33:401:40 | dst[key] | -| tests.js:401:33:401:40 | dst[key] | -| tests.js:401:37:401:39 | key | -| tests.js:401:37:401:39 | key | -| tests.js:401:43:401:47 | value | -| tests.js:401:43:401:47 | value | -| tests.js:403:13:403:15 | dst | -| tests.js:403:13:403:15 | dst | -| tests.js:403:13:403:15 | dst | -| tests.js:403:17:403:19 | key | -| tests.js:403:17:403:19 | key | -| tests.js:403:17:403:19 | key | -| tests.js:403:24:403:28 | value | -| tests.js:403:24:403:28 | value | -| tests.js:403:24:403:28 | value | -| tests.js:412:31:412:33 | dst | -| tests.js:412:31:412:33 | dst | -| tests.js:412:36:412:38 | src | -| tests.js:412:36:412:38 | src | -| tests.js:413:14:413:16 | key | -| tests.js:413:14:413:16 | key | -| tests.js:413:14:413:16 | key | -| tests.js:414:13:414:41 | value | -| tests.js:414:13:414:41 | value | -| tests.js:414:13:414:41 | value | -| tests.js:414:13:414:41 | value | -| tests.js:414:21:414:41 | wrapped ... c, key) | -| tests.js:414:21:414:41 | wrapped ... c, key) | -| tests.js:414:21:414:41 | wrapped ... c, key) | -| tests.js:414:21:414:41 | wrapped ... c, key) | -| tests.js:414:21:414:41 | wrapped ... c, key) | -| tests.js:414:33:414:35 | src | -| tests.js:414:33:414:35 | src | -| tests.js:414:38:414:40 | key | -| tests.js:414:38:414:40 | key | -| tests.js:415:13:415:42 | target | -| tests.js:415:13:415:42 | target | -| tests.js:415:13:415:42 | target | -| tests.js:415:13:415:42 | target | -| tests.js:415:22:415:42 | wrapped ... t, key) | -| tests.js:415:22:415:42 | wrapped ... t, key) | -| tests.js:415:22:415:42 | wrapped ... t, key) | -| tests.js:415:22:415:42 | wrapped ... t, key) | -| tests.js:415:34:415:36 | dst | -| tests.js:415:34:415:36 | dst | -| tests.js:415:39:415:41 | key | -| tests.js:415:39:415:41 | key | -| tests.js:417:34:417:39 | target | -| tests.js:417:34:417:39 | target | -| tests.js:417:34:417:39 | target | -| tests.js:417:34:417:39 | target | -| tests.js:417:42:417:46 | value | -| tests.js:417:42:417:46 | value | -| tests.js:417:42:417:46 | value | -| tests.js:417:42:417:46 | value | -| tests.js:419:13:419:15 | dst | -| tests.js:419:13:419:15 | dst | -| tests.js:419:13:419:15 | dst | -| tests.js:419:17:419:19 | key | -| tests.js:419:17:419:19 | key | -| tests.js:419:17:419:19 | key | -| tests.js:419:24:419:28 | value | -| tests.js:419:24:419:28 | value | -| tests.js:419:24:419:28 | value | -| tests.js:419:24:419:28 | value | -| tests.js:419:24:419:28 | value | -| tests.js:429:34:429:36 | dst | -| tests.js:429:39:429:41 | src | -| tests.js:429:39:429:41 | src | -| tests.js:430:14:430:16 | key | -| tests.js:430:14:430:16 | key | -| tests.js:430:14:430:16 | key | -| tests.js:431:13:431:44 | value | -| tests.js:431:13:431:44 | value | -| tests.js:431:13:431:44 | value | -| tests.js:431:13:431:44 | value | -| tests.js:431:21:431:44 | almostS ... c, key) | -| tests.js:431:21:431:44 | almostS ... c, key) | -| tests.js:431:21:431:44 | almostS ... c, key) | -| tests.js:431:21:431:44 | almostS ... c, key) | -| tests.js:431:21:431:44 | almostS ... c, key) | -| tests.js:431:36:431:38 | src | -| tests.js:431:36:431:38 | src | -| tests.js:431:41:431:43 | key | -| tests.js:432:13:432:45 | target | -| tests.js:432:13:432:45 | target | -| tests.js:432:22:432:45 | almostS ... t, key) | -| tests.js:432:22:432:45 | almostS ... t, key) | -| tests.js:432:37:432:39 | dst | -| tests.js:432:42:432:44 | key | -| tests.js:434:37:434:42 | target | -| tests.js:434:37:434:42 | target | -| tests.js:434:45:434:49 | value | -| tests.js:434:45:434:49 | value | -| tests.js:434:45:434:49 | value | -| tests.js:434:45:434:49 | value | -| tests.js:436:13:436:15 | dst | -| tests.js:436:13:436:15 | dst | -| tests.js:436:17:436:19 | key | -| tests.js:436:17:436:19 | key | -| tests.js:436:17:436:19 | key | -| tests.js:436:24:436:28 | value | -| tests.js:436:24:436:28 | value | -| tests.js:436:24:436:28 | value | -| tests.js:436:24:436:28 | value | -| tests.js:436:24:436:28 | value | -| tests.js:446:33:446:35 | src | -| tests.js:446:33:446:35 | src | -| tests.js:447:14:447:16 | key | -| tests.js:447:14:447:16 | key | -| tests.js:447:14:447:16 | key | -| tests.js:448:13:448:38 | value | -| tests.js:448:13:448:38 | value | -| tests.js:448:13:448:38 | value | -| tests.js:448:13:448:38 | value | -| tests.js:448:21:448:38 | safeRead(src, key) | -| tests.js:448:21:448:38 | safeRead(src, key) | -| tests.js:448:21:448:38 | safeRead(src, key) | -| tests.js:448:21:448:38 | safeRead(src, key) | -| tests.js:448:21:448:38 | safeRead(src, key) | -| tests.js:448:30:448:32 | src | -| tests.js:448:30:448:32 | src | -| tests.js:451:39:451:43 | value | -| tests.js:451:39:451:43 | value | -| tests.js:451:39:451:43 | value | -| tests.js:451:39:451:43 | value | -| tests.js:453:17:453:19 | key | -| tests.js:453:17:453:19 | key | -| tests.js:453:17:453:19 | key | -| tests.js:453:24:453:28 | value | -| tests.js:453:24:453:28 | value | -| tests.js:453:24:453:28 | value | -| tests.js:453:24:453:28 | value | -| tests.js:453:24:453:28 | value | -| tests.js:458:26:458:28 | dst | -| tests.js:458:26:458:28 | dst | -| tests.js:458:31:458:33 | src | -| tests.js:458:31:458:33 | src | -| tests.js:460:18:460:22 | value | -| tests.js:460:18:460:22 | value | -| tests.js:460:18:460:22 | value | -| tests.js:460:25:460:27 | key | -| tests.js:460:25:460:27 | key | -| tests.js:460:25:460:27 | key | -| tests.js:462:29:462:31 | dst | -| tests.js:462:29:462:31 | dst | -| tests.js:462:29:462:36 | dst[key] | -| tests.js:462:29:462:36 | dst[key] | -| tests.js:462:29:462:36 | dst[key] | -| tests.js:462:29:462:36 | dst[key] | -| tests.js:462:33:462:35 | key | -| tests.js:462:33:462:35 | key | -| tests.js:462:39:462:41 | src | -| tests.js:462:39:462:41 | src | -| tests.js:462:39:462:46 | src[key] | -| tests.js:462:39:462:46 | src[key] | -| tests.js:462:39:462:46 | src[key] | -| tests.js:462:39:462:46 | src[key] | -| tests.js:462:39:462:46 | src[key] | -| tests.js:462:43:462:45 | key | -| tests.js:462:43:462:45 | key | -| tests.js:465:30:465:32 | dst | -| tests.js:465:30:465:32 | dst | -| tests.js:465:30:465:32 | dst | -| tests.js:465:34:465:36 | key | -| tests.js:465:34:465:36 | key | -| tests.js:465:34:465:36 | key | -| tests.js:465:41:465:43 | src | -| tests.js:465:41:465:43 | src | -| tests.js:465:41:465:48 | src[key] | -| tests.js:465:41:465:48 | src[key] | -| tests.js:465:41:465:48 | src[key] | -| tests.js:465:41:465:48 | src[key] | -| tests.js:465:41:465:48 | src[key] | -| tests.js:465:41:465:48 | src[key] | -| tests.js:465:45:465:47 | key | -| tests.js:465:45:465:47 | key | -| tests.js:466:30:466:32 | dst | -| tests.js:466:30:466:32 | dst | -| tests.js:466:30:466:32 | dst | -| tests.js:466:34:466:36 | key | -| tests.js:466:34:466:36 | key | -| tests.js:466:34:466:36 | key | -| tests.js:466:41:466:46 | o[key] | -| tests.js:466:41:466:46 | o[key] | -| tests.js:466:41:466:46 | o[key] | -| tests.js:466:41:466:46 | o[key] | -| tests.js:466:43:466:45 | key | -| tests.js:466:43:466:45 | key | -| tests.js:467:30:467:32 | dst | -| tests.js:467:30:467:32 | dst | -| tests.js:467:30:467:32 | dst | -| tests.js:467:34:467:36 | key | -| tests.js:467:34:467:36 | key | -| tests.js:467:34:467:36 | key | -| tests.js:467:41:467:45 | value | -| tests.js:467:41:467:45 | value | -| tests.js:467:41:467:45 | value | -| tests.js:472:38:472:40 | dst | -| tests.js:472:38:472:40 | dst | -| tests.js:473:18:473:22 | value | -| tests.js:473:18:473:22 | value | -| tests.js:473:18:473:22 | value | -| tests.js:473:25:473:27 | key | -| tests.js:473:25:473:27 | key | -| tests.js:473:25:473:27 | key | -| tests.js:475:41:475:43 | dst | -| tests.js:475:41:475:43 | dst | -| tests.js:475:41:475:48 | dst[key] | -| tests.js:475:41:475:48 | dst[key] | -| tests.js:475:41:475:48 | dst[key] | -| tests.js:475:41:475:48 | dst[key] | -| tests.js:475:45:475:47 | key | -| tests.js:475:45:475:47 | key | -| tests.js:477:13:477:15 | dst | -| tests.js:477:13:477:15 | dst | -| tests.js:477:13:477:15 | dst | -| tests.js:477:17:477:19 | key | -| tests.js:477:17:477:19 | key | -| tests.js:477:17:477:19 | key | -| tests.js:477:24:477:28 | value | -| tests.js:477:24:477:28 | value | -| tests.js:477:24:477:28 | value | -| tests.js:483:26:483:28 | dst | -| tests.js:483:31:483:33 | src | -| tests.js:483:31:483:33 | src | -| tests.js:484:14:484:16 | key | -| tests.js:484:14:484:16 | key | -| tests.js:487:29:487:31 | dst | -| tests.js:487:29:487:36 | dst[key] | -| tests.js:487:29:487:36 | dst[key] | -| tests.js:487:33:487:35 | key | -| tests.js:487:39:487:41 | src | -| tests.js:487:39:487:46 | src[key] | -| tests.js:487:39:487:46 | src[key] | -| tests.js:487:39:487:46 | src[key] | -| tests.js:487:39:487:46 | src[key] | -| tests.js:487:43:487:45 | key | -| tests.js:489:13:489:15 | dst | -| tests.js:489:13:489:15 | dst | -| tests.js:489:17:489:19 | key | -| tests.js:489:17:489:19 | key | -| tests.js:489:24:489:26 | src | -| tests.js:489:24:489:26 | src | -| tests.js:489:24:489:31 | src[key] | -| tests.js:489:24:489:31 | src[key] | -| tests.js:489:24:489:31 | src[key] | -| tests.js:489:24:489:31 | src[key] | -| tests.js:489:24:489:31 | src[key] | -| tests.js:489:24:489:31 | src[key] | -| tests.js:489:28:489:30 | key | -| tests.js:494:32:494:34 | src | -| tests.js:495:14:495:16 | key | -| tests.js:495:14:495:16 | key | -| tests.js:498:13:498:28 | value | -| tests.js:498:13:498:28 | value | -| tests.js:498:13:498:28 | value | -| tests.js:498:21:498:23 | src | -| tests.js:498:21:498:28 | src[key] | -| tests.js:498:21:498:28 | src[key] | -| tests.js:498:21:498:28 | src[key] | -| tests.js:498:21:498:28 | src[key] | -| tests.js:498:25:498:27 | key | -| tests.js:500:38:500:42 | value | -| tests.js:500:38:500:42 | value | -| tests.js:502:17:502:19 | key | -| tests.js:502:17:502:19 | key | -| tests.js:502:24:502:28 | value | -| tests.js:502:24:502:28 | value | -| tests.js:502:24:502:28 | value | -| tests.js:502:24:502:28 | value | -| tests.js:508:30:508:32 | dst | -| tests.js:508:30:508:32 | dst | -| tests.js:508:35:508:37 | src | -| tests.js:508:35:508:37 | src | -| tests.js:511:13:511:25 | key | -| tests.js:511:13:511:25 | key | -| tests.js:511:19:511:25 | keys[i] | -| tests.js:511:19:511:25 | keys[i] | -| tests.js:511:19:511:25 | keys[i] | -| tests.js:513:33:513:35 | dst | -| tests.js:513:33:513:35 | dst | -| tests.js:513:33:513:40 | dst[key] | -| tests.js:513:33:513:40 | dst[key] | -| tests.js:513:33:513:40 | dst[key] | -| tests.js:513:33:513:40 | dst[key] | -| tests.js:513:37:513:39 | key | -| tests.js:513:37:513:39 | key | -| tests.js:513:43:513:45 | src | -| tests.js:513:43:513:45 | src | -| tests.js:513:43:513:50 | src[key] | -| tests.js:513:43:513:50 | src[key] | -| tests.js:513:43:513:50 | src[key] | -| tests.js:513:43:513:50 | src[key] | -| tests.js:513:43:513:50 | src[key] | -| tests.js:513:47:513:49 | key | -| tests.js:513:47:513:49 | key | -| tests.js:516:32:516:34 | src | -| tests.js:516:32:516:34 | src | -| tests.js:516:32:516:39 | src[key] | -| tests.js:516:32:516:39 | src[key] | -| tests.js:516:32:516:39 | src[key] | -| tests.js:516:32:516:39 | src[key] | -| tests.js:516:32:516:39 | src[key] | -| tests.js:516:32:516:39 | src[key] | -| tests.js:516:36:516:38 | key | -| tests.js:516:36:516:38 | key | -| tests.js:517:35:517:37 | dst | -| tests.js:517:35:517:37 | dst | -| tests.js:517:35:517:37 | dst | -| tests.js:517:40:517:42 | key | -| tests.js:517:40:517:42 | key | -| tests.js:517:40:517:42 | key | -| tests.js:523:11:523:23 | dst | -| tests.js:523:11:523:23 | dst | -| tests.js:523:17:523:23 | args[0] | -| tests.js:523:17:523:23 | args[0] | -| tests.js:524:11:524:23 | src | -| tests.js:524:11:524:23 | src | -| tests.js:524:17:524:23 | args[1] | -| tests.js:524:17:524:23 | args[1] | -| tests.js:525:14:525:16 | key | -| tests.js:525:14:525:16 | key | -| tests.js:525:14:525:16 | key | -| tests.js:527:35:527:37 | dst | -| tests.js:527:35:527:37 | dst | -| tests.js:527:35:527:42 | dst[key] | -| tests.js:527:35:527:42 | dst[key] | -| tests.js:527:35:527:42 | dst[key] | -| tests.js:527:35:527:42 | dst[key] | -| tests.js:527:39:527:41 | key | -| tests.js:527:39:527:41 | key | -| tests.js:527:45:527:47 | src | -| tests.js:527:45:527:47 | src | -| tests.js:527:45:527:52 | src[key] | -| tests.js:527:45:527:52 | src[key] | -| tests.js:527:45:527:52 | src[key] | -| tests.js:527:45:527:52 | src[key] | -| tests.js:527:45:527:52 | src[key] | -| tests.js:527:49:527:51 | key | -| tests.js:527:49:527:51 | key | -| tests.js:529:13:529:15 | dst | -| tests.js:529:13:529:15 | dst | -| tests.js:529:13:529:15 | dst | -| tests.js:529:17:529:19 | key | -| tests.js:529:17:529:19 | key | -| tests.js:529:17:529:19 | key | -| tests.js:529:24:529:26 | src | -| tests.js:529:24:529:26 | src | -| tests.js:529:24:529:31 | src[key] | -| tests.js:529:24:529:31 | src[key] | -| tests.js:529:24:529:31 | src[key] | -| tests.js:529:24:529:31 | src[key] | -| tests.js:529:24:529:31 | src[key] | -| tests.js:529:24:529:31 | src[key] | -| tests.js:529:28:529:30 | key | -| tests.js:529:28:529:30 | key | -| tests.js:534:31:534:33 | obj | -| tests.js:534:31:534:33 | obj | -| tests.js:534:31:534:33 | obj | -| tests.js:534:31:534:33 | obj | -| tests.js:538:18:538:24 | keys[i] | -| tests.js:538:18:538:24 | keys[i] | -| tests.js:538:18:538:24 | keys[i] | -| tests.js:538:27:538:29 | obj | -| tests.js:538:27:538:29 | obj | -| tests.js:538:27:538:29 | obj | -| tests.js:538:27:538:29 | obj | -| tests.js:538:27:538:38 | obj[keys[i]] | -| tests.js:538:27:538:38 | obj[keys[i]] | -| tests.js:538:27:538:38 | obj[keys[i]] | -| tests.js:538:27:538:38 | obj[keys[i]] | -| tests.js:538:27:538:38 | obj[keys[i]] | -| tests.js:538:27:538:38 | obj[keys[i]] | -| tests.js:538:27:538:38 | obj[keys[i]] | -| tests.js:538:31:538:37 | keys[i] | -| tests.js:538:31:538:37 | keys[i] | -| tests.js:538:31:538:37 | keys[i] | -| tests.js:542:30:542:32 | dst | -| tests.js:542:30:542:32 | dst | -| tests.js:542:30:542:32 | dst | -| tests.js:542:30:542:32 | dst | -| tests.js:542:35:542:37 | src | -| tests.js:542:35:542:37 | src | -| tests.js:542:35:542:37 | src | -| tests.js:542:35:542:37 | src | -| tests.js:543:26:543:28 | src | -| tests.js:543:26:543:28 | src | -| tests.js:543:26:543:28 | src | -| tests.js:543:26:543:28 | src | -| tests.js:543:32:543:34 | key | -| tests.js:543:32:543:34 | key | -| tests.js:543:32:543:34 | key | -| tests.js:543:32:543:34 | key | -| tests.js:543:37:543:41 | value | -| tests.js:543:37:543:41 | value | -| tests.js:543:37:543:41 | value | -| tests.js:543:37:543:41 | value | -| tests.js:545:33:545:35 | dst | -| tests.js:545:33:545:35 | dst | -| tests.js:545:33:545:35 | dst | -| tests.js:545:33:545:35 | dst | -| tests.js:545:33:545:40 | dst[key] | -| tests.js:545:33:545:40 | dst[key] | -| tests.js:545:33:545:40 | dst[key] | -| tests.js:545:33:545:40 | dst[key] | -| tests.js:545:37:545:39 | key | -| tests.js:545:37:545:39 | key | -| tests.js:545:37:545:39 | key | -| tests.js:545:37:545:39 | key | -| tests.js:545:43:545:47 | value | -| tests.js:545:43:545:47 | value | -| tests.js:545:43:545:47 | value | -| tests.js:545:43:545:47 | value | -| tests.js:547:13:547:15 | dst | -| tests.js:547:13:547:15 | dst | -| tests.js:547:13:547:15 | dst | -| tests.js:547:13:547:15 | dst | -| tests.js:547:13:547:15 | dst | -| tests.js:547:17:547:19 | key | -| tests.js:547:17:547:19 | key | -| tests.js:547:17:547:19 | key | -| tests.js:547:17:547:19 | key | -| tests.js:547:17:547:19 | key | -| tests.js:547:24:547:28 | value | -| tests.js:547:24:547:28 | value | -| tests.js:547:24:547:28 | value | -| tests.js:547:24:547:28 | value | -| tests.js:547:24:547:28 | value | -| tests.js:552:35:552:37 | src | -| tests.js:552:35:552:37 | src | -| tests.js:553:14:553:16 | key | -| tests.js:553:14:553:16 | key | -| tests.js:553:14:553:16 | key | -| tests.js:557:43:557:45 | src | -| tests.js:557:43:557:45 | src | -| tests.js:557:43:557:50 | src[key] | -| tests.js:557:43:557:50 | src[key] | -| tests.js:557:43:557:50 | src[key] | -| tests.js:557:43:557:50 | src[key] | -| tests.js:557:43:557:50 | src[key] | -| tests.js:559:17:559:19 | key | -| tests.js:559:17:559:19 | key | -| tests.js:559:17:559:19 | key | -| tests.js:559:24:559:26 | src | -| tests.js:559:24:559:26 | src | -| tests.js:559:24:559:31 | src[key] | -| tests.js:559:24:559:31 | src[key] | -| tests.js:559:24:559:31 | src[key] | -| tests.js:559:24:559:31 | src[key] | -| tests.js:559:24:559:31 | src[key] | -| tests.js:559:24:559:31 | src[key] | -| tests.js:559:28:559:30 | key | -| tests.js:559:28:559:30 | key | -| tests.js:564:35:564:37 | src | -| tests.js:564:35:564:37 | src | -| tests.js:565:14:565:16 | key | -| tests.js:565:14:565:16 | key | -| tests.js:565:14:565:16 | key | -| tests.js:569:43:569:45 | src | -| tests.js:569:43:569:45 | src | -| tests.js:569:43:569:50 | src[key] | -| tests.js:569:43:569:50 | src[key] | -| tests.js:569:43:569:50 | src[key] | -| tests.js:569:43:569:50 | src[key] | -| tests.js:569:43:569:50 | src[key] | -| tests.js:571:17:571:19 | key | -| tests.js:571:17:571:19 | key | -| tests.js:571:17:571:19 | key | -| tests.js:571:24:571:26 | src | -| tests.js:571:24:571:26 | src | -| tests.js:571:24:571:31 | src[key] | -| tests.js:571:24:571:31 | src[key] | -| tests.js:571:24:571:31 | src[key] | -| tests.js:571:24:571:31 | src[key] | -| tests.js:571:24:571:31 | src[key] | -| tests.js:571:24:571:31 | src[key] | -| tests.js:571:28:571:30 | key | -| tests.js:571:28:571:30 | key | -| tests.js:576:30:576:32 | src | -| tests.js:576:30:576:32 | src | -| tests.js:577:14:577:16 | key | -| tests.js:577:14:577:16 | key | -| tests.js:577:14:577:16 | key | -| tests.js:580:38:580:40 | src | -| tests.js:580:38:580:40 | src | -| tests.js:580:38:580:45 | src[key] | -| tests.js:580:38:580:45 | src[key] | -| tests.js:580:38:580:45 | src[key] | -| tests.js:580:38:580:45 | src[key] | -| tests.js:580:38:580:45 | src[key] | -| tests.js:582:17:582:19 | key | -| tests.js:582:17:582:19 | key | -| tests.js:582:17:582:19 | key | -| tests.js:582:24:582:26 | src | -| tests.js:582:24:582:26 | src | -| tests.js:582:24:582:31 | src[key] | -| tests.js:582:24:582:31 | src[key] | -| tests.js:582:24:582:31 | src[key] | -| tests.js:582:24:582:31 | src[key] | -| tests.js:582:24:582:31 | src[key] | -| tests.js:582:24:582:31 | src[key] | -| tests.js:582:28:582:30 | key | -| tests.js:582:28:582:30 | key | +| examples/PrototypePollutingFunction.js:1:16:1:18 | dst | semmle.label | dst | +| examples/PrototypePollutingFunction.js:1:21:1:23 | src | semmle.label | src | +| examples/PrototypePollutingFunction.js:2:14:2:16 | key | semmle.label | key | +| examples/PrototypePollutingFunction.js:5:19:5:21 | dst | semmle.label | dst | +| examples/PrototypePollutingFunction.js:5:19:5:26 | dst[key] | semmle.label | dst[key] | +| examples/PrototypePollutingFunction.js:5:23:5:25 | key | semmle.label | key | +| examples/PrototypePollutingFunction.js:5:29:5:31 | src | semmle.label | src | +| examples/PrototypePollutingFunction.js:5:29:5:36 | src[key] | semmle.label | src[key] | +| examples/PrototypePollutingFunction.js:5:33:5:35 | key | semmle.label | key | +| examples/PrototypePollutingFunction.js:7:13:7:15 | dst | semmle.label | dst | +| examples/PrototypePollutingFunction.js:7:17:7:19 | key | semmle.label | key | +| examples/PrototypePollutingFunction.js:7:24:7:26 | src | semmle.label | src | +| examples/PrototypePollutingFunction.js:7:24:7:31 | src[key] | semmle.label | src[key] | +| examples/PrototypePollutingFunction.js:7:28:7:30 | key | semmle.label | key | +| examples/PrototypePollutingFunction_fixed2.js:1:21:1:23 | src | semmle.label | src | +| examples/PrototypePollutingFunction_fixed2.js:6:29:6:31 | src | semmle.label | src | +| examples/PrototypePollutingFunction_fixed2.js:6:29:6:36 | src[key] | semmle.label | src[key] | +| examples/PrototypePollutingFunction_fixed2.js:8:24:8:26 | src | semmle.label | src | +| examples/PrototypePollutingFunction_fixed2.js:8:24:8:31 | src[key] | semmle.label | src[key] | +| examples/PrototypePollutingFunction_fixed.js:1:21:1:23 | src | semmle.label | src | +| examples/PrototypePollutingFunction_fixed.js:2:14:2:16 | key | semmle.label | key | +| examples/PrototypePollutingFunction_fixed.js:5:29:5:31 | src | semmle.label | src | +| examples/PrototypePollutingFunction_fixed.js:5:29:5:36 | src[key] | semmle.label | src[key] | +| examples/PrototypePollutingFunction_fixed.js:7:17:7:19 | key | semmle.label | key | +| examples/PrototypePollutingFunction_fixed.js:7:24:7:26 | src | semmle.label | src | +| examples/PrototypePollutingFunction_fixed.js:7:24:7:31 | src[key] | semmle.label | src[key] | +| examples/PrototypePollutingFunction_fixed.js:7:28:7:30 | key | semmle.label | key | +| path-assignment.js:8:13:8:25 | key | semmle.label | key | +| path-assignment.js:8:19:8:25 | keys[i] | semmle.label | keys[i] | +| path-assignment.js:13:13:13:32 | target | semmle.label | target | +| path-assignment.js:13:22:13:27 | target | semmle.label | target | +| path-assignment.js:13:22:13:32 | target[key] | semmle.label | target[key] | +| path-assignment.js:13:29:13:31 | key | semmle.label | key | +| path-assignment.js:15:13:15:18 | target | semmle.label | target | +| path-assignment.js:15:20:15:22 | key | semmle.label | key | +| path-assignment.js:41:13:41:25 | key | semmle.label | key | +| path-assignment.js:41:19:41:25 | keys[i] | semmle.label | keys[i] | +| path-assignment.js:42:9:42:48 | target | semmle.label | target | +| path-assignment.js:42:18:42:23 | target | semmle.label | target | +| path-assignment.js:42:25:42:27 | key | semmle.label | key | +| path-assignment.js:42:32:42:37 | target | semmle.label | target | +| path-assignment.js:42:32:42:42 | target[key] | semmle.label | target[key] | +| path-assignment.js:42:32:42:48 | target[key] \|\| {} | semmle.label | target[key] \|\| {} | +| path-assignment.js:42:39:42:41 | key | semmle.label | key | +| path-assignment.js:44:5:44:10 | target | semmle.label | target | +| path-assignment.js:44:12:44:18 | keys[i] | semmle.label | keys[i] | +| path-assignment.js:58:13:58:25 | key | semmle.label | key | +| path-assignment.js:58:19:58:25 | keys[i] | semmle.label | keys[i] | +| path-assignment.js:59:9:59:48 | target | semmle.label | target | +| path-assignment.js:59:18:59:23 | target | semmle.label | target | +| path-assignment.js:59:25:59:27 | key | semmle.label | key | +| path-assignment.js:59:32:59:37 | target | semmle.label | target | +| path-assignment.js:59:32:59:42 | target[key] | semmle.label | target[key] | +| path-assignment.js:59:32:59:48 | target[key] \|\| {} | semmle.label | target[key] \|\| {} | +| path-assignment.js:59:39:59:41 | key | semmle.label | key | +| path-assignment.js:61:5:61:10 | target | semmle.label | target | +| path-assignment.js:61:12:61:18 | keys[i] | semmle.label | keys[i] | +| path-assignment.js:68:13:68:25 | key | semmle.label | key | +| path-assignment.js:68:19:68:25 | keys[i] | semmle.label | keys[i] | +| path-assignment.js:69:9:69:48 | target | semmle.label | target | +| path-assignment.js:69:18:69:23 | target | semmle.label | target | +| path-assignment.js:69:25:69:27 | key | semmle.label | key | +| path-assignment.js:69:32:69:37 | target | semmle.label | target | +| path-assignment.js:69:32:69:42 | target[key] | semmle.label | target[key] | +| path-assignment.js:69:32:69:48 | target[key] \|\| {} | semmle.label | target[key] \|\| {} | +| path-assignment.js:69:39:69:41 | key | semmle.label | key | +| path-assignment.js:71:5:71:10 | target | semmle.label | target | +| path-assignment.js:71:12:71:18 | keys[i] | semmle.label | keys[i] | +| tests.js:3:25:3:27 | dst | semmle.label | dst | +| tests.js:3:30:3:32 | src | semmle.label | src | +| tests.js:4:14:4:16 | key | semmle.label | key | +| tests.js:6:28:6:30 | dst | semmle.label | dst | +| tests.js:6:28:6:35 | dst[key] | semmle.label | dst[key] | +| tests.js:6:32:6:34 | key | semmle.label | key | +| tests.js:6:38:6:40 | src | semmle.label | src | +| tests.js:6:38:6:45 | src[key] | semmle.label | src[key] | +| tests.js:6:42:6:44 | key | semmle.label | key | +| tests.js:8:13:8:15 | dst | semmle.label | dst | +| tests.js:8:17:8:19 | key | semmle.label | key | +| tests.js:8:24:8:26 | src | semmle.label | src | +| tests.js:8:24:8:31 | src[key] | semmle.label | src[key] | +| tests.js:8:28:8:30 | key | semmle.label | key | +| tests.js:13:24:13:26 | dst | semmle.label | dst | +| tests.js:13:29:13:31 | src | semmle.label | src | +| tests.js:14:17:14:19 | src | semmle.label | src | +| tests.js:14:30:14:32 | key | semmle.label | key | +| tests.js:16:27:16:29 | dst | semmle.label | dst | +| tests.js:16:27:16:34 | dst[key] | semmle.label | dst[key] | +| tests.js:16:31:16:33 | key | semmle.label | key | +| tests.js:16:37:16:39 | src | semmle.label | src | +| tests.js:16:37:16:44 | src[key] | semmle.label | src[key] | +| tests.js:16:41:16:43 | key | semmle.label | key | +| tests.js:18:13:18:15 | dst | semmle.label | dst | +| tests.js:18:17:18:19 | key | semmle.label | key | +| tests.js:18:24:18:26 | src | semmle.label | src | +| tests.js:18:24:18:31 | src[key] | semmle.label | src[key] | +| tests.js:18:28:18:30 | key | semmle.label | key | +| tests.js:23:19:23:21 | dst | semmle.label | dst | +| tests.js:25:18:25:20 | key | semmle.label | key | +| tests.js:26:25:26:27 | dst | semmle.label | dst | +| tests.js:26:30:26:40 | source[key] | semmle.label | source[key] | +| tests.js:26:37:26:39 | key | semmle.label | key | +| tests.js:26:43:26:45 | key | semmle.label | key | +| tests.js:31:22:31:24 | dst | semmle.label | dst | +| tests.js:31:27:31:31 | value | semmle.label | value | +| tests.js:31:34:31:36 | key | semmle.label | key | +| tests.js:32:9:32:27 | dstValue | semmle.label | dstValue | +| tests.js:32:20:32:22 | dst | semmle.label | dst | +| tests.js:32:20:32:27 | dst[key] | semmle.label | dst[key] | +| tests.js:32:24:32:26 | key | semmle.label | key | +| tests.js:34:18:34:25 | dstValue | semmle.label | dstValue | +| tests.js:36:9:36:11 | dst | semmle.label | dst | +| tests.js:36:13:36:15 | key | semmle.label | key | +| tests.js:36:20:36:24 | value | semmle.label | value | +| tests.js:40:27:40:29 | dst | semmle.label | dst | +| tests.js:40:32:40:34 | src | semmle.label | src | +| tests.js:41:14:41:16 | key | semmle.label | key | +| tests.js:44:30:44:32 | dst | semmle.label | dst | +| tests.js:44:30:44:37 | dst[key] | semmle.label | dst[key] | +| tests.js:44:34:44:36 | key | semmle.label | key | +| tests.js:44:40:44:42 | src | semmle.label | src | +| tests.js:44:40:44:47 | src[key] | semmle.label | src[key] | +| tests.js:44:44:44:46 | key | semmle.label | key | +| tests.js:46:13:46:15 | dst | semmle.label | dst | +| tests.js:46:17:46:19 | key | semmle.label | key | +| tests.js:46:24:46:26 | src | semmle.label | src | +| tests.js:46:24:46:31 | src[key] | semmle.label | src[key] | +| tests.js:46:28:46:30 | key | semmle.label | key | +| tests.js:51:26:51:28 | dst | semmle.label | dst | +| tests.js:51:31:51:33 | src | semmle.label | src | +| tests.js:52:14:52:16 | key | semmle.label | key | +| tests.js:55:29:55:31 | dst | semmle.label | dst | +| tests.js:55:29:55:36 | dst[key] | semmle.label | dst[key] | +| tests.js:55:33:55:35 | key | semmle.label | key | +| tests.js:55:39:55:41 | src | semmle.label | src | +| tests.js:55:39:55:46 | src[key] | semmle.label | src[key] | +| tests.js:55:43:55:45 | key | semmle.label | key | +| tests.js:57:13:57:15 | dst | semmle.label | dst | +| tests.js:57:17:57:19 | key | semmle.label | key | +| tests.js:57:24:57:26 | src | semmle.label | src | +| tests.js:57:24:57:31 | src[key] | semmle.label | src[key] | +| tests.js:57:28:57:30 | key | semmle.label | key | +| tests.js:62:33:62:35 | src | semmle.label | src | +| tests.js:66:41:66:43 | src | semmle.label | src | +| tests.js:66:41:66:48 | src[key] | semmle.label | src[key] | +| tests.js:68:24:68:26 | src | semmle.label | src | +| tests.js:68:24:68:31 | src[key] | semmle.label | src[key] | +| tests.js:77:27:77:29 | src | semmle.label | src | +| tests.js:81:39:81:41 | src | semmle.label | src | +| tests.js:81:39:81:46 | src[key] | semmle.label | src[key] | +| tests.js:83:28:83:30 | src | semmle.label | src | +| tests.js:83:28:83:35 | src[key] | semmle.label | src[key] | +| tests.js:89:34:89:36 | src | semmle.label | src | +| tests.js:90:14:90:16 | key | semmle.label | key | +| tests.js:94:42:94:44 | src | semmle.label | src | +| tests.js:94:42:94:49 | src[key] | semmle.label | src[key] | +| tests.js:96:17:96:19 | key | semmle.label | key | +| tests.js:96:24:96:26 | src | semmle.label | src | +| tests.js:96:24:96:31 | src[key] | semmle.label | src[key] | +| tests.js:96:28:96:30 | key | semmle.label | key | +| tests.js:101:32:101:34 | dst | semmle.label | dst | +| tests.js:101:37:101:39 | src | semmle.label | src | +| tests.js:102:14:102:16 | key | semmle.label | key | +| tests.js:107:35:107:37 | dst | semmle.label | dst | +| tests.js:107:35:107:42 | dst[key] | semmle.label | dst[key] | +| tests.js:107:39:107:41 | key | semmle.label | key | +| tests.js:107:45:107:47 | src | semmle.label | src | +| tests.js:107:45:107:52 | src[key] | semmle.label | src[key] | +| tests.js:107:49:107:51 | key | semmle.label | key | +| tests.js:109:13:109:15 | dst | semmle.label | dst | +| tests.js:109:17:109:19 | key | semmle.label | key | +| tests.js:109:24:109:26 | src | semmle.label | src | +| tests.js:109:24:109:31 | src[key] | semmle.label | src[key] | +| tests.js:109:28:109:30 | key | semmle.label | key | +| tests.js:116:41:116:43 | src | semmle.label | src | +| tests.js:117:14:117:16 | key | semmle.label | key | +| tests.js:119:49:119:51 | src | semmle.label | src | +| tests.js:119:49:119:56 | src[key] | semmle.label | src[key] | +| tests.js:121:17:121:19 | key | semmle.label | key | +| tests.js:121:24:121:26 | src | semmle.label | src | +| tests.js:121:24:121:31 | src[key] | semmle.label | src[key] | +| tests.js:121:28:121:30 | key | semmle.label | key | +| tests.js:149:31:149:33 | dst | semmle.label | dst | +| tests.js:149:36:149:38 | src | semmle.label | src | +| tests.js:150:14:150:16 | key | semmle.label | key | +| tests.js:152:22:152:24 | dst | semmle.label | dst | +| tests.js:152:27:152:29 | src | semmle.label | src | +| tests.js:152:32:152:34 | key | semmle.label | key | +| tests.js:154:13:154:15 | dst | semmle.label | dst | +| tests.js:154:17:154:19 | key | semmle.label | key | +| tests.js:154:24:154:26 | src | semmle.label | src | +| tests.js:154:24:154:31 | src[key] | semmle.label | src[key] | +| tests.js:154:28:154:30 | key | semmle.label | key | +| tests.js:159:36:159:38 | dst | semmle.label | dst | +| tests.js:159:41:159:43 | src | semmle.label | src | +| tests.js:160:26:160:28 | dst | semmle.label | dst | +| tests.js:160:31:160:33 | src | semmle.label | src | +| tests.js:160:37:160:39 | dst | semmle.label | dst | +| tests.js:160:42:160:44 | src | semmle.label | src | +| tests.js:160:47:160:49 | key | semmle.label | key | +| tests.js:161:35:161:37 | dst | semmle.label | dst | +| tests.js:161:35:161:42 | dst[key] | semmle.label | dst[key] | +| tests.js:161:39:161:41 | key | semmle.label | key | +| tests.js:161:45:161:47 | src | semmle.label | src | +| tests.js:161:45:161:52 | src[key] | semmle.label | src[key] | +| tests.js:161:49:161:51 | key | semmle.label | key | +| tests.js:165:37:165:39 | src | semmle.label | src | +| tests.js:166:14:166:16 | key | semmle.label | key | +| tests.js:169:45:169:47 | src | semmle.label | src | +| tests.js:169:45:169:52 | src[key] | semmle.label | src[key] | +| tests.js:169:49:169:51 | key | semmle.label | key | +| tests.js:171:17:171:19 | key | semmle.label | key | +| tests.js:171:24:171:26 | src | semmle.label | src | +| tests.js:171:24:171:31 | src[key] | semmle.label | src[key] | +| tests.js:171:28:171:30 | key | semmle.label | key | +| tests.js:178:33:178:35 | src | semmle.label | src | +| tests.js:182:41:182:43 | src | semmle.label | src | +| tests.js:182:41:182:48 | src[key] | semmle.label | src[key] | +| tests.js:184:24:184:26 | src | semmle.label | src | +| tests.js:184:24:184:31 | src[key] | semmle.label | src[key] | +| tests.js:189:32:189:34 | dst | semmle.label | dst | +| tests.js:189:37:189:39 | src | semmle.label | src | +| tests.js:192:13:192:25 | key | semmle.label | key | +| tests.js:192:19:192:25 | keys[i] | semmle.label | keys[i] | +| tests.js:194:35:194:37 | dst | semmle.label | dst | +| tests.js:194:35:194:42 | dst[key] | semmle.label | dst[key] | +| tests.js:194:39:194:41 | key | semmle.label | key | +| tests.js:194:45:194:47 | src | semmle.label | src | +| tests.js:194:45:194:52 | src[key] | semmle.label | src[key] | +| tests.js:194:49:194:51 | key | semmle.label | key | +| tests.js:196:13:196:15 | dst | semmle.label | dst | +| tests.js:196:17:196:19 | key | semmle.label | key | +| tests.js:196:24:196:26 | src | semmle.label | src | +| tests.js:196:24:196:31 | src[key] | semmle.label | src[key] | +| tests.js:196:28:196:30 | key | semmle.label | key | +| tests.js:201:39:201:41 | dst | semmle.label | dst | +| tests.js:201:44:201:46 | src | semmle.label | src | +| tests.js:206:42:206:44 | dst | semmle.label | dst | +| tests.js:206:42:206:53 | dst[keys[i]] | semmle.label | dst[keys[i]] | +| tests.js:206:46:206:52 | keys[i] | semmle.label | keys[i] | +| tests.js:206:56:206:58 | src | semmle.label | src | +| tests.js:206:56:206:67 | src[keys[i]] | semmle.label | src[keys[i]] | +| tests.js:206:60:206:66 | keys[i] | semmle.label | keys[i] | +| tests.js:208:13:208:15 | dst | semmle.label | dst | +| tests.js:208:17:208:23 | keys[i] | semmle.label | keys[i] | +| tests.js:208:28:208:30 | src | semmle.label | src | +| tests.js:208:28:208:39 | src[keys[i]] | semmle.label | src[keys[i]] | +| tests.js:208:32:208:38 | keys[i] | semmle.label | keys[i] | +| tests.js:213:23:213:26 | key1 | semmle.label | key1 | +| tests.js:213:29:213:32 | key2 | semmle.label | key2 | +| tests.js:213:35:213:39 | value | semmle.label | value | +| tests.js:217:5:217:13 | map[key1] | semmle.label | map[key1] | +| tests.js:217:9:217:12 | key1 | semmle.label | key1 | +| tests.js:217:15:217:18 | key2 | semmle.label | key2 | +| tests.js:217:23:217:27 | value | semmle.label | value | +| tests.js:223:14:223:16 | key | semmle.label | key | +| tests.js:224:23:224:25 | key | semmle.label | key | +| tests.js:224:33:224:41 | data[key] | semmle.label | data[key] | +| tests.js:224:38:224:40 | key | semmle.label | key | +| tests.js:225:28:225:30 | key | semmle.label | key | +| tests.js:225:33:225:41 | data[key] | semmle.label | data[key] | +| tests.js:225:38:225:40 | key | semmle.label | key | +| tests.js:229:26:229:29 | key1 | semmle.label | key1 | +| tests.js:229:32:229:35 | key2 | semmle.label | key2 | +| tests.js:229:38:229:42 | value | semmle.label | value | +| tests.js:233:5:233:13 | map[key1] | semmle.label | map[key1] | +| tests.js:233:9:233:12 | key1 | semmle.label | key1 | +| tests.js:233:15:233:18 | key2 | semmle.label | key2 | +| tests.js:233:23:233:27 | value | semmle.label | value | +| tests.js:238:14:238:16 | key | semmle.label | key | +| tests.js:239:24:239:26 | key | semmle.label | key | +| tests.js:239:34:239:42 | data[key] | semmle.label | data[key] | +| tests.js:239:39:239:41 | key | semmle.label | key | +| tests.js:240:31:240:33 | key | semmle.label | key | +| tests.js:240:36:240:44 | data[key] | semmle.label | data[key] | +| tests.js:240:41:240:43 | key | semmle.label | key | +| tests.js:263:27:263:29 | dst | semmle.label | dst | +| tests.js:265:13:265:26 | key | semmle.label | key | +| tests.js:265:19:265:26 | entry[0] | semmle.label | entry[0] | +| tests.js:266:13:266:28 | value | semmle.label | value | +| tests.js:266:21:266:28 | entry[1] | semmle.label | entry[1] | +| tests.js:268:30:268:32 | dst | semmle.label | dst | +| tests.js:268:30:268:37 | dst[key] | semmle.label | dst[key] | +| tests.js:268:34:268:36 | key | semmle.label | key | +| tests.js:270:13:270:15 | dst | semmle.label | dst | +| tests.js:270:17:270:19 | key | semmle.label | key | +| tests.js:270:24:270:28 | value | semmle.label | value | +| tests.js:275:27:275:29 | dst | semmle.label | dst | +| tests.js:275:32:275:34 | src | semmle.label | src | +| tests.js:276:21:276:23 | src | semmle.label | src | +| tests.js:276:34:276:36 | key | semmle.label | key | +| tests.js:278:30:278:32 | dst | semmle.label | dst | +| tests.js:278:30:278:37 | dst[key] | semmle.label | dst[key] | +| tests.js:278:34:278:36 | key | semmle.label | key | +| tests.js:278:40:278:42 | src | semmle.label | src | +| tests.js:278:40:278:47 | src[key] | semmle.label | src[key] | +| tests.js:278:44:278:46 | key | semmle.label | key | +| tests.js:280:13:280:15 | dst | semmle.label | dst | +| tests.js:280:17:280:19 | key | semmle.label | key | +| tests.js:280:24:280:26 | src | semmle.label | src | +| tests.js:280:24:280:31 | src[key] | semmle.label | src[key] | +| tests.js:280:28:280:30 | key | semmle.label | key | +| tests.js:301:27:301:29 | dst | semmle.label | dst | +| tests.js:301:32:301:34 | src | semmle.label | src | +| tests.js:302:14:302:16 | key | semmle.label | key | +| tests.js:304:17:304:32 | value | semmle.label | value | +| tests.js:304:17:304:32 | value | semmle.label | value | +| tests.js:304:17:304:32 | value | semmle.label | value | +| tests.js:304:25:304:27 | src | semmle.label | src | +| tests.js:304:25:304:32 | src[key] | semmle.label | src[key] | +| tests.js:304:25:304:32 | src[key] | semmle.label | src[key] | +| tests.js:304:25:304:32 | src[key] | semmle.label | src[key] | +| tests.js:304:29:304:31 | key | semmle.label | key | +| tests.js:306:34:306:36 | dst | semmle.label | dst | +| tests.js:306:34:306:41 | dst[key] | semmle.label | dst[key] | +| tests.js:306:38:306:40 | key | semmle.label | key | +| tests.js:306:44:306:48 | value | semmle.label | value | +| tests.js:306:44:306:48 | value | semmle.label | value | +| tests.js:308:17:308:19 | dst | semmle.label | dst | +| tests.js:308:21:308:23 | key | semmle.label | key | +| tests.js:308:28:308:32 | value | semmle.label | value | +| tests.js:314:31:314:33 | dst | semmle.label | dst | +| tests.js:314:36:314:38 | src | semmle.label | src | +| tests.js:315:14:315:16 | key | semmle.label | key | +| tests.js:318:17:318:32 | value | semmle.label | value | +| tests.js:318:17:318:32 | value | semmle.label | value | +| tests.js:318:17:318:32 | value | semmle.label | value | +| tests.js:318:25:318:27 | src | semmle.label | src | +| tests.js:318:25:318:32 | src[key] | semmle.label | src[key] | +| tests.js:318:25:318:32 | src[key] | semmle.label | src[key] | +| tests.js:318:25:318:32 | src[key] | semmle.label | src[key] | +| tests.js:318:29:318:31 | key | semmle.label | key | +| tests.js:320:38:320:40 | dst | semmle.label | dst | +| tests.js:320:38:320:45 | dst[key] | semmle.label | dst[key] | +| tests.js:320:42:320:44 | key | semmle.label | key | +| tests.js:320:48:320:52 | value | semmle.label | value | +| tests.js:320:48:320:52 | value | semmle.label | value | +| tests.js:322:17:322:19 | dst | semmle.label | dst | +| tests.js:322:21:322:23 | key | semmle.label | key | +| tests.js:322:28:322:32 | value | semmle.label | value | +| tests.js:328:25:328:27 | dst | semmle.label | dst | +| tests.js:328:30:328:32 | src | semmle.label | src | +| tests.js:329:14:329:16 | key | semmle.label | key | +| tests.js:336:32:336:34 | dst | semmle.label | dst | +| tests.js:336:32:336:39 | dst[key] | semmle.label | dst[key] | +| tests.js:336:36:336:38 | key | semmle.label | key | +| tests.js:336:42:336:44 | src | semmle.label | src | +| tests.js:336:42:336:49 | src[key] | semmle.label | src[key] | +| tests.js:336:46:336:48 | key | semmle.label | key | +| tests.js:338:17:338:19 | dst | semmle.label | dst | +| tests.js:338:21:338:23 | key | semmle.label | key | +| tests.js:338:28:338:30 | src | semmle.label | src | +| tests.js:338:28:338:35 | src[key] | semmle.label | src[key] | +| tests.js:338:32:338:34 | key | semmle.label | key | +| tests.js:348:32:348:37 | target | semmle.label | target | +| tests.js:348:40:348:45 | source | semmle.label | source | +| tests.js:349:26:349:31 | target | semmle.label | target | +| tests.js:349:54:349:59 | source | semmle.label | source | +| tests.js:350:21:350:26 | source | semmle.label | source | +| tests.js:350:37:350:39 | key | semmle.label | key | +| tests.js:355:17:355:22 | target | semmle.label | target | +| tests.js:355:24:355:26 | key | semmle.label | key | +| tests.js:355:31:355:86 | mergePl ... ptions) | semmle.label | mergePl ... ptions) | +| tests.js:355:53:355:58 | target | semmle.label | target | +| tests.js:355:53:355:63 | target[key] | semmle.label | target[key] | +| tests.js:355:60:355:62 | key | semmle.label | key | +| tests.js:355:66:355:71 | source | semmle.label | source | +| tests.js:355:66:355:76 | source[key] | semmle.label | source[key] | +| tests.js:357:17:357:22 | target | semmle.label | target | +| tests.js:357:24:357:26 | key | semmle.label | key | +| tests.js:357:31:357:36 | source | semmle.label | source | +| tests.js:357:31:357:41 | source[key] | semmle.label | source[key] | +| tests.js:357:38:357:40 | key | semmle.label | key | +| tests.js:361:12:361:17 | target | semmle.label | target | +| tests.js:364:41:364:46 | target | semmle.label | target | +| tests.js:364:49:364:54 | source | semmle.label | source | +| tests.js:366:18:366:20 | key | semmle.label | key | +| tests.js:371:24:371:26 | key | semmle.label | key | +| tests.js:371:31:371:95 | mergePl ... ptions) | semmle.label | mergePl ... ptions) | +| tests.js:371:62:371:72 | target[key] | semmle.label | target[key] | +| tests.js:371:69:371:71 | key | semmle.label | key | +| tests.js:371:75:371:80 | source | semmle.label | source | +| tests.js:371:75:371:85 | source[key] | semmle.label | source[key] | +| tests.js:373:24:373:26 | key | semmle.label | key | +| tests.js:373:31:373:36 | source | semmle.label | source | +| tests.js:373:31:373:41 | source[key] | semmle.label | source[key] | +| tests.js:373:38:373:40 | key | semmle.label | key | +| tests.js:377:12:377:17 | target | semmle.label | target | +| tests.js:380:22:380:24 | obj | semmle.label | obj | +| tests.js:380:27:380:34 | callback [dst] | semmle.label | callback [dst] | +| tests.js:380:27:380:34 | callback [dst] | semmle.label | callback [dst] | +| tests.js:380:27:380:34 | callback [dst] | semmle.label | callback [dst] | +| tests.js:380:27:380:34 | callback [dst] | semmle.label | callback [dst] | +| tests.js:380:27:380:34 | callback [src] | semmle.label | callback [src] | +| tests.js:381:14:381:16 | key | semmle.label | key | +| tests.js:383:13:383:20 | callback [dst] | semmle.label | callback [dst] | +| tests.js:383:13:383:20 | callback [dst] | semmle.label | callback [dst] | +| tests.js:383:13:383:20 | callback [dst] | semmle.label | callback [dst] | +| tests.js:383:13:383:20 | callback [dst] | semmle.label | callback [dst] | +| tests.js:383:13:383:20 | callback [src] | semmle.label | callback [src] | +| tests.js:383:22:383:24 | key | semmle.label | key | +| tests.js:383:27:383:29 | obj | semmle.label | obj | +| tests.js:383:27:383:34 | obj[key] | semmle.label | obj[key] | +| tests.js:383:31:383:33 | key | semmle.label | key | +| tests.js:388:29:388:31 | dst | semmle.label | dst | +| tests.js:388:29:388:31 | dst | semmle.label | dst | +| tests.js:388:34:388:36 | src | semmle.label | src | +| tests.js:389:17:389:19 | src | semmle.label | src | +| tests.js:389:22:389:24 | key | semmle.label | key | +| tests.js:391:32:391:34 | dst | semmle.label | dst | +| tests.js:391:32:391:34 | dst | semmle.label | dst | +| tests.js:391:32:391:39 | dst[key] | semmle.label | dst[key] | +| tests.js:391:32:391:39 | dst[key] | semmle.label | dst[key] | +| tests.js:391:36:391:38 | key | semmle.label | key | +| tests.js:391:42:391:44 | src | semmle.label | src | +| tests.js:391:42:391:49 | src[key] | semmle.label | src[key] | +| tests.js:391:46:391:48 | key | semmle.label | key | +| tests.js:393:13:393:15 | dst | semmle.label | dst | +| tests.js:393:17:393:19 | key | semmle.label | key | +| tests.js:393:24:393:26 | src | semmle.label | src | +| tests.js:393:24:393:31 | src[key] | semmle.label | src[key] | +| tests.js:393:28:393:30 | key | semmle.label | key | +| tests.js:398:30:398:32 | dst | semmle.label | dst | +| tests.js:398:30:398:32 | dst | semmle.label | dst | +| tests.js:398:35:398:37 | src | semmle.label | src | +| tests.js:399:17:399:19 | src | semmle.label | src | +| tests.js:399:23:399:25 | key | semmle.label | key | +| tests.js:399:28:399:32 | value | semmle.label | value | +| tests.js:401:33:401:35 | dst | semmle.label | dst | +| tests.js:401:33:401:35 | dst | semmle.label | dst | +| tests.js:401:33:401:40 | dst[key] | semmle.label | dst[key] | +| tests.js:401:33:401:40 | dst[key] | semmle.label | dst[key] | +| tests.js:401:37:401:39 | key | semmle.label | key | +| tests.js:401:43:401:47 | value | semmle.label | value | +| tests.js:403:13:403:15 | dst | semmle.label | dst | +| tests.js:403:17:403:19 | key | semmle.label | key | +| tests.js:403:24:403:28 | value | semmle.label | value | +| tests.js:408:22:408:24 | obj | semmle.label | obj | +| tests.js:408:27:408:29 | key | semmle.label | key | +| tests.js:409:12:409:14 | obj | semmle.label | obj | +| tests.js:409:12:409:19 | obj[key] | semmle.label | obj[key] | +| tests.js:409:16:409:18 | key | semmle.label | key | +| tests.js:412:31:412:33 | dst | semmle.label | dst | +| tests.js:412:36:412:38 | src | semmle.label | src | +| tests.js:413:14:413:16 | key | semmle.label | key | +| tests.js:414:13:414:41 | value | semmle.label | value | +| tests.js:414:21:414:41 | wrapped ... c, key) | semmle.label | wrapped ... c, key) | +| tests.js:414:33:414:35 | src | semmle.label | src | +| tests.js:414:38:414:40 | key | semmle.label | key | +| tests.js:415:13:415:42 | target | semmle.label | target | +| tests.js:415:22:415:42 | wrapped ... t, key) | semmle.label | wrapped ... t, key) | +| tests.js:415:34:415:36 | dst | semmle.label | dst | +| tests.js:415:39:415:41 | key | semmle.label | key | +| tests.js:417:34:417:39 | target | semmle.label | target | +| tests.js:417:42:417:46 | value | semmle.label | value | +| tests.js:419:13:419:15 | dst | semmle.label | dst | +| tests.js:419:17:419:19 | key | semmle.label | key | +| tests.js:419:24:419:28 | value | semmle.label | value | +| tests.js:424:25:424:27 | obj | semmle.label | obj | +| tests.js:424:30:424:32 | key | semmle.label | key | +| tests.js:426:12:426:14 | obj | semmle.label | obj | +| tests.js:426:12:426:19 | obj[key] | semmle.label | obj[key] | +| tests.js:426:16:426:18 | key | semmle.label | key | +| tests.js:429:34:429:36 | dst | semmle.label | dst | +| tests.js:429:39:429:41 | src | semmle.label | src | +| tests.js:430:14:430:16 | key | semmle.label | key | +| tests.js:431:13:431:44 | value | semmle.label | value | +| tests.js:431:21:431:44 | almostS ... c, key) | semmle.label | almostS ... c, key) | +| tests.js:431:36:431:38 | src | semmle.label | src | +| tests.js:431:41:431:43 | key | semmle.label | key | +| tests.js:432:13:432:45 | target | semmle.label | target | +| tests.js:432:22:432:45 | almostS ... t, key) | semmle.label | almostS ... t, key) | +| tests.js:432:37:432:39 | dst | semmle.label | dst | +| tests.js:432:42:432:44 | key | semmle.label | key | +| tests.js:434:37:434:42 | target | semmle.label | target | +| tests.js:434:45:434:49 | value | semmle.label | value | +| tests.js:436:13:436:15 | dst | semmle.label | dst | +| tests.js:436:17:436:19 | key | semmle.label | key | +| tests.js:436:24:436:28 | value | semmle.label | value | +| tests.js:441:19:441:21 | obj | semmle.label | obj | +| tests.js:443:12:443:14 | obj | semmle.label | obj | +| tests.js:443:12:443:19 | obj[key] | semmle.label | obj[key] | +| tests.js:446:33:446:35 | src | semmle.label | src | +| tests.js:447:14:447:16 | key | semmle.label | key | +| tests.js:448:13:448:38 | value | semmle.label | value | +| tests.js:448:21:448:38 | safeRead(src, key) | semmle.label | safeRead(src, key) | +| tests.js:448:30:448:32 | src | semmle.label | src | +| tests.js:451:39:451:43 | value | semmle.label | value | +| tests.js:453:17:453:19 | key | semmle.label | key | +| tests.js:453:24:453:28 | value | semmle.label | value | +| tests.js:458:26:458:28 | dst | semmle.label | dst | +| tests.js:458:31:458:33 | src | semmle.label | src | +| tests.js:460:12:460:14 | src | semmle.label | src | +| tests.js:460:18:460:22 | value | semmle.label | value | +| tests.js:460:25:460:27 | key | semmle.label | key | +| tests.js:462:29:462:31 | dst | semmle.label | dst | +| tests.js:462:29:462:36 | dst[key] | semmle.label | dst[key] | +| tests.js:462:33:462:35 | key | semmle.label | key | +| tests.js:462:39:462:41 | src | semmle.label | src | +| tests.js:462:39:462:46 | src[key] | semmle.label | src[key] | +| tests.js:462:43:462:45 | key | semmle.label | key | +| tests.js:465:30:465:32 | dst | semmle.label | dst | +| tests.js:465:34:465:36 | key | semmle.label | key | +| tests.js:465:41:465:43 | src | semmle.label | src | +| tests.js:465:41:465:48 | src[key] | semmle.label | src[key] | +| tests.js:465:45:465:47 | key | semmle.label | key | +| tests.js:466:30:466:32 | dst | semmle.label | dst | +| tests.js:466:34:466:36 | key | semmle.label | key | +| tests.js:466:41:466:46 | o[key] | semmle.label | o[key] | +| tests.js:466:43:466:45 | key | semmle.label | key | +| tests.js:467:30:467:32 | dst | semmle.label | dst | +| tests.js:467:34:467:36 | key | semmle.label | key | +| tests.js:467:41:467:45 | value | semmle.label | value | +| tests.js:472:38:472:40 | dst | semmle.label | dst | +| tests.js:473:18:473:22 | value | semmle.label | value | +| tests.js:473:25:473:27 | key | semmle.label | key | +| tests.js:475:41:475:43 | dst | semmle.label | dst | +| tests.js:475:41:475:48 | dst[key] | semmle.label | dst[key] | +| tests.js:475:45:475:47 | key | semmle.label | key | +| tests.js:477:13:477:15 | dst | semmle.label | dst | +| tests.js:477:17:477:19 | key | semmle.label | key | +| tests.js:477:24:477:28 | value | semmle.label | value | +| tests.js:483:26:483:28 | dst | semmle.label | dst | +| tests.js:483:31:483:33 | src | semmle.label | src | +| tests.js:483:31:483:33 | src | semmle.label | src | +| tests.js:484:14:484:16 | key | semmle.label | key | +| tests.js:487:29:487:31 | dst | semmle.label | dst | +| tests.js:487:29:487:36 | dst[key] | semmle.label | dst[key] | +| tests.js:487:33:487:35 | key | semmle.label | key | +| tests.js:487:39:487:41 | src | semmle.label | src | +| tests.js:487:39:487:46 | src[key] | semmle.label | src[key] | +| tests.js:487:39:487:46 | src[key] | semmle.label | src[key] | +| tests.js:487:39:487:46 | src[key] | semmle.label | src[key] | +| tests.js:487:43:487:45 | key | semmle.label | key | +| tests.js:489:13:489:15 | dst | semmle.label | dst | +| tests.js:489:17:489:19 | key | semmle.label | key | +| tests.js:489:24:489:26 | src | semmle.label | src | +| tests.js:489:24:489:31 | src[key] | semmle.label | src[key] | +| tests.js:489:28:489:30 | key | semmle.label | key | +| tests.js:494:32:494:34 | src | semmle.label | src | +| tests.js:495:14:495:16 | key | semmle.label | key | +| tests.js:498:13:498:28 | value | semmle.label | value | +| tests.js:498:13:498:28 | value | semmle.label | value | +| tests.js:498:13:498:28 | value | semmle.label | value | +| tests.js:498:21:498:23 | src | semmle.label | src | +| tests.js:498:21:498:28 | src[key] | semmle.label | src[key] | +| tests.js:498:21:498:28 | src[key] | semmle.label | src[key] | +| tests.js:498:21:498:28 | src[key] | semmle.label | src[key] | +| tests.js:498:25:498:27 | key | semmle.label | key | +| tests.js:500:38:500:42 | value | semmle.label | value | +| tests.js:500:38:500:42 | value | semmle.label | value | +| tests.js:502:17:502:19 | key | semmle.label | key | +| tests.js:502:24:502:28 | value | semmle.label | value | +| tests.js:508:30:508:32 | dst | semmle.label | dst | +| tests.js:508:35:508:37 | src | semmle.label | src | +| tests.js:511:13:511:25 | key | semmle.label | key | +| tests.js:511:19:511:25 | keys[i] | semmle.label | keys[i] | +| tests.js:513:33:513:35 | dst | semmle.label | dst | +| tests.js:513:33:513:40 | dst[key] | semmle.label | dst[key] | +| tests.js:513:37:513:39 | key | semmle.label | key | +| tests.js:513:43:513:45 | src | semmle.label | src | +| tests.js:513:43:513:50 | src[key] | semmle.label | src[key] | +| tests.js:513:47:513:49 | key | semmle.label | key | +| tests.js:516:32:516:34 | src | semmle.label | src | +| tests.js:516:32:516:39 | src[key] | semmle.label | src[key] | +| tests.js:516:36:516:38 | key | semmle.label | key | +| tests.js:517:35:517:37 | dst | semmle.label | dst | +| tests.js:517:40:517:42 | key | semmle.label | key | +| tests.js:525:14:525:16 | key | semmle.label | key | +| tests.js:529:17:529:19 | key | semmle.label | key | +| tests.js:529:24:529:31 | src[key] | semmle.label | src[key] | +| tests.js:529:28:529:30 | key | semmle.label | key | +| tests.js:534:31:534:33 | obj | semmle.label | obj | +| tests.js:534:36:534:43 | callback [dst] | semmle.label | callback [dst] | +| tests.js:538:9:538:16 | callback [dst] | semmle.label | callback [dst] | +| tests.js:538:18:538:24 | keys[i] | semmle.label | keys[i] | +| tests.js:538:27:538:29 | obj | semmle.label | obj | +| tests.js:538:27:538:38 | obj[keys[i]] | semmle.label | obj[keys[i]] | +| tests.js:538:31:538:37 | keys[i] | semmle.label | keys[i] | +| tests.js:542:30:542:32 | dst | semmle.label | dst | +| tests.js:542:35:542:37 | src | semmle.label | src | +| tests.js:543:26:543:28 | src | semmle.label | src | +| tests.js:543:32:543:34 | key | semmle.label | key | +| tests.js:543:37:543:41 | value | semmle.label | value | +| tests.js:545:33:545:35 | dst | semmle.label | dst | +| tests.js:545:33:545:40 | dst[key] | semmle.label | dst[key] | +| tests.js:545:37:545:39 | key | semmle.label | key | +| tests.js:545:43:545:47 | value | semmle.label | value | +| tests.js:547:13:547:15 | dst | semmle.label | dst | +| tests.js:547:17:547:19 | key | semmle.label | key | +| tests.js:547:24:547:28 | value | semmle.label | value | +| tests.js:552:35:552:37 | src | semmle.label | src | +| tests.js:553:14:553:16 | key | semmle.label | key | +| tests.js:557:43:557:45 | src | semmle.label | src | +| tests.js:557:43:557:50 | src[key] | semmle.label | src[key] | +| tests.js:559:17:559:19 | key | semmle.label | key | +| tests.js:559:24:559:26 | src | semmle.label | src | +| tests.js:559:24:559:31 | src[key] | semmle.label | src[key] | +| tests.js:559:28:559:30 | key | semmle.label | key | +| tests.js:564:35:564:37 | src | semmle.label | src | +| tests.js:565:14:565:16 | key | semmle.label | key | +| tests.js:569:43:569:45 | src | semmle.label | src | +| tests.js:569:43:569:50 | src[key] | semmle.label | src[key] | +| tests.js:571:17:571:19 | key | semmle.label | key | +| tests.js:571:24:571:26 | src | semmle.label | src | +| tests.js:571:24:571:31 | src[key] | semmle.label | src[key] | +| tests.js:571:28:571:30 | key | semmle.label | key | +| tests.js:576:30:576:32 | src | semmle.label | src | +| tests.js:577:14:577:16 | key | semmle.label | key | +| tests.js:580:38:580:40 | src | semmle.label | src | +| tests.js:580:38:580:45 | src[key] | semmle.label | src[key] | +| tests.js:582:17:582:19 | key | semmle.label | key | +| tests.js:582:24:582:26 | src | semmle.label | src | +| tests.js:582:24:582:31 | src[key] | semmle.label | src[key] | +| tests.js:582:28:582:30 | key | semmle.label | key | +| tests.js:591:25:591:27 | obj | semmle.label | obj | +| tests.js:592:7:592:9 | obj | semmle.label | obj | +| tests.js:592:21:592:23 | obj | semmle.label | obj | +| tests.js:593:10:593:12 | obj | semmle.label | obj | +| tests.js:600:31:600:34 | dest | semmle.label | dest | +| tests.js:600:37:600:42 | source | semmle.label | source | +| tests.js:601:16:601:18 | key | semmle.label | key | +| tests.js:603:34:603:37 | dest | semmle.label | dest | +| tests.js:603:34:603:42 | dest[key] | semmle.label | dest[key] | +| tests.js:603:39:603:41 | key | semmle.label | key | +| tests.js:603:45:603:50 | source | semmle.label | source | +| tests.js:603:45:603:55 | source[key] | semmle.label | source[key] | +| tests.js:603:52:603:54 | key | semmle.label | key | +| tests.js:605:13:605:16 | dest | semmle.label | dest | +| tests.js:605:18:605:20 | key | semmle.label | key | +| tests.js:605:25:605:51 | capture ... e[key]) | semmle.label | capture ... e[key]) | +| tests.js:605:40:605:45 | source | semmle.label | source | +| tests.js:605:40:605:50 | source[key] | semmle.label | source[key] | +| tests.js:605:47:605:49 | key | semmle.label | key | edges -| examples/PrototypePollutingFunction.js:1:16:1:18 | dst | examples/PrototypePollutingFunction.js:5:19:5:21 | dst | -| examples/PrototypePollutingFunction.js:1:16:1:18 | dst | examples/PrototypePollutingFunction.js:5:19:5:21 | dst | -| examples/PrototypePollutingFunction.js:1:16:1:18 | dst | examples/PrototypePollutingFunction.js:7:13:7:15 | dst | -| examples/PrototypePollutingFunction.js:1:16:1:18 | dst | examples/PrototypePollutingFunction.js:7:13:7:15 | dst | -| examples/PrototypePollutingFunction.js:1:16:1:18 | dst | examples/PrototypePollutingFunction.js:7:13:7:15 | dst | -| examples/PrototypePollutingFunction.js:1:16:1:18 | dst | examples/PrototypePollutingFunction.js:7:13:7:15 | dst | -| examples/PrototypePollutingFunction.js:1:21:1:23 | src | examples/PrototypePollutingFunction.js:5:29:5:31 | src | -| examples/PrototypePollutingFunction.js:1:21:1:23 | src | examples/PrototypePollutingFunction.js:5:29:5:31 | src | -| examples/PrototypePollutingFunction.js:1:21:1:23 | src | examples/PrototypePollutingFunction.js:7:24:7:26 | src | -| examples/PrototypePollutingFunction.js:1:21:1:23 | src | examples/PrototypePollutingFunction.js:7:24:7:26 | src | -| examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:5:23:5:25 | key | -| examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:5:23:5:25 | key | -| examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:5:23:5:25 | key | -| examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:5:23:5:25 | key | -| examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:5:33:5:35 | key | -| examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:5:33:5:35 | key | -| examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:5:33:5:35 | key | -| examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:5:33:5:35 | key | -| examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:7:17:7:19 | key | -| examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:7:17:7:19 | key | -| examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:7:17:7:19 | key | -| examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:7:17:7:19 | key | -| examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:7:17:7:19 | key | -| examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:7:17:7:19 | key | -| examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:7:17:7:19 | key | -| examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:7:28:7:30 | key | -| examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:7:28:7:30 | key | -| examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:7:28:7:30 | key | -| examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:7:28:7:30 | key | -| examples/PrototypePollutingFunction.js:5:19:5:21 | dst | examples/PrototypePollutingFunction.js:5:19:5:26 | dst[key] | -| examples/PrototypePollutingFunction.js:5:19:5:21 | dst | examples/PrototypePollutingFunction.js:5:19:5:26 | dst[key] | -| examples/PrototypePollutingFunction.js:5:19:5:26 | dst[key] | examples/PrototypePollutingFunction.js:1:16:1:18 | dst | -| examples/PrototypePollutingFunction.js:5:19:5:26 | dst[key] | examples/PrototypePollutingFunction.js:1:16:1:18 | dst | -| examples/PrototypePollutingFunction.js:5:19:5:26 | dst[key] | examples/PrototypePollutingFunction.js:1:16:1:18 | dst | -| examples/PrototypePollutingFunction.js:5:19:5:26 | dst[key] | examples/PrototypePollutingFunction.js:1:16:1:18 | dst | -| examples/PrototypePollutingFunction.js:5:23:5:25 | key | examples/PrototypePollutingFunction.js:5:19:5:26 | dst[key] | -| examples/PrototypePollutingFunction.js:5:23:5:25 | key | examples/PrototypePollutingFunction.js:5:19:5:26 | dst[key] | -| examples/PrototypePollutingFunction.js:5:29:5:31 | src | examples/PrototypePollutingFunction.js:5:29:5:36 | src[key] | -| examples/PrototypePollutingFunction.js:5:29:5:31 | src | examples/PrototypePollutingFunction.js:5:29:5:36 | src[key] | -| examples/PrototypePollutingFunction.js:5:29:5:36 | src[key] | examples/PrototypePollutingFunction.js:1:21:1:23 | src | -| examples/PrototypePollutingFunction.js:5:29:5:36 | src[key] | examples/PrototypePollutingFunction.js:1:21:1:23 | src | -| examples/PrototypePollutingFunction.js:5:29:5:36 | src[key] | examples/PrototypePollutingFunction.js:1:21:1:23 | src | -| examples/PrototypePollutingFunction.js:5:29:5:36 | src[key] | examples/PrototypePollutingFunction.js:1:21:1:23 | src | -| examples/PrototypePollutingFunction.js:5:29:5:36 | src[key] | examples/PrototypePollutingFunction.js:1:21:1:23 | src | -| examples/PrototypePollutingFunction.js:5:29:5:36 | src[key] | examples/PrototypePollutingFunction.js:1:21:1:23 | src | -| examples/PrototypePollutingFunction.js:5:33:5:35 | key | examples/PrototypePollutingFunction.js:5:29:5:36 | src[key] | -| examples/PrototypePollutingFunction.js:5:33:5:35 | key | examples/PrototypePollutingFunction.js:5:29:5:36 | src[key] | -| examples/PrototypePollutingFunction.js:7:24:7:26 | src | examples/PrototypePollutingFunction.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction.js:7:24:7:26 | src | examples/PrototypePollutingFunction.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction.js:7:24:7:26 | src | examples/PrototypePollutingFunction.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction.js:7:24:7:26 | src | examples/PrototypePollutingFunction.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction.js:7:24:7:31 | src[key] | examples/PrototypePollutingFunction.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction.js:7:28:7:30 | key | examples/PrototypePollutingFunction.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction.js:7:28:7:30 | key | examples/PrototypePollutingFunction.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction.js:7:28:7:30 | key | examples/PrototypePollutingFunction.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction.js:7:28:7:30 | key | examples/PrototypePollutingFunction.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction_fixed2.js:1:21:1:23 | src | examples/PrototypePollutingFunction_fixed2.js:6:29:6:31 | src | -| examples/PrototypePollutingFunction_fixed2.js:1:21:1:23 | src | examples/PrototypePollutingFunction_fixed2.js:6:29:6:31 | src | -| examples/PrototypePollutingFunction_fixed2.js:1:21:1:23 | src | examples/PrototypePollutingFunction_fixed2.js:8:24:8:26 | src | -| examples/PrototypePollutingFunction_fixed2.js:1:21:1:23 | src | examples/PrototypePollutingFunction_fixed2.js:8:24:8:26 | src | -| examples/PrototypePollutingFunction_fixed2.js:6:29:6:31 | src | examples/PrototypePollutingFunction_fixed2.js:6:29:6:36 | src[key] | -| examples/PrototypePollutingFunction_fixed2.js:6:29:6:31 | src | examples/PrototypePollutingFunction_fixed2.js:6:29:6:36 | src[key] | -| examples/PrototypePollutingFunction_fixed2.js:6:29:6:36 | src[key] | examples/PrototypePollutingFunction_fixed2.js:1:21:1:23 | src | -| examples/PrototypePollutingFunction_fixed2.js:6:29:6:36 | src[key] | examples/PrototypePollutingFunction_fixed2.js:1:21:1:23 | src | -| examples/PrototypePollutingFunction_fixed2.js:6:29:6:36 | src[key] | examples/PrototypePollutingFunction_fixed2.js:1:21:1:23 | src | -| examples/PrototypePollutingFunction_fixed2.js:6:29:6:36 | src[key] | examples/PrototypePollutingFunction_fixed2.js:1:21:1:23 | src | -| examples/PrototypePollutingFunction_fixed2.js:6:29:6:36 | src[key] | examples/PrototypePollutingFunction_fixed2.js:1:21:1:23 | src | -| examples/PrototypePollutingFunction_fixed2.js:6:29:6:36 | src[key] | examples/PrototypePollutingFunction_fixed2.js:1:21:1:23 | src | -| examples/PrototypePollutingFunction_fixed2.js:8:24:8:26 | src | examples/PrototypePollutingFunction_fixed2.js:8:24:8:31 | src[key] | -| examples/PrototypePollutingFunction_fixed2.js:8:24:8:26 | src | examples/PrototypePollutingFunction_fixed2.js:8:24:8:31 | src[key] | -| examples/PrototypePollutingFunction_fixed2.js:8:24:8:26 | src | examples/PrototypePollutingFunction_fixed2.js:8:24:8:31 | src[key] | -| examples/PrototypePollutingFunction_fixed2.js:8:24:8:26 | src | examples/PrototypePollutingFunction_fixed2.js:8:24:8:31 | src[key] | -| examples/PrototypePollutingFunction_fixed2.js:8:24:8:31 | src[key] | examples/PrototypePollutingFunction_fixed2.js:8:24:8:31 | src[key] | -| examples/PrototypePollutingFunction_fixed.js:1:21:1:23 | src | examples/PrototypePollutingFunction_fixed.js:5:29:5:31 | src | -| examples/PrototypePollutingFunction_fixed.js:1:21:1:23 | src | examples/PrototypePollutingFunction_fixed.js:5:29:5:31 | src | -| examples/PrototypePollutingFunction_fixed.js:1:21:1:23 | src | examples/PrototypePollutingFunction_fixed.js:7:24:7:26 | src | -| examples/PrototypePollutingFunction_fixed.js:1:21:1:23 | src | examples/PrototypePollutingFunction_fixed.js:7:24:7:26 | src | -| examples/PrototypePollutingFunction_fixed.js:2:14:2:16 | key | examples/PrototypePollutingFunction_fixed.js:7:17:7:19 | key | -| examples/PrototypePollutingFunction_fixed.js:2:14:2:16 | key | examples/PrototypePollutingFunction_fixed.js:7:17:7:19 | key | -| examples/PrototypePollutingFunction_fixed.js:2:14:2:16 | key | examples/PrototypePollutingFunction_fixed.js:7:17:7:19 | key | -| examples/PrototypePollutingFunction_fixed.js:2:14:2:16 | key | examples/PrototypePollutingFunction_fixed.js:7:17:7:19 | key | -| examples/PrototypePollutingFunction_fixed.js:2:14:2:16 | key | examples/PrototypePollutingFunction_fixed.js:7:17:7:19 | key | -| examples/PrototypePollutingFunction_fixed.js:2:14:2:16 | key | examples/PrototypePollutingFunction_fixed.js:7:17:7:19 | key | -| examples/PrototypePollutingFunction_fixed.js:2:14:2:16 | key | examples/PrototypePollutingFunction_fixed.js:7:17:7:19 | key | -| examples/PrototypePollutingFunction_fixed.js:2:14:2:16 | key | examples/PrototypePollutingFunction_fixed.js:7:28:7:30 | key | -| examples/PrototypePollutingFunction_fixed.js:2:14:2:16 | key | examples/PrototypePollutingFunction_fixed.js:7:28:7:30 | key | -| examples/PrototypePollutingFunction_fixed.js:2:14:2:16 | key | examples/PrototypePollutingFunction_fixed.js:7:28:7:30 | key | -| examples/PrototypePollutingFunction_fixed.js:2:14:2:16 | key | examples/PrototypePollutingFunction_fixed.js:7:28:7:30 | key | -| examples/PrototypePollutingFunction_fixed.js:5:29:5:31 | src | examples/PrototypePollutingFunction_fixed.js:5:29:5:36 | src[key] | -| examples/PrototypePollutingFunction_fixed.js:5:29:5:31 | src | examples/PrototypePollutingFunction_fixed.js:5:29:5:36 | src[key] | -| examples/PrototypePollutingFunction_fixed.js:5:29:5:36 | src[key] | examples/PrototypePollutingFunction_fixed.js:1:21:1:23 | src | -| examples/PrototypePollutingFunction_fixed.js:5:29:5:36 | src[key] | examples/PrototypePollutingFunction_fixed.js:1:21:1:23 | src | -| examples/PrototypePollutingFunction_fixed.js:5:29:5:36 | src[key] | examples/PrototypePollutingFunction_fixed.js:1:21:1:23 | src | -| examples/PrototypePollutingFunction_fixed.js:5:29:5:36 | src[key] | examples/PrototypePollutingFunction_fixed.js:1:21:1:23 | src | -| examples/PrototypePollutingFunction_fixed.js:5:29:5:36 | src[key] | examples/PrototypePollutingFunction_fixed.js:1:21:1:23 | src | -| examples/PrototypePollutingFunction_fixed.js:5:29:5:36 | src[key] | examples/PrototypePollutingFunction_fixed.js:1:21:1:23 | src | -| examples/PrototypePollutingFunction_fixed.js:7:24:7:26 | src | examples/PrototypePollutingFunction_fixed.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction_fixed.js:7:24:7:26 | src | examples/PrototypePollutingFunction_fixed.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction_fixed.js:7:24:7:26 | src | examples/PrototypePollutingFunction_fixed.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction_fixed.js:7:24:7:26 | src | examples/PrototypePollutingFunction_fixed.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction_fixed.js:7:24:7:31 | src[key] | examples/PrototypePollutingFunction_fixed.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction_fixed.js:7:28:7:30 | key | examples/PrototypePollutingFunction_fixed.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction_fixed.js:7:28:7:30 | key | examples/PrototypePollutingFunction_fixed.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction_fixed.js:7:28:7:30 | key | examples/PrototypePollutingFunction_fixed.js:7:24:7:31 | src[key] | -| examples/PrototypePollutingFunction_fixed.js:7:28:7:30 | key | examples/PrototypePollutingFunction_fixed.js:7:24:7:31 | src[key] | -| path-assignment.js:8:13:8:25 | key | path-assignment.js:13:29:13:31 | key | -| path-assignment.js:8:13:8:25 | key | path-assignment.js:13:29:13:31 | key | -| path-assignment.js:8:13:8:25 | key | path-assignment.js:15:20:15:22 | key | -| path-assignment.js:8:13:8:25 | key | path-assignment.js:15:20:15:22 | key | -| path-assignment.js:8:13:8:25 | key | path-assignment.js:15:20:15:22 | key | -| path-assignment.js:8:13:8:25 | key | path-assignment.js:15:20:15:22 | key | -| path-assignment.js:8:19:8:25 | keys[i] | path-assignment.js:8:13:8:25 | key | -| path-assignment.js:8:19:8:25 | keys[i] | path-assignment.js:8:13:8:25 | key | -| path-assignment.js:8:19:8:25 | keys[i] | path-assignment.js:8:13:8:25 | key | -| path-assignment.js:8:19:8:25 | keys[i] | path-assignment.js:8:13:8:25 | key | -| path-assignment.js:13:13:13:32 | target | path-assignment.js:13:22:13:27 | target | -| path-assignment.js:13:13:13:32 | target | path-assignment.js:13:22:13:27 | target | -| path-assignment.js:13:13:13:32 | target | path-assignment.js:15:13:15:18 | target | -| path-assignment.js:13:13:13:32 | target | path-assignment.js:15:13:15:18 | target | -| path-assignment.js:13:13:13:32 | target | path-assignment.js:15:13:15:18 | target | -| path-assignment.js:13:13:13:32 | target | path-assignment.js:15:13:15:18 | target | -| path-assignment.js:13:22:13:27 | target | path-assignment.js:13:22:13:32 | target[key] | -| path-assignment.js:13:22:13:27 | target | path-assignment.js:13:22:13:32 | target[key] | -| path-assignment.js:13:22:13:32 | target[key] | path-assignment.js:13:13:13:32 | target | -| path-assignment.js:13:22:13:32 | target[key] | path-assignment.js:13:13:13:32 | target | -| path-assignment.js:13:29:13:31 | key | path-assignment.js:13:22:13:32 | target[key] | -| path-assignment.js:13:29:13:31 | key | path-assignment.js:13:22:13:32 | target[key] | -| path-assignment.js:41:13:41:25 | key | path-assignment.js:42:25:42:27 | key | -| path-assignment.js:41:13:41:25 | key | path-assignment.js:42:25:42:27 | key | -| path-assignment.js:41:13:41:25 | key | path-assignment.js:42:25:42:27 | key | -| path-assignment.js:41:13:41:25 | key | path-assignment.js:42:25:42:27 | key | -| path-assignment.js:41:13:41:25 | key | path-assignment.js:42:39:42:41 | key | -| path-assignment.js:41:13:41:25 | key | path-assignment.js:42:39:42:41 | key | -| path-assignment.js:41:19:41:25 | keys[i] | path-assignment.js:41:13:41:25 | key | -| path-assignment.js:41:19:41:25 | keys[i] | path-assignment.js:41:13:41:25 | key | -| path-assignment.js:41:19:41:25 | keys[i] | path-assignment.js:41:13:41:25 | key | -| path-assignment.js:41:19:41:25 | keys[i] | path-assignment.js:41:13:41:25 | key | -| path-assignment.js:42:9:42:48 | target | path-assignment.js:42:18:42:23 | target | -| path-assignment.js:42:9:42:48 | target | path-assignment.js:42:18:42:23 | target | -| path-assignment.js:42:9:42:48 | target | path-assignment.js:42:18:42:23 | target | -| path-assignment.js:42:9:42:48 | target | path-assignment.js:42:18:42:23 | target | -| path-assignment.js:42:9:42:48 | target | path-assignment.js:42:32:42:37 | target | -| path-assignment.js:42:9:42:48 | target | path-assignment.js:42:32:42:37 | target | -| path-assignment.js:42:9:42:48 | target | path-assignment.js:44:5:44:10 | target | -| path-assignment.js:42:9:42:48 | target | path-assignment.js:44:5:44:10 | target | -| path-assignment.js:42:9:42:48 | target | path-assignment.js:44:5:44:10 | target | -| path-assignment.js:42:9:42:48 | target | path-assignment.js:44:5:44:10 | target | -| path-assignment.js:42:18:42:48 | target[ ... ] \|\| {} | path-assignment.js:42:9:42:48 | target | -| path-assignment.js:42:18:42:48 | target[ ... ] \|\| {} | path-assignment.js:42:9:42:48 | target | -| path-assignment.js:42:32:42:37 | target | path-assignment.js:42:32:42:42 | target[key] | -| path-assignment.js:42:32:42:37 | target | path-assignment.js:42:32:42:42 | target[key] | -| path-assignment.js:42:32:42:42 | target[key] | path-assignment.js:42:32:42:48 | target[key] \|\| {} | -| path-assignment.js:42:32:42:42 | target[key] | path-assignment.js:42:32:42:48 | target[key] \|\| {} | -| path-assignment.js:42:32:42:42 | target[key] | path-assignment.js:42:32:42:48 | target[key] \|\| {} | -| path-assignment.js:42:32:42:42 | target[key] | path-assignment.js:42:32:42:48 | target[key] \|\| {} | -| path-assignment.js:42:32:42:48 | target[key] \|\| {} | path-assignment.js:42:18:42:48 | target[ ... ] \|\| {} | -| path-assignment.js:42:32:42:48 | target[key] \|\| {} | path-assignment.js:42:18:42:48 | target[ ... ] \|\| {} | -| path-assignment.js:42:39:42:41 | key | path-assignment.js:42:32:42:42 | target[key] | -| path-assignment.js:42:39:42:41 | key | path-assignment.js:42:32:42:42 | target[key] | -| path-assignment.js:44:12:44:18 | keys[i] | path-assignment.js:44:12:44:18 | keys[i] | -| path-assignment.js:58:13:58:25 | key | path-assignment.js:59:25:59:27 | key | -| path-assignment.js:58:13:58:25 | key | path-assignment.js:59:25:59:27 | key | -| path-assignment.js:58:13:58:25 | key | path-assignment.js:59:25:59:27 | key | -| path-assignment.js:58:13:58:25 | key | path-assignment.js:59:25:59:27 | key | -| path-assignment.js:58:13:58:25 | key | path-assignment.js:59:39:59:41 | key | -| path-assignment.js:58:13:58:25 | key | path-assignment.js:59:39:59:41 | key | -| path-assignment.js:58:19:58:25 | keys[i] | path-assignment.js:58:13:58:25 | key | -| path-assignment.js:58:19:58:25 | keys[i] | path-assignment.js:58:13:58:25 | key | -| path-assignment.js:58:19:58:25 | keys[i] | path-assignment.js:58:13:58:25 | key | -| path-assignment.js:58:19:58:25 | keys[i] | path-assignment.js:58:13:58:25 | key | -| path-assignment.js:59:9:59:48 | target | path-assignment.js:59:18:59:23 | target | -| path-assignment.js:59:9:59:48 | target | path-assignment.js:59:18:59:23 | target | -| path-assignment.js:59:9:59:48 | target | path-assignment.js:59:18:59:23 | target | -| path-assignment.js:59:9:59:48 | target | path-assignment.js:59:18:59:23 | target | -| path-assignment.js:59:9:59:48 | target | path-assignment.js:59:32:59:37 | target | -| path-assignment.js:59:9:59:48 | target | path-assignment.js:59:32:59:37 | target | -| path-assignment.js:59:9:59:48 | target | path-assignment.js:61:5:61:10 | target | -| path-assignment.js:59:9:59:48 | target | path-assignment.js:61:5:61:10 | target | -| path-assignment.js:59:9:59:48 | target | path-assignment.js:61:5:61:10 | target | -| path-assignment.js:59:9:59:48 | target | path-assignment.js:61:5:61:10 | target | -| path-assignment.js:59:18:59:48 | target[ ... ] \|\| {} | path-assignment.js:59:9:59:48 | target | -| path-assignment.js:59:18:59:48 | target[ ... ] \|\| {} | path-assignment.js:59:9:59:48 | target | -| path-assignment.js:59:32:59:37 | target | path-assignment.js:59:32:59:42 | target[key] | -| path-assignment.js:59:32:59:37 | target | path-assignment.js:59:32:59:42 | target[key] | -| path-assignment.js:59:32:59:42 | target[key] | path-assignment.js:59:32:59:48 | target[key] \|\| {} | -| path-assignment.js:59:32:59:42 | target[key] | path-assignment.js:59:32:59:48 | target[key] \|\| {} | -| path-assignment.js:59:32:59:42 | target[key] | path-assignment.js:59:32:59:48 | target[key] \|\| {} | -| path-assignment.js:59:32:59:42 | target[key] | path-assignment.js:59:32:59:48 | target[key] \|\| {} | -| path-assignment.js:59:32:59:48 | target[key] \|\| {} | path-assignment.js:59:18:59:48 | target[ ... ] \|\| {} | -| path-assignment.js:59:32:59:48 | target[key] \|\| {} | path-assignment.js:59:18:59:48 | target[ ... ] \|\| {} | -| path-assignment.js:59:39:59:41 | key | path-assignment.js:59:32:59:42 | target[key] | -| path-assignment.js:59:39:59:41 | key | path-assignment.js:59:32:59:42 | target[key] | -| path-assignment.js:61:12:61:18 | keys[i] | path-assignment.js:61:12:61:18 | keys[i] | -| path-assignment.js:68:13:68:25 | key | path-assignment.js:69:25:69:27 | key | -| path-assignment.js:68:13:68:25 | key | path-assignment.js:69:25:69:27 | key | -| path-assignment.js:68:13:68:25 | key | path-assignment.js:69:25:69:27 | key | -| path-assignment.js:68:13:68:25 | key | path-assignment.js:69:25:69:27 | key | -| path-assignment.js:68:13:68:25 | key | path-assignment.js:69:39:69:41 | key | -| path-assignment.js:68:13:68:25 | key | path-assignment.js:69:39:69:41 | key | -| path-assignment.js:68:19:68:25 | keys[i] | path-assignment.js:68:13:68:25 | key | -| path-assignment.js:68:19:68:25 | keys[i] | path-assignment.js:68:13:68:25 | key | -| path-assignment.js:68:19:68:25 | keys[i] | path-assignment.js:68:13:68:25 | key | -| path-assignment.js:68:19:68:25 | keys[i] | path-assignment.js:68:13:68:25 | key | -| path-assignment.js:69:9:69:48 | target | path-assignment.js:69:18:69:23 | target | -| path-assignment.js:69:9:69:48 | target | path-assignment.js:69:18:69:23 | target | -| path-assignment.js:69:9:69:48 | target | path-assignment.js:69:18:69:23 | target | -| path-assignment.js:69:9:69:48 | target | path-assignment.js:69:18:69:23 | target | -| path-assignment.js:69:9:69:48 | target | path-assignment.js:69:32:69:37 | target | -| path-assignment.js:69:9:69:48 | target | path-assignment.js:69:32:69:37 | target | -| path-assignment.js:69:9:69:48 | target | path-assignment.js:71:5:71:10 | target | -| path-assignment.js:69:9:69:48 | target | path-assignment.js:71:5:71:10 | target | -| path-assignment.js:69:9:69:48 | target | path-assignment.js:71:5:71:10 | target | -| path-assignment.js:69:9:69:48 | target | path-assignment.js:71:5:71:10 | target | -| path-assignment.js:69:18:69:48 | target[ ... ] \|\| {} | path-assignment.js:69:9:69:48 | target | -| path-assignment.js:69:18:69:48 | target[ ... ] \|\| {} | path-assignment.js:69:9:69:48 | target | -| path-assignment.js:69:32:69:37 | target | path-assignment.js:69:32:69:42 | target[key] | -| path-assignment.js:69:32:69:37 | target | path-assignment.js:69:32:69:42 | target[key] | -| path-assignment.js:69:32:69:42 | target[key] | path-assignment.js:69:32:69:48 | target[key] \|\| {} | -| path-assignment.js:69:32:69:42 | target[key] | path-assignment.js:69:32:69:48 | target[key] \|\| {} | -| path-assignment.js:69:32:69:42 | target[key] | path-assignment.js:69:32:69:48 | target[key] \|\| {} | -| path-assignment.js:69:32:69:42 | target[key] | path-assignment.js:69:32:69:48 | target[key] \|\| {} | -| path-assignment.js:69:32:69:48 | target[key] \|\| {} | path-assignment.js:69:18:69:48 | target[ ... ] \|\| {} | -| path-assignment.js:69:32:69:48 | target[key] \|\| {} | path-assignment.js:69:18:69:48 | target[ ... ] \|\| {} | -| path-assignment.js:69:39:69:41 | key | path-assignment.js:69:32:69:42 | target[key] | -| path-assignment.js:69:39:69:41 | key | path-assignment.js:69:32:69:42 | target[key] | -| path-assignment.js:71:12:71:18 | keys[i] | path-assignment.js:71:12:71:18 | keys[i] | -| tests.js:3:25:3:27 | dst | tests.js:6:28:6:30 | dst | -| tests.js:3:25:3:27 | dst | tests.js:6:28:6:30 | dst | -| tests.js:3:25:3:27 | dst | tests.js:8:13:8:15 | dst | -| tests.js:3:25:3:27 | dst | tests.js:8:13:8:15 | dst | -| tests.js:3:25:3:27 | dst | tests.js:8:13:8:15 | dst | -| tests.js:3:25:3:27 | dst | tests.js:8:13:8:15 | dst | -| tests.js:3:30:3:32 | src | tests.js:6:38:6:40 | src | -| tests.js:3:30:3:32 | src | tests.js:6:38:6:40 | src | -| tests.js:3:30:3:32 | src | tests.js:8:24:8:26 | src | -| tests.js:3:30:3:32 | src | tests.js:8:24:8:26 | src | -| tests.js:4:14:4:16 | key | tests.js:6:32:6:34 | key | -| tests.js:4:14:4:16 | key | tests.js:6:32:6:34 | key | -| tests.js:4:14:4:16 | key | tests.js:6:32:6:34 | key | -| tests.js:4:14:4:16 | key | tests.js:6:32:6:34 | key | -| tests.js:4:14:4:16 | key | tests.js:6:42:6:44 | key | -| tests.js:4:14:4:16 | key | tests.js:6:42:6:44 | key | -| tests.js:4:14:4:16 | key | tests.js:6:42:6:44 | key | -| tests.js:4:14:4:16 | key | tests.js:6:42:6:44 | key | -| tests.js:4:14:4:16 | key | tests.js:8:17:8:19 | key | -| tests.js:4:14:4:16 | key | tests.js:8:17:8:19 | key | -| tests.js:4:14:4:16 | key | tests.js:8:17:8:19 | key | -| tests.js:4:14:4:16 | key | tests.js:8:17:8:19 | key | -| tests.js:4:14:4:16 | key | tests.js:8:17:8:19 | key | -| tests.js:4:14:4:16 | key | tests.js:8:17:8:19 | key | -| tests.js:4:14:4:16 | key | tests.js:8:17:8:19 | key | -| tests.js:4:14:4:16 | key | tests.js:8:28:8:30 | key | -| tests.js:4:14:4:16 | key | tests.js:8:28:8:30 | key | -| tests.js:4:14:4:16 | key | tests.js:8:28:8:30 | key | -| tests.js:4:14:4:16 | key | tests.js:8:28:8:30 | key | -| tests.js:6:28:6:30 | dst | tests.js:6:28:6:35 | dst[key] | -| tests.js:6:28:6:30 | dst | tests.js:6:28:6:35 | dst[key] | -| tests.js:6:28:6:35 | dst[key] | tests.js:3:25:3:27 | dst | -| tests.js:6:28:6:35 | dst[key] | tests.js:3:25:3:27 | dst | -| tests.js:6:28:6:35 | dst[key] | tests.js:3:25:3:27 | dst | -| tests.js:6:28:6:35 | dst[key] | tests.js:3:25:3:27 | dst | -| tests.js:6:32:6:34 | key | tests.js:6:28:6:35 | dst[key] | -| tests.js:6:32:6:34 | key | tests.js:6:28:6:35 | dst[key] | -| tests.js:6:38:6:40 | src | tests.js:6:38:6:45 | src[key] | -| tests.js:6:38:6:40 | src | tests.js:6:38:6:45 | src[key] | -| tests.js:6:38:6:45 | src[key] | tests.js:3:30:3:32 | src | -| tests.js:6:38:6:45 | src[key] | tests.js:3:30:3:32 | src | -| tests.js:6:38:6:45 | src[key] | tests.js:3:30:3:32 | src | -| tests.js:6:38:6:45 | src[key] | tests.js:3:30:3:32 | src | -| tests.js:6:38:6:45 | src[key] | tests.js:3:30:3:32 | src | -| tests.js:6:38:6:45 | src[key] | tests.js:3:30:3:32 | src | -| tests.js:6:42:6:44 | key | tests.js:6:38:6:45 | src[key] | -| tests.js:6:42:6:44 | key | tests.js:6:38:6:45 | src[key] | -| tests.js:8:24:8:26 | src | tests.js:8:24:8:31 | src[key] | -| tests.js:8:24:8:26 | src | tests.js:8:24:8:31 | src[key] | -| tests.js:8:24:8:26 | src | tests.js:8:24:8:31 | src[key] | -| tests.js:8:24:8:26 | src | tests.js:8:24:8:31 | src[key] | -| tests.js:8:24:8:31 | src[key] | tests.js:8:24:8:31 | src[key] | -| tests.js:8:28:8:30 | key | tests.js:8:24:8:31 | src[key] | -| tests.js:8:28:8:30 | key | tests.js:8:24:8:31 | src[key] | -| tests.js:8:28:8:30 | key | tests.js:8:24:8:31 | src[key] | -| tests.js:8:28:8:30 | key | tests.js:8:24:8:31 | src[key] | -| tests.js:13:24:13:26 | dst | tests.js:16:27:16:29 | dst | -| tests.js:13:24:13:26 | dst | tests.js:16:27:16:29 | dst | -| tests.js:13:24:13:26 | dst | tests.js:18:13:18:15 | dst | -| tests.js:13:24:13:26 | dst | tests.js:18:13:18:15 | dst | -| tests.js:13:24:13:26 | dst | tests.js:18:13:18:15 | dst | -| tests.js:13:24:13:26 | dst | tests.js:18:13:18:15 | dst | -| tests.js:13:29:13:31 | src | tests.js:16:37:16:39 | src | -| tests.js:13:29:13:31 | src | tests.js:16:37:16:39 | src | -| tests.js:13:29:13:31 | src | tests.js:18:24:18:26 | src | -| tests.js:13:29:13:31 | src | tests.js:18:24:18:26 | src | -| tests.js:14:30:14:32 | key | tests.js:16:31:16:33 | key | -| tests.js:14:30:14:32 | key | tests.js:16:31:16:33 | key | -| tests.js:14:30:14:32 | key | tests.js:16:31:16:33 | key | -| tests.js:14:30:14:32 | key | tests.js:16:31:16:33 | key | -| tests.js:14:30:14:32 | key | tests.js:16:41:16:43 | key | -| tests.js:14:30:14:32 | key | tests.js:16:41:16:43 | key | -| tests.js:14:30:14:32 | key | tests.js:16:41:16:43 | key | -| tests.js:14:30:14:32 | key | tests.js:16:41:16:43 | key | -| tests.js:14:30:14:32 | key | tests.js:18:17:18:19 | key | -| tests.js:14:30:14:32 | key | tests.js:18:17:18:19 | key | -| tests.js:14:30:14:32 | key | tests.js:18:17:18:19 | key | -| tests.js:14:30:14:32 | key | tests.js:18:17:18:19 | key | -| tests.js:14:30:14:32 | key | tests.js:18:17:18:19 | key | -| tests.js:14:30:14:32 | key | tests.js:18:17:18:19 | key | -| tests.js:14:30:14:32 | key | tests.js:18:17:18:19 | key | -| tests.js:14:30:14:32 | key | tests.js:18:28:18:30 | key | -| tests.js:14:30:14:32 | key | tests.js:18:28:18:30 | key | -| tests.js:14:30:14:32 | key | tests.js:18:28:18:30 | key | -| tests.js:14:30:14:32 | key | tests.js:18:28:18:30 | key | -| tests.js:16:27:16:29 | dst | tests.js:16:27:16:34 | dst[key] | -| tests.js:16:27:16:29 | dst | tests.js:16:27:16:34 | dst[key] | -| tests.js:16:27:16:34 | dst[key] | tests.js:13:24:13:26 | dst | -| tests.js:16:27:16:34 | dst[key] | tests.js:13:24:13:26 | dst | -| tests.js:16:27:16:34 | dst[key] | tests.js:13:24:13:26 | dst | -| tests.js:16:27:16:34 | dst[key] | tests.js:13:24:13:26 | dst | -| tests.js:16:31:16:33 | key | tests.js:16:27:16:34 | dst[key] | -| tests.js:16:31:16:33 | key | tests.js:16:27:16:34 | dst[key] | -| tests.js:16:37:16:39 | src | tests.js:16:37:16:44 | src[key] | -| tests.js:16:37:16:39 | src | tests.js:16:37:16:44 | src[key] | -| tests.js:16:37:16:44 | src[key] | tests.js:13:29:13:31 | src | -| tests.js:16:37:16:44 | src[key] | tests.js:13:29:13:31 | src | -| tests.js:16:37:16:44 | src[key] | tests.js:13:29:13:31 | src | -| tests.js:16:37:16:44 | src[key] | tests.js:13:29:13:31 | src | -| tests.js:16:37:16:44 | src[key] | tests.js:13:29:13:31 | src | -| tests.js:16:37:16:44 | src[key] | tests.js:13:29:13:31 | src | -| tests.js:16:41:16:43 | key | tests.js:16:37:16:44 | src[key] | -| tests.js:16:41:16:43 | key | tests.js:16:37:16:44 | src[key] | -| tests.js:18:24:18:26 | src | tests.js:18:24:18:31 | src[key] | -| tests.js:18:24:18:26 | src | tests.js:18:24:18:31 | src[key] | -| tests.js:18:24:18:26 | src | tests.js:18:24:18:31 | src[key] | -| tests.js:18:24:18:26 | src | tests.js:18:24:18:31 | src[key] | -| tests.js:18:24:18:31 | src[key] | tests.js:18:24:18:31 | src[key] | -| tests.js:18:28:18:30 | key | tests.js:18:24:18:31 | src[key] | -| tests.js:18:28:18:30 | key | tests.js:18:24:18:31 | src[key] | -| tests.js:18:28:18:30 | key | tests.js:18:24:18:31 | src[key] | -| tests.js:18:28:18:30 | key | tests.js:18:24:18:31 | src[key] | -| tests.js:23:19:23:21 | dst | tests.js:26:25:26:27 | dst | -| tests.js:23:19:23:21 | dst | tests.js:26:25:26:27 | dst | -| tests.js:25:18:25:20 | key | tests.js:26:37:26:39 | key | -| tests.js:25:18:25:20 | key | tests.js:26:37:26:39 | key | -| tests.js:25:18:25:20 | key | tests.js:26:37:26:39 | key | -| tests.js:25:18:25:20 | key | tests.js:26:37:26:39 | key | -| tests.js:25:18:25:20 | key | tests.js:26:43:26:45 | key | -| tests.js:25:18:25:20 | key | tests.js:26:43:26:45 | key | -| tests.js:25:18:25:20 | key | tests.js:26:43:26:45 | key | -| tests.js:25:18:25:20 | key | tests.js:26:43:26:45 | key | -| tests.js:26:25:26:27 | dst | tests.js:31:22:31:24 | dst | -| tests.js:26:25:26:27 | dst | tests.js:31:22:31:24 | dst | -| tests.js:26:30:26:40 | source[key] | tests.js:31:27:31:31 | value | -| tests.js:26:30:26:40 | source[key] | tests.js:31:27:31:31 | value | -| tests.js:26:30:26:40 | source[key] | tests.js:31:27:31:31 | value | -| tests.js:26:30:26:40 | source[key] | tests.js:31:27:31:31 | value | -| tests.js:26:37:26:39 | key | tests.js:26:30:26:40 | source[key] | -| tests.js:26:37:26:39 | key | tests.js:26:30:26:40 | source[key] | -| tests.js:26:43:26:45 | key | tests.js:31:34:31:36 | key | -| tests.js:26:43:26:45 | key | tests.js:31:34:31:36 | key | -| tests.js:31:22:31:24 | dst | tests.js:32:20:32:22 | dst | -| tests.js:31:22:31:24 | dst | tests.js:32:20:32:22 | dst | -| tests.js:31:22:31:24 | dst | tests.js:36:9:36:11 | dst | -| tests.js:31:22:31:24 | dst | tests.js:36:9:36:11 | dst | -| tests.js:31:22:31:24 | dst | tests.js:36:9:36:11 | dst | -| tests.js:31:22:31:24 | dst | tests.js:36:9:36:11 | dst | -| tests.js:31:27:31:31 | value | tests.js:36:20:36:24 | value | -| tests.js:31:27:31:31 | value | tests.js:36:20:36:24 | value | -| tests.js:31:27:31:31 | value | tests.js:36:20:36:24 | value | -| tests.js:31:27:31:31 | value | tests.js:36:20:36:24 | value | -| tests.js:31:34:31:36 | key | tests.js:32:24:32:26 | key | -| tests.js:31:34:31:36 | key | tests.js:32:24:32:26 | key | -| tests.js:31:34:31:36 | key | tests.js:36:13:36:15 | key | -| tests.js:31:34:31:36 | key | tests.js:36:13:36:15 | key | -| tests.js:31:34:31:36 | key | tests.js:36:13:36:15 | key | -| tests.js:31:34:31:36 | key | tests.js:36:13:36:15 | key | -| tests.js:32:9:32:27 | dstValue | tests.js:34:18:34:25 | dstValue | -| tests.js:32:9:32:27 | dstValue | tests.js:34:18:34:25 | dstValue | -| tests.js:32:20:32:22 | dst | tests.js:32:20:32:27 | dst[key] | -| tests.js:32:20:32:22 | dst | tests.js:32:20:32:27 | dst[key] | -| tests.js:32:20:32:27 | dst[key] | tests.js:32:9:32:27 | dstValue | -| tests.js:32:20:32:27 | dst[key] | tests.js:32:9:32:27 | dstValue | -| tests.js:32:24:32:26 | key | tests.js:32:20:32:27 | dst[key] | -| tests.js:32:24:32:26 | key | tests.js:32:20:32:27 | dst[key] | -| tests.js:34:18:34:25 | dstValue | tests.js:23:19:23:21 | dst | -| tests.js:34:18:34:25 | dstValue | tests.js:23:19:23:21 | dst | -| tests.js:40:27:40:29 | dst | tests.js:44:30:44:32 | dst | -| tests.js:40:27:40:29 | dst | tests.js:46:13:46:15 | dst | -| tests.js:40:27:40:29 | dst | tests.js:46:13:46:15 | dst | -| tests.js:40:32:40:34 | src | tests.js:44:40:44:42 | src | -| tests.js:40:32:40:34 | src | tests.js:44:40:44:42 | src | -| tests.js:40:32:40:34 | src | tests.js:46:24:46:26 | src | -| tests.js:40:32:40:34 | src | tests.js:46:24:46:26 | src | -| tests.js:41:14:41:16 | key | tests.js:44:34:44:36 | key | -| tests.js:41:14:41:16 | key | tests.js:44:34:44:36 | key | -| tests.js:41:14:41:16 | key | tests.js:44:44:44:46 | key | -| tests.js:41:14:41:16 | key | tests.js:44:44:44:46 | key | -| tests.js:41:14:41:16 | key | tests.js:46:17:46:19 | key | -| tests.js:41:14:41:16 | key | tests.js:46:17:46:19 | key | -| tests.js:41:14:41:16 | key | tests.js:46:17:46:19 | key | -| tests.js:41:14:41:16 | key | tests.js:46:17:46:19 | key | -| tests.js:41:14:41:16 | key | tests.js:46:28:46:30 | key | -| tests.js:41:14:41:16 | key | tests.js:46:28:46:30 | key | -| tests.js:44:30:44:32 | dst | tests.js:44:30:44:37 | dst[key] | -| tests.js:44:30:44:37 | dst[key] | tests.js:40:27:40:29 | dst | -| tests.js:44:30:44:37 | dst[key] | tests.js:40:27:40:29 | dst | -| tests.js:44:34:44:36 | key | tests.js:44:30:44:37 | dst[key] | -| tests.js:44:40:44:42 | src | tests.js:44:40:44:47 | src[key] | -| tests.js:44:40:44:42 | src | tests.js:44:40:44:47 | src[key] | -| tests.js:44:40:44:47 | src[key] | tests.js:40:32:40:34 | src | -| tests.js:44:40:44:47 | src[key] | tests.js:40:32:40:34 | src | -| tests.js:44:40:44:47 | src[key] | tests.js:40:32:40:34 | src | -| tests.js:44:40:44:47 | src[key] | tests.js:40:32:40:34 | src | -| tests.js:44:40:44:47 | src[key] | tests.js:40:32:40:34 | src | -| tests.js:44:40:44:47 | src[key] | tests.js:40:32:40:34 | src | -| tests.js:44:44:44:46 | key | tests.js:44:40:44:47 | src[key] | -| tests.js:46:24:46:26 | src | tests.js:46:24:46:31 | src[key] | -| tests.js:46:24:46:26 | src | tests.js:46:24:46:31 | src[key] | -| tests.js:46:24:46:26 | src | tests.js:46:24:46:31 | src[key] | -| tests.js:46:24:46:26 | src | tests.js:46:24:46:31 | src[key] | -| tests.js:46:24:46:31 | src[key] | tests.js:46:24:46:31 | src[key] | -| tests.js:46:28:46:30 | key | tests.js:46:24:46:31 | src[key] | -| tests.js:46:28:46:30 | key | tests.js:46:24:46:31 | src[key] | -| tests.js:51:26:51:28 | dst | tests.js:55:29:55:31 | dst | -| tests.js:51:26:51:28 | dst | tests.js:57:13:57:15 | dst | -| tests.js:51:26:51:28 | dst | tests.js:57:13:57:15 | dst | -| tests.js:51:31:51:33 | src | tests.js:55:39:55:41 | src | -| tests.js:51:31:51:33 | src | tests.js:55:39:55:41 | src | -| tests.js:51:31:51:33 | src | tests.js:57:24:57:26 | src | -| tests.js:51:31:51:33 | src | tests.js:57:24:57:26 | src | -| tests.js:52:14:52:16 | key | tests.js:55:33:55:35 | key | -| tests.js:52:14:52:16 | key | tests.js:55:33:55:35 | key | -| tests.js:52:14:52:16 | key | tests.js:55:43:55:45 | key | -| tests.js:52:14:52:16 | key | tests.js:55:43:55:45 | key | -| tests.js:52:14:52:16 | key | tests.js:57:17:57:19 | key | -| tests.js:52:14:52:16 | key | tests.js:57:17:57:19 | key | -| tests.js:52:14:52:16 | key | tests.js:57:17:57:19 | key | -| tests.js:52:14:52:16 | key | tests.js:57:17:57:19 | key | -| tests.js:52:14:52:16 | key | tests.js:57:28:57:30 | key | -| tests.js:52:14:52:16 | key | tests.js:57:28:57:30 | key | -| tests.js:55:29:55:31 | dst | tests.js:55:29:55:36 | dst[key] | -| tests.js:55:29:55:36 | dst[key] | tests.js:51:26:51:28 | dst | -| tests.js:55:29:55:36 | dst[key] | tests.js:51:26:51:28 | dst | -| tests.js:55:33:55:35 | key | tests.js:55:29:55:36 | dst[key] | -| tests.js:55:39:55:41 | src | tests.js:55:39:55:46 | src[key] | -| tests.js:55:39:55:41 | src | tests.js:55:39:55:46 | src[key] | -| tests.js:55:39:55:46 | src[key] | tests.js:51:31:51:33 | src | -| tests.js:55:39:55:46 | src[key] | tests.js:51:31:51:33 | src | -| tests.js:55:39:55:46 | src[key] | tests.js:51:31:51:33 | src | -| tests.js:55:39:55:46 | src[key] | tests.js:51:31:51:33 | src | -| tests.js:55:39:55:46 | src[key] | tests.js:51:31:51:33 | src | -| tests.js:55:39:55:46 | src[key] | tests.js:51:31:51:33 | src | -| tests.js:55:43:55:45 | key | tests.js:55:39:55:46 | src[key] | -| tests.js:57:24:57:26 | src | tests.js:57:24:57:31 | src[key] | -| tests.js:57:24:57:26 | src | tests.js:57:24:57:31 | src[key] | -| tests.js:57:24:57:26 | src | tests.js:57:24:57:31 | src[key] | -| tests.js:57:24:57:26 | src | tests.js:57:24:57:31 | src[key] | -| tests.js:57:24:57:31 | src[key] | tests.js:57:24:57:31 | src[key] | -| tests.js:57:28:57:30 | key | tests.js:57:24:57:31 | src[key] | -| tests.js:57:28:57:30 | key | tests.js:57:24:57:31 | src[key] | -| tests.js:62:33:62:35 | src | tests.js:66:41:66:43 | src | -| tests.js:62:33:62:35 | src | tests.js:66:41:66:43 | src | -| tests.js:62:33:62:35 | src | tests.js:68:24:68:26 | src | -| tests.js:62:33:62:35 | src | tests.js:68:24:68:26 | src | -| tests.js:66:41:66:43 | src | tests.js:66:41:66:48 | src[key] | -| tests.js:66:41:66:43 | src | tests.js:66:41:66:48 | src[key] | -| tests.js:66:41:66:48 | src[key] | tests.js:62:33:62:35 | src | -| tests.js:66:41:66:48 | src[key] | tests.js:62:33:62:35 | src | -| tests.js:66:41:66:48 | src[key] | tests.js:62:33:62:35 | src | -| tests.js:66:41:66:48 | src[key] | tests.js:62:33:62:35 | src | -| tests.js:66:41:66:48 | src[key] | tests.js:62:33:62:35 | src | -| tests.js:66:41:66:48 | src[key] | tests.js:62:33:62:35 | src | -| tests.js:68:24:68:26 | src | tests.js:68:24:68:31 | src[key] | -| tests.js:68:24:68:26 | src | tests.js:68:24:68:31 | src[key] | -| tests.js:68:24:68:26 | src | tests.js:68:24:68:31 | src[key] | -| tests.js:68:24:68:26 | src | tests.js:68:24:68:31 | src[key] | -| tests.js:68:24:68:31 | src[key] | tests.js:68:24:68:31 | src[key] | -| tests.js:77:27:77:29 | src | tests.js:81:39:81:41 | src | -| tests.js:77:27:77:29 | src | tests.js:81:39:81:41 | src | -| tests.js:77:27:77:29 | src | tests.js:83:28:83:30 | src | -| tests.js:77:27:77:29 | src | tests.js:83:28:83:30 | src | -| tests.js:81:39:81:41 | src | tests.js:81:39:81:46 | src[key] | -| tests.js:81:39:81:41 | src | tests.js:81:39:81:46 | src[key] | -| tests.js:81:39:81:46 | src[key] | tests.js:77:27:77:29 | src | -| tests.js:81:39:81:46 | src[key] | tests.js:77:27:77:29 | src | -| tests.js:81:39:81:46 | src[key] | tests.js:77:27:77:29 | src | -| tests.js:81:39:81:46 | src[key] | tests.js:77:27:77:29 | src | -| tests.js:81:39:81:46 | src[key] | tests.js:77:27:77:29 | src | -| tests.js:81:39:81:46 | src[key] | tests.js:77:27:77:29 | src | -| tests.js:83:28:83:30 | src | tests.js:83:28:83:35 | src[key] | -| tests.js:83:28:83:30 | src | tests.js:83:28:83:35 | src[key] | -| tests.js:83:28:83:30 | src | tests.js:83:28:83:35 | src[key] | -| tests.js:83:28:83:30 | src | tests.js:83:28:83:35 | src[key] | -| tests.js:83:28:83:35 | src[key] | tests.js:83:28:83:35 | src[key] | -| tests.js:89:34:89:36 | src | tests.js:94:42:94:44 | src | -| tests.js:89:34:89:36 | src | tests.js:94:42:94:44 | src | -| tests.js:89:34:89:36 | src | tests.js:96:24:96:26 | src | -| tests.js:89:34:89:36 | src | tests.js:96:24:96:26 | src | -| tests.js:90:14:90:16 | key | tests.js:96:17:96:19 | key | -| tests.js:90:14:90:16 | key | tests.js:96:17:96:19 | key | -| tests.js:90:14:90:16 | key | tests.js:96:17:96:19 | key | -| tests.js:90:14:90:16 | key | tests.js:96:17:96:19 | key | -| tests.js:90:14:90:16 | key | tests.js:96:17:96:19 | key | -| tests.js:90:14:90:16 | key | tests.js:96:17:96:19 | key | -| tests.js:90:14:90:16 | key | tests.js:96:17:96:19 | key | -| tests.js:90:14:90:16 | key | tests.js:96:28:96:30 | key | -| tests.js:90:14:90:16 | key | tests.js:96:28:96:30 | key | -| tests.js:90:14:90:16 | key | tests.js:96:28:96:30 | key | -| tests.js:90:14:90:16 | key | tests.js:96:28:96:30 | key | -| tests.js:94:42:94:44 | src | tests.js:94:42:94:49 | src[key] | -| tests.js:94:42:94:44 | src | tests.js:94:42:94:49 | src[key] | -| tests.js:94:42:94:49 | src[key] | tests.js:89:34:89:36 | src | -| tests.js:94:42:94:49 | src[key] | tests.js:89:34:89:36 | src | -| tests.js:94:42:94:49 | src[key] | tests.js:89:34:89:36 | src | -| tests.js:94:42:94:49 | src[key] | tests.js:89:34:89:36 | src | -| tests.js:94:42:94:49 | src[key] | tests.js:89:34:89:36 | src | -| tests.js:94:42:94:49 | src[key] | tests.js:89:34:89:36 | src | -| tests.js:96:24:96:26 | src | tests.js:96:24:96:31 | src[key] | -| tests.js:96:24:96:26 | src | tests.js:96:24:96:31 | src[key] | -| tests.js:96:24:96:26 | src | tests.js:96:24:96:31 | src[key] | -| tests.js:96:24:96:26 | src | tests.js:96:24:96:31 | src[key] | -| tests.js:96:24:96:31 | src[key] | tests.js:96:24:96:31 | src[key] | -| tests.js:96:28:96:30 | key | tests.js:96:24:96:31 | src[key] | -| tests.js:96:28:96:30 | key | tests.js:96:24:96:31 | src[key] | -| tests.js:96:28:96:30 | key | tests.js:96:24:96:31 | src[key] | -| tests.js:96:28:96:30 | key | tests.js:96:24:96:31 | src[key] | -| tests.js:101:32:101:34 | dst | tests.js:107:35:107:37 | dst | -| tests.js:101:32:101:34 | dst | tests.js:107:35:107:37 | dst | -| tests.js:101:32:101:34 | dst | tests.js:109:13:109:15 | dst | -| tests.js:101:32:101:34 | dst | tests.js:109:13:109:15 | dst | -| tests.js:101:32:101:34 | dst | tests.js:109:13:109:15 | dst | -| tests.js:101:32:101:34 | dst | tests.js:109:13:109:15 | dst | -| tests.js:101:37:101:39 | src | tests.js:107:45:107:47 | src | -| tests.js:101:37:101:39 | src | tests.js:107:45:107:47 | src | -| tests.js:101:37:101:39 | src | tests.js:109:24:109:26 | src | -| tests.js:101:37:101:39 | src | tests.js:109:24:109:26 | src | -| tests.js:102:14:102:16 | key | tests.js:107:39:107:41 | key | -| tests.js:102:14:102:16 | key | tests.js:107:39:107:41 | key | -| tests.js:102:14:102:16 | key | tests.js:107:39:107:41 | key | -| tests.js:102:14:102:16 | key | tests.js:107:39:107:41 | key | -| tests.js:102:14:102:16 | key | tests.js:107:49:107:51 | key | -| tests.js:102:14:102:16 | key | tests.js:107:49:107:51 | key | -| tests.js:102:14:102:16 | key | tests.js:107:49:107:51 | key | -| tests.js:102:14:102:16 | key | tests.js:107:49:107:51 | key | -| tests.js:102:14:102:16 | key | tests.js:109:17:109:19 | key | -| tests.js:102:14:102:16 | key | tests.js:109:17:109:19 | key | -| tests.js:102:14:102:16 | key | tests.js:109:17:109:19 | key | -| tests.js:102:14:102:16 | key | tests.js:109:17:109:19 | key | -| tests.js:102:14:102:16 | key | tests.js:109:17:109:19 | key | -| tests.js:102:14:102:16 | key | tests.js:109:17:109:19 | key | -| tests.js:102:14:102:16 | key | tests.js:109:17:109:19 | key | -| tests.js:102:14:102:16 | key | tests.js:109:28:109:30 | key | -| tests.js:102:14:102:16 | key | tests.js:109:28:109:30 | key | -| tests.js:102:14:102:16 | key | tests.js:109:28:109:30 | key | -| tests.js:102:14:102:16 | key | tests.js:109:28:109:30 | key | -| tests.js:107:35:107:37 | dst | tests.js:107:35:107:42 | dst[key] | -| tests.js:107:35:107:37 | dst | tests.js:107:35:107:42 | dst[key] | -| tests.js:107:35:107:42 | dst[key] | tests.js:101:32:101:34 | dst | -| tests.js:107:35:107:42 | dst[key] | tests.js:101:32:101:34 | dst | -| tests.js:107:35:107:42 | dst[key] | tests.js:101:32:101:34 | dst | -| tests.js:107:35:107:42 | dst[key] | tests.js:101:32:101:34 | dst | -| tests.js:107:39:107:41 | key | tests.js:107:35:107:42 | dst[key] | -| tests.js:107:39:107:41 | key | tests.js:107:35:107:42 | dst[key] | -| tests.js:107:45:107:47 | src | tests.js:107:45:107:52 | src[key] | -| tests.js:107:45:107:47 | src | tests.js:107:45:107:52 | src[key] | -| tests.js:107:45:107:52 | src[key] | tests.js:101:37:101:39 | src | -| tests.js:107:45:107:52 | src[key] | tests.js:101:37:101:39 | src | -| tests.js:107:45:107:52 | src[key] | tests.js:101:37:101:39 | src | -| tests.js:107:45:107:52 | src[key] | tests.js:101:37:101:39 | src | -| tests.js:107:45:107:52 | src[key] | tests.js:101:37:101:39 | src | -| tests.js:107:45:107:52 | src[key] | tests.js:101:37:101:39 | src | -| tests.js:107:49:107:51 | key | tests.js:107:45:107:52 | src[key] | -| tests.js:107:49:107:51 | key | tests.js:107:45:107:52 | src[key] | -| tests.js:109:24:109:26 | src | tests.js:109:24:109:31 | src[key] | -| tests.js:109:24:109:26 | src | tests.js:109:24:109:31 | src[key] | -| tests.js:109:24:109:26 | src | tests.js:109:24:109:31 | src[key] | -| tests.js:109:24:109:26 | src | tests.js:109:24:109:31 | src[key] | -| tests.js:109:24:109:31 | src[key] | tests.js:109:24:109:31 | src[key] | -| tests.js:109:28:109:30 | key | tests.js:109:24:109:31 | src[key] | -| tests.js:109:28:109:30 | key | tests.js:109:24:109:31 | src[key] | -| tests.js:109:28:109:30 | key | tests.js:109:24:109:31 | src[key] | -| tests.js:109:28:109:30 | key | tests.js:109:24:109:31 | src[key] | -| tests.js:116:41:116:43 | src | tests.js:119:49:119:51 | src | -| tests.js:116:41:116:43 | src | tests.js:119:49:119:51 | src | -| tests.js:116:41:116:43 | src | tests.js:121:24:121:26 | src | -| tests.js:116:41:116:43 | src | tests.js:121:24:121:26 | src | -| tests.js:117:14:117:16 | key | tests.js:121:17:121:19 | key | -| tests.js:117:14:117:16 | key | tests.js:121:17:121:19 | key | -| tests.js:117:14:117:16 | key | tests.js:121:17:121:19 | key | -| tests.js:117:14:117:16 | key | tests.js:121:17:121:19 | key | -| tests.js:117:14:117:16 | key | tests.js:121:17:121:19 | key | -| tests.js:117:14:117:16 | key | tests.js:121:17:121:19 | key | -| tests.js:117:14:117:16 | key | tests.js:121:17:121:19 | key | -| tests.js:117:14:117:16 | key | tests.js:121:28:121:30 | key | -| tests.js:117:14:117:16 | key | tests.js:121:28:121:30 | key | -| tests.js:117:14:117:16 | key | tests.js:121:28:121:30 | key | -| tests.js:117:14:117:16 | key | tests.js:121:28:121:30 | key | -| tests.js:119:49:119:51 | src | tests.js:119:49:119:56 | src[key] | -| tests.js:119:49:119:51 | src | tests.js:119:49:119:56 | src[key] | -| tests.js:119:49:119:56 | src[key] | tests.js:116:41:116:43 | src | -| tests.js:119:49:119:56 | src[key] | tests.js:116:41:116:43 | src | -| tests.js:119:49:119:56 | src[key] | tests.js:116:41:116:43 | src | -| tests.js:119:49:119:56 | src[key] | tests.js:116:41:116:43 | src | -| tests.js:119:49:119:56 | src[key] | tests.js:116:41:116:43 | src | -| tests.js:119:49:119:56 | src[key] | tests.js:116:41:116:43 | src | -| tests.js:121:24:121:26 | src | tests.js:121:24:121:31 | src[key] | -| tests.js:121:24:121:26 | src | tests.js:121:24:121:31 | src[key] | -| tests.js:121:24:121:26 | src | tests.js:121:24:121:31 | src[key] | -| tests.js:121:24:121:26 | src | tests.js:121:24:121:31 | src[key] | -| tests.js:121:24:121:31 | src[key] | tests.js:121:24:121:31 | src[key] | -| tests.js:121:28:121:30 | key | tests.js:121:24:121:31 | src[key] | -| tests.js:121:28:121:30 | key | tests.js:121:24:121:31 | src[key] | -| tests.js:121:28:121:30 | key | tests.js:121:24:121:31 | src[key] | -| tests.js:121:28:121:30 | key | tests.js:121:24:121:31 | src[key] | -| tests.js:149:31:149:33 | dst | tests.js:152:22:152:24 | dst | -| tests.js:149:31:149:33 | dst | tests.js:152:22:152:24 | dst | -| tests.js:149:31:149:33 | dst | tests.js:152:22:152:24 | dst | -| tests.js:149:31:149:33 | dst | tests.js:152:22:152:24 | dst | -| tests.js:149:31:149:33 | dst | tests.js:154:13:154:15 | dst | -| tests.js:149:31:149:33 | dst | tests.js:154:13:154:15 | dst | -| tests.js:149:31:149:33 | dst | tests.js:154:13:154:15 | dst | -| tests.js:149:31:149:33 | dst | tests.js:154:13:154:15 | dst | -| tests.js:149:31:149:33 | dst | tests.js:154:13:154:15 | dst | -| tests.js:149:31:149:33 | dst | tests.js:154:13:154:15 | dst | -| tests.js:149:31:149:33 | dst | tests.js:154:13:154:15 | dst | -| tests.js:149:31:149:33 | dst | tests.js:154:13:154:15 | dst | -| tests.js:149:36:149:38 | src | tests.js:152:27:152:29 | src | -| tests.js:149:36:149:38 | src | tests.js:152:27:152:29 | src | -| tests.js:149:36:149:38 | src | tests.js:152:27:152:29 | src | -| tests.js:149:36:149:38 | src | tests.js:152:27:152:29 | src | -| tests.js:149:36:149:38 | src | tests.js:154:24:154:26 | src | -| tests.js:149:36:149:38 | src | tests.js:154:24:154:26 | src | -| tests.js:149:36:149:38 | src | tests.js:154:24:154:26 | src | -| tests.js:149:36:149:38 | src | tests.js:154:24:154:26 | src | -| tests.js:150:14:150:16 | key | tests.js:152:32:152:34 | key | -| tests.js:150:14:150:16 | key | tests.js:152:32:152:34 | key | -| tests.js:150:14:150:16 | key | tests.js:152:32:152:34 | key | -| tests.js:150:14:150:16 | key | tests.js:152:32:152:34 | key | -| tests.js:150:14:150:16 | key | tests.js:154:17:154:19 | key | -| tests.js:150:14:150:16 | key | tests.js:154:17:154:19 | key | -| tests.js:150:14:150:16 | key | tests.js:154:17:154:19 | key | -| tests.js:150:14:150:16 | key | tests.js:154:17:154:19 | key | -| tests.js:150:14:150:16 | key | tests.js:154:17:154:19 | key | -| tests.js:150:14:150:16 | key | tests.js:154:17:154:19 | key | -| tests.js:150:14:150:16 | key | tests.js:154:17:154:19 | key | -| tests.js:150:14:150:16 | key | tests.js:154:28:154:30 | key | -| tests.js:150:14:150:16 | key | tests.js:154:28:154:30 | key | -| tests.js:150:14:150:16 | key | tests.js:154:28:154:30 | key | -| tests.js:150:14:150:16 | key | tests.js:154:28:154:30 | key | -| tests.js:152:22:152:24 | dst | tests.js:160:37:160:39 | dst | -| tests.js:152:22:152:24 | dst | tests.js:160:37:160:39 | dst | -| tests.js:152:22:152:24 | dst | tests.js:160:37:160:39 | dst | -| tests.js:152:22:152:24 | dst | tests.js:160:37:160:39 | dst | -| tests.js:152:27:152:29 | src | tests.js:160:42:160:44 | src | -| tests.js:152:27:152:29 | src | tests.js:160:42:160:44 | src | -| tests.js:152:27:152:29 | src | tests.js:160:42:160:44 | src | -| tests.js:152:27:152:29 | src | tests.js:160:42:160:44 | src | -| tests.js:152:32:152:34 | key | tests.js:160:47:160:49 | key | -| tests.js:152:32:152:34 | key | tests.js:160:47:160:49 | key | -| tests.js:152:32:152:34 | key | tests.js:160:47:160:49 | key | -| tests.js:152:32:152:34 | key | tests.js:160:47:160:49 | key | -| tests.js:154:24:154:26 | src | tests.js:154:24:154:31 | src[key] | -| tests.js:154:24:154:26 | src | tests.js:154:24:154:31 | src[key] | -| tests.js:154:24:154:26 | src | tests.js:154:24:154:31 | src[key] | -| tests.js:154:24:154:26 | src | tests.js:154:24:154:31 | src[key] | -| tests.js:154:24:154:26 | src | tests.js:154:24:154:31 | src[key] | -| tests.js:154:24:154:26 | src | tests.js:154:24:154:31 | src[key] | -| tests.js:154:24:154:26 | src | tests.js:154:24:154:31 | src[key] | -| tests.js:154:24:154:26 | src | tests.js:154:24:154:31 | src[key] | -| tests.js:154:24:154:31 | src[key] | tests.js:154:24:154:31 | src[key] | -| tests.js:154:28:154:30 | key | tests.js:154:24:154:31 | src[key] | -| tests.js:154:28:154:30 | key | tests.js:154:24:154:31 | src[key] | -| tests.js:154:28:154:30 | key | tests.js:154:24:154:31 | src[key] | -| tests.js:154:28:154:30 | key | tests.js:154:24:154:31 | src[key] | -| tests.js:159:36:159:38 | dst | tests.js:160:26:160:28 | dst | -| tests.js:159:36:159:38 | dst | tests.js:160:26:160:28 | dst | -| tests.js:159:36:159:38 | dst | tests.js:160:26:160:28 | dst | -| tests.js:159:36:159:38 | dst | tests.js:160:26:160:28 | dst | -| tests.js:159:41:159:43 | src | tests.js:160:31:160:33 | src | -| tests.js:159:41:159:43 | src | tests.js:160:31:160:33 | src | -| tests.js:159:41:159:43 | src | tests.js:160:31:160:33 | src | -| tests.js:159:41:159:43 | src | tests.js:160:31:160:33 | src | -| tests.js:160:26:160:28 | dst | tests.js:149:31:149:33 | dst | -| tests.js:160:26:160:28 | dst | tests.js:149:31:149:33 | dst | -| tests.js:160:26:160:28 | dst | tests.js:149:31:149:33 | dst | -| tests.js:160:26:160:28 | dst | tests.js:149:31:149:33 | dst | -| tests.js:160:26:160:28 | dst | tests.js:160:37:160:39 | dst | -| tests.js:160:26:160:28 | dst | tests.js:160:37:160:39 | dst | -| tests.js:160:26:160:28 | dst | tests.js:160:37:160:39 | dst | -| tests.js:160:26:160:28 | dst | tests.js:160:37:160:39 | dst | -| tests.js:160:31:160:33 | src | tests.js:149:36:149:38 | src | -| tests.js:160:31:160:33 | src | tests.js:149:36:149:38 | src | -| tests.js:160:31:160:33 | src | tests.js:149:36:149:38 | src | -| tests.js:160:31:160:33 | src | tests.js:149:36:149:38 | src | -| tests.js:160:31:160:33 | src | tests.js:160:42:160:44 | src | -| tests.js:160:31:160:33 | src | tests.js:160:42:160:44 | src | -| tests.js:160:31:160:33 | src | tests.js:160:42:160:44 | src | -| tests.js:160:31:160:33 | src | tests.js:160:42:160:44 | src | -| tests.js:160:37:160:39 | dst | tests.js:161:35:161:37 | dst | -| tests.js:160:37:160:39 | dst | tests.js:161:35:161:37 | dst | -| tests.js:160:37:160:39 | dst | tests.js:161:35:161:37 | dst | -| tests.js:160:37:160:39 | dst | tests.js:161:35:161:37 | dst | -| tests.js:160:42:160:44 | src | tests.js:161:45:161:47 | src | -| tests.js:160:42:160:44 | src | tests.js:161:45:161:47 | src | -| tests.js:160:42:160:44 | src | tests.js:161:45:161:47 | src | -| tests.js:160:42:160:44 | src | tests.js:161:45:161:47 | src | -| tests.js:160:47:160:49 | key | tests.js:161:39:161:41 | key | -| tests.js:160:47:160:49 | key | tests.js:161:39:161:41 | key | -| tests.js:160:47:160:49 | key | tests.js:161:39:161:41 | key | -| tests.js:160:47:160:49 | key | tests.js:161:39:161:41 | key | -| tests.js:160:47:160:49 | key | tests.js:161:49:161:51 | key | -| tests.js:160:47:160:49 | key | tests.js:161:49:161:51 | key | -| tests.js:160:47:160:49 | key | tests.js:161:49:161:51 | key | -| tests.js:160:47:160:49 | key | tests.js:161:49:161:51 | key | -| tests.js:161:35:161:37 | dst | tests.js:161:35:161:42 | dst[key] | -| tests.js:161:35:161:37 | dst | tests.js:161:35:161:42 | dst[key] | -| tests.js:161:35:161:37 | dst | tests.js:161:35:161:42 | dst[key] | -| tests.js:161:35:161:37 | dst | tests.js:161:35:161:42 | dst[key] | -| tests.js:161:35:161:42 | dst[key] | tests.js:159:36:159:38 | dst | -| tests.js:161:35:161:42 | dst[key] | tests.js:159:36:159:38 | dst | -| tests.js:161:35:161:42 | dst[key] | tests.js:159:36:159:38 | dst | -| tests.js:161:35:161:42 | dst[key] | tests.js:159:36:159:38 | dst | -| tests.js:161:39:161:41 | key | tests.js:161:35:161:42 | dst[key] | -| tests.js:161:39:161:41 | key | tests.js:161:35:161:42 | dst[key] | -| tests.js:161:39:161:41 | key | tests.js:161:35:161:42 | dst[key] | -| tests.js:161:39:161:41 | key | tests.js:161:35:161:42 | dst[key] | -| tests.js:161:45:161:47 | src | tests.js:161:45:161:52 | src[key] | -| tests.js:161:45:161:47 | src | tests.js:161:45:161:52 | src[key] | -| tests.js:161:45:161:47 | src | tests.js:161:45:161:52 | src[key] | -| tests.js:161:45:161:47 | src | tests.js:161:45:161:52 | src[key] | -| tests.js:161:45:161:52 | src[key] | tests.js:159:41:159:43 | src | -| tests.js:161:45:161:52 | src[key] | tests.js:159:41:159:43 | src | -| tests.js:161:45:161:52 | src[key] | tests.js:159:41:159:43 | src | -| tests.js:161:45:161:52 | src[key] | tests.js:159:41:159:43 | src | -| tests.js:161:49:161:51 | key | tests.js:161:45:161:52 | src[key] | -| tests.js:161:49:161:51 | key | tests.js:161:45:161:52 | src[key] | -| tests.js:161:49:161:51 | key | tests.js:161:45:161:52 | src[key] | -| tests.js:161:49:161:51 | key | tests.js:161:45:161:52 | src[key] | -| tests.js:165:37:165:39 | src | tests.js:169:45:169:47 | src | -| tests.js:165:37:165:39 | src | tests.js:169:45:169:47 | src | -| tests.js:165:37:165:39 | src | tests.js:171:24:171:26 | src | -| tests.js:165:37:165:39 | src | tests.js:171:24:171:26 | src | -| tests.js:166:14:166:16 | key | tests.js:169:49:169:51 | key | -| tests.js:166:14:166:16 | key | tests.js:169:49:169:51 | key | -| tests.js:166:14:166:16 | key | tests.js:169:49:169:51 | key | -| tests.js:166:14:166:16 | key | tests.js:169:49:169:51 | key | -| tests.js:166:14:166:16 | key | tests.js:171:17:171:19 | key | -| tests.js:166:14:166:16 | key | tests.js:171:17:171:19 | key | -| tests.js:166:14:166:16 | key | tests.js:171:17:171:19 | key | -| tests.js:166:14:166:16 | key | tests.js:171:17:171:19 | key | -| tests.js:166:14:166:16 | key | tests.js:171:17:171:19 | key | -| tests.js:166:14:166:16 | key | tests.js:171:17:171:19 | key | -| tests.js:166:14:166:16 | key | tests.js:171:17:171:19 | key | -| tests.js:166:14:166:16 | key | tests.js:171:28:171:30 | key | -| tests.js:166:14:166:16 | key | tests.js:171:28:171:30 | key | -| tests.js:166:14:166:16 | key | tests.js:171:28:171:30 | key | -| tests.js:166:14:166:16 | key | tests.js:171:28:171:30 | key | -| tests.js:169:45:169:47 | src | tests.js:169:45:169:52 | src[key] | -| tests.js:169:45:169:47 | src | tests.js:169:45:169:52 | src[key] | -| tests.js:169:45:169:52 | src[key] | tests.js:165:37:165:39 | src | -| tests.js:169:45:169:52 | src[key] | tests.js:165:37:165:39 | src | -| tests.js:169:45:169:52 | src[key] | tests.js:165:37:165:39 | src | -| tests.js:169:45:169:52 | src[key] | tests.js:165:37:165:39 | src | -| tests.js:169:45:169:52 | src[key] | tests.js:165:37:165:39 | src | -| tests.js:169:45:169:52 | src[key] | tests.js:165:37:165:39 | src | -| tests.js:169:49:169:51 | key | tests.js:169:45:169:52 | src[key] | -| tests.js:169:49:169:51 | key | tests.js:169:45:169:52 | src[key] | -| tests.js:171:24:171:26 | src | tests.js:171:24:171:31 | src[key] | -| tests.js:171:24:171:26 | src | tests.js:171:24:171:31 | src[key] | -| tests.js:171:24:171:26 | src | tests.js:171:24:171:31 | src[key] | -| tests.js:171:24:171:26 | src | tests.js:171:24:171:31 | src[key] | -| tests.js:171:24:171:31 | src[key] | tests.js:171:24:171:31 | src[key] | -| tests.js:171:28:171:30 | key | tests.js:171:24:171:31 | src[key] | -| tests.js:171:28:171:30 | key | tests.js:171:24:171:31 | src[key] | -| tests.js:171:28:171:30 | key | tests.js:171:24:171:31 | src[key] | -| tests.js:171:28:171:30 | key | tests.js:171:24:171:31 | src[key] | -| tests.js:178:33:178:35 | src | tests.js:182:41:182:43 | src | -| tests.js:178:33:178:35 | src | tests.js:182:41:182:43 | src | -| tests.js:178:33:178:35 | src | tests.js:184:24:184:26 | src | -| tests.js:178:33:178:35 | src | tests.js:184:24:184:26 | src | -| tests.js:182:41:182:43 | src | tests.js:182:41:182:48 | src[key] | -| tests.js:182:41:182:43 | src | tests.js:182:41:182:48 | src[key] | -| tests.js:182:41:182:48 | src[key] | tests.js:178:33:178:35 | src | -| tests.js:182:41:182:48 | src[key] | tests.js:178:33:178:35 | src | -| tests.js:182:41:182:48 | src[key] | tests.js:178:33:178:35 | src | -| tests.js:182:41:182:48 | src[key] | tests.js:178:33:178:35 | src | -| tests.js:182:41:182:48 | src[key] | tests.js:178:33:178:35 | src | -| tests.js:182:41:182:48 | src[key] | tests.js:178:33:178:35 | src | -| tests.js:184:24:184:26 | src | tests.js:184:24:184:31 | src[key] | -| tests.js:184:24:184:26 | src | tests.js:184:24:184:31 | src[key] | -| tests.js:184:24:184:26 | src | tests.js:184:24:184:31 | src[key] | -| tests.js:184:24:184:26 | src | tests.js:184:24:184:31 | src[key] | -| tests.js:184:24:184:31 | src[key] | tests.js:184:24:184:31 | src[key] | -| tests.js:189:32:189:34 | dst | tests.js:194:35:194:37 | dst | -| tests.js:189:32:189:34 | dst | tests.js:194:35:194:37 | dst | -| tests.js:189:32:189:34 | dst | tests.js:196:13:196:15 | dst | -| tests.js:189:32:189:34 | dst | tests.js:196:13:196:15 | dst | -| tests.js:189:32:189:34 | dst | tests.js:196:13:196:15 | dst | -| tests.js:189:32:189:34 | dst | tests.js:196:13:196:15 | dst | -| tests.js:189:37:189:39 | src | tests.js:194:45:194:47 | src | -| tests.js:189:37:189:39 | src | tests.js:194:45:194:47 | src | -| tests.js:189:37:189:39 | src | tests.js:196:24:196:26 | src | -| tests.js:189:37:189:39 | src | tests.js:196:24:196:26 | src | -| tests.js:192:13:192:25 | key | tests.js:194:39:194:41 | key | -| tests.js:192:13:192:25 | key | tests.js:194:39:194:41 | key | -| tests.js:192:13:192:25 | key | tests.js:194:49:194:51 | key | -| tests.js:192:13:192:25 | key | tests.js:194:49:194:51 | key | -| tests.js:192:13:192:25 | key | tests.js:196:17:196:19 | key | -| tests.js:192:13:192:25 | key | tests.js:196:17:196:19 | key | -| tests.js:192:13:192:25 | key | tests.js:196:17:196:19 | key | -| tests.js:192:13:192:25 | key | tests.js:196:17:196:19 | key | -| tests.js:192:13:192:25 | key | tests.js:196:28:196:30 | key | -| tests.js:192:13:192:25 | key | tests.js:196:28:196:30 | key | -| tests.js:192:19:192:25 | keys[i] | tests.js:192:13:192:25 | key | -| tests.js:192:19:192:25 | keys[i] | tests.js:192:13:192:25 | key | -| tests.js:192:19:192:25 | keys[i] | tests.js:192:13:192:25 | key | -| tests.js:192:19:192:25 | keys[i] | tests.js:192:13:192:25 | key | -| tests.js:194:35:194:37 | dst | tests.js:194:35:194:42 | dst[key] | -| tests.js:194:35:194:37 | dst | tests.js:194:35:194:42 | dst[key] | -| tests.js:194:35:194:42 | dst[key] | tests.js:189:32:189:34 | dst | -| tests.js:194:35:194:42 | dst[key] | tests.js:189:32:189:34 | dst | -| tests.js:194:35:194:42 | dst[key] | tests.js:189:32:189:34 | dst | -| tests.js:194:35:194:42 | dst[key] | tests.js:189:32:189:34 | dst | -| tests.js:194:39:194:41 | key | tests.js:194:35:194:42 | dst[key] | -| tests.js:194:39:194:41 | key | tests.js:194:35:194:42 | dst[key] | -| tests.js:194:45:194:47 | src | tests.js:194:45:194:52 | src[key] | -| tests.js:194:45:194:47 | src | tests.js:194:45:194:52 | src[key] | -| tests.js:194:45:194:52 | src[key] | tests.js:189:37:189:39 | src | -| tests.js:194:45:194:52 | src[key] | tests.js:189:37:189:39 | src | -| tests.js:194:45:194:52 | src[key] | tests.js:189:37:189:39 | src | -| tests.js:194:45:194:52 | src[key] | tests.js:189:37:189:39 | src | -| tests.js:194:45:194:52 | src[key] | tests.js:189:37:189:39 | src | -| tests.js:194:45:194:52 | src[key] | tests.js:189:37:189:39 | src | -| tests.js:194:49:194:51 | key | tests.js:194:45:194:52 | src[key] | -| tests.js:194:49:194:51 | key | tests.js:194:45:194:52 | src[key] | -| tests.js:196:24:196:26 | src | tests.js:196:24:196:31 | src[key] | -| tests.js:196:24:196:26 | src | tests.js:196:24:196:31 | src[key] | -| tests.js:196:24:196:26 | src | tests.js:196:24:196:31 | src[key] | -| tests.js:196:24:196:26 | src | tests.js:196:24:196:31 | src[key] | -| tests.js:196:24:196:31 | src[key] | tests.js:196:24:196:31 | src[key] | -| tests.js:196:28:196:30 | key | tests.js:196:24:196:31 | src[key] | -| tests.js:196:28:196:30 | key | tests.js:196:24:196:31 | src[key] | -| tests.js:196:28:196:30 | key | tests.js:196:24:196:31 | src[key] | -| tests.js:196:28:196:30 | key | tests.js:196:24:196:31 | src[key] | -| tests.js:201:39:201:41 | dst | tests.js:206:42:206:44 | dst | -| tests.js:201:39:201:41 | dst | tests.js:206:42:206:44 | dst | -| tests.js:201:39:201:41 | dst | tests.js:208:13:208:15 | dst | -| tests.js:201:39:201:41 | dst | tests.js:208:13:208:15 | dst | -| tests.js:201:39:201:41 | dst | tests.js:208:13:208:15 | dst | -| tests.js:201:39:201:41 | dst | tests.js:208:13:208:15 | dst | -| tests.js:201:44:201:46 | src | tests.js:206:56:206:58 | src | -| tests.js:201:44:201:46 | src | tests.js:206:56:206:58 | src | -| tests.js:201:44:201:46 | src | tests.js:208:28:208:30 | src | -| tests.js:201:44:201:46 | src | tests.js:208:28:208:30 | src | -| tests.js:206:42:206:44 | dst | tests.js:206:42:206:53 | dst[keys[i]] | -| tests.js:206:42:206:44 | dst | tests.js:206:42:206:53 | dst[keys[i]] | -| tests.js:206:42:206:53 | dst[keys[i]] | tests.js:201:39:201:41 | dst | -| tests.js:206:42:206:53 | dst[keys[i]] | tests.js:201:39:201:41 | dst | -| tests.js:206:42:206:53 | dst[keys[i]] | tests.js:201:39:201:41 | dst | -| tests.js:206:42:206:53 | dst[keys[i]] | tests.js:201:39:201:41 | dst | -| tests.js:206:46:206:52 | keys[i] | tests.js:206:42:206:53 | dst[keys[i]] | -| tests.js:206:46:206:52 | keys[i] | tests.js:206:42:206:53 | dst[keys[i]] | -| tests.js:206:46:206:52 | keys[i] | tests.js:206:42:206:53 | dst[keys[i]] | -| tests.js:206:46:206:52 | keys[i] | tests.js:206:42:206:53 | dst[keys[i]] | -| tests.js:206:56:206:58 | src | tests.js:206:56:206:67 | src[keys[i]] | -| tests.js:206:56:206:58 | src | tests.js:206:56:206:67 | src[keys[i]] | -| tests.js:206:56:206:67 | src[keys[i]] | tests.js:201:44:201:46 | src | -| tests.js:206:56:206:67 | src[keys[i]] | tests.js:201:44:201:46 | src | -| tests.js:206:56:206:67 | src[keys[i]] | tests.js:201:44:201:46 | src | -| tests.js:206:56:206:67 | src[keys[i]] | tests.js:201:44:201:46 | src | -| tests.js:206:56:206:67 | src[keys[i]] | tests.js:201:44:201:46 | src | -| tests.js:206:56:206:67 | src[keys[i]] | tests.js:201:44:201:46 | src | -| tests.js:206:60:206:66 | keys[i] | tests.js:206:56:206:67 | src[keys[i]] | -| tests.js:206:60:206:66 | keys[i] | tests.js:206:56:206:67 | src[keys[i]] | -| tests.js:206:60:206:66 | keys[i] | tests.js:206:56:206:67 | src[keys[i]] | -| tests.js:206:60:206:66 | keys[i] | tests.js:206:56:206:67 | src[keys[i]] | -| tests.js:208:17:208:23 | keys[i] | tests.js:208:17:208:23 | keys[i] | -| tests.js:208:28:208:30 | src | tests.js:208:28:208:39 | src[keys[i]] | -| tests.js:208:28:208:30 | src | tests.js:208:28:208:39 | src[keys[i]] | -| tests.js:208:28:208:30 | src | tests.js:208:28:208:39 | src[keys[i]] | -| tests.js:208:28:208:30 | src | tests.js:208:28:208:39 | src[keys[i]] | -| tests.js:208:28:208:39 | src[keys[i]] | tests.js:208:28:208:39 | src[keys[i]] | -| tests.js:208:32:208:38 | keys[i] | tests.js:208:28:208:39 | src[keys[i]] | -| tests.js:208:32:208:38 | keys[i] | tests.js:208:28:208:39 | src[keys[i]] | -| tests.js:208:32:208:38 | keys[i] | tests.js:208:28:208:39 | src[keys[i]] | -| tests.js:208:32:208:38 | keys[i] | tests.js:208:28:208:39 | src[keys[i]] | -| tests.js:208:32:208:38 | keys[i] | tests.js:208:28:208:39 | src[keys[i]] | -| tests.js:208:32:208:38 | keys[i] | tests.js:208:28:208:39 | src[keys[i]] | -| tests.js:208:32:208:38 | keys[i] | tests.js:208:28:208:39 | src[keys[i]] | -| tests.js:213:23:213:26 | key1 | tests.js:217:9:217:12 | key1 | -| tests.js:213:23:213:26 | key1 | tests.js:217:9:217:12 | key1 | -| tests.js:213:29:213:32 | key2 | tests.js:217:15:217:18 | key2 | -| tests.js:213:29:213:32 | key2 | tests.js:217:15:217:18 | key2 | -| tests.js:213:29:213:32 | key2 | tests.js:217:15:217:18 | key2 | -| tests.js:213:29:213:32 | key2 | tests.js:217:15:217:18 | key2 | -| tests.js:213:35:213:39 | value | tests.js:217:23:217:27 | value | -| tests.js:213:35:213:39 | value | tests.js:217:23:217:27 | value | -| tests.js:213:35:213:39 | value | tests.js:217:23:217:27 | value | -| tests.js:213:35:213:39 | value | tests.js:217:23:217:27 | value | -| tests.js:217:9:217:12 | key1 | tests.js:217:5:217:13 | map[key1] | -| tests.js:217:9:217:12 | key1 | tests.js:217:5:217:13 | map[key1] | -| tests.js:217:9:217:12 | key1 | tests.js:217:5:217:13 | map[key1] | -| tests.js:217:9:217:12 | key1 | tests.js:217:5:217:13 | map[key1] | -| tests.js:223:14:223:16 | key | tests.js:224:23:224:25 | key | -| tests.js:223:14:223:16 | key | tests.js:224:23:224:25 | key | -| tests.js:223:14:223:16 | key | tests.js:224:23:224:25 | key | -| tests.js:223:14:223:16 | key | tests.js:224:23:224:25 | key | -| tests.js:223:14:223:16 | key | tests.js:224:38:224:40 | key | -| tests.js:223:14:223:16 | key | tests.js:224:38:224:40 | key | -| tests.js:223:14:223:16 | key | tests.js:224:38:224:40 | key | -| tests.js:223:14:223:16 | key | tests.js:224:38:224:40 | key | -| tests.js:223:14:223:16 | key | tests.js:225:28:225:30 | key | -| tests.js:223:14:223:16 | key | tests.js:225:28:225:30 | key | -| tests.js:223:14:223:16 | key | tests.js:225:28:225:30 | key | -| tests.js:223:14:223:16 | key | tests.js:225:28:225:30 | key | -| tests.js:223:14:223:16 | key | tests.js:225:38:225:40 | key | -| tests.js:223:14:223:16 | key | tests.js:225:38:225:40 | key | -| tests.js:223:14:223:16 | key | tests.js:225:38:225:40 | key | -| tests.js:223:14:223:16 | key | tests.js:225:38:225:40 | key | -| tests.js:224:23:224:25 | key | tests.js:213:23:213:26 | key1 | -| tests.js:224:23:224:25 | key | tests.js:213:23:213:26 | key1 | -| tests.js:224:33:224:41 | data[key] | tests.js:213:35:213:39 | value | -| tests.js:224:33:224:41 | data[key] | tests.js:213:35:213:39 | value | -| tests.js:224:33:224:41 | data[key] | tests.js:213:35:213:39 | value | -| tests.js:224:33:224:41 | data[key] | tests.js:213:35:213:39 | value | -| tests.js:224:38:224:40 | key | tests.js:224:33:224:41 | data[key] | -| tests.js:224:38:224:40 | key | tests.js:224:33:224:41 | data[key] | -| tests.js:225:28:225:30 | key | tests.js:213:29:213:32 | key2 | -| tests.js:225:28:225:30 | key | tests.js:213:29:213:32 | key2 | -| tests.js:225:33:225:41 | data[key] | tests.js:213:35:213:39 | value | -| tests.js:225:33:225:41 | data[key] | tests.js:213:35:213:39 | value | -| tests.js:225:33:225:41 | data[key] | tests.js:213:35:213:39 | value | -| tests.js:225:33:225:41 | data[key] | tests.js:213:35:213:39 | value | -| tests.js:225:38:225:40 | key | tests.js:225:33:225:41 | data[key] | -| tests.js:225:38:225:40 | key | tests.js:225:33:225:41 | data[key] | -| tests.js:229:26:229:29 | key1 | tests.js:233:9:233:12 | key1 | -| tests.js:229:26:229:29 | key1 | tests.js:233:9:233:12 | key1 | -| tests.js:229:32:229:35 | key2 | tests.js:233:15:233:18 | key2 | -| tests.js:229:32:229:35 | key2 | tests.js:233:15:233:18 | key2 | -| tests.js:229:32:229:35 | key2 | tests.js:233:15:233:18 | key2 | -| tests.js:229:32:229:35 | key2 | tests.js:233:15:233:18 | key2 | -| tests.js:229:38:229:42 | value | tests.js:233:23:233:27 | value | -| tests.js:229:38:229:42 | value | tests.js:233:23:233:27 | value | -| tests.js:229:38:229:42 | value | tests.js:233:23:233:27 | value | -| tests.js:229:38:229:42 | value | tests.js:233:23:233:27 | value | -| tests.js:233:9:233:12 | key1 | tests.js:233:5:233:13 | map[key1] | -| tests.js:233:9:233:12 | key1 | tests.js:233:5:233:13 | map[key1] | -| tests.js:233:9:233:12 | key1 | tests.js:233:5:233:13 | map[key1] | -| tests.js:233:9:233:12 | key1 | tests.js:233:5:233:13 | map[key1] | -| tests.js:238:14:238:16 | key | tests.js:239:24:239:26 | key | -| tests.js:238:14:238:16 | key | tests.js:239:24:239:26 | key | -| tests.js:238:14:238:16 | key | tests.js:239:24:239:26 | key | -| tests.js:238:14:238:16 | key | tests.js:239:24:239:26 | key | -| tests.js:238:14:238:16 | key | tests.js:239:39:239:41 | key | -| tests.js:238:14:238:16 | key | tests.js:239:39:239:41 | key | -| tests.js:238:14:238:16 | key | tests.js:239:39:239:41 | key | -| tests.js:238:14:238:16 | key | tests.js:239:39:239:41 | key | -| tests.js:238:14:238:16 | key | tests.js:240:31:240:33 | key | -| tests.js:238:14:238:16 | key | tests.js:240:31:240:33 | key | -| tests.js:238:14:238:16 | key | tests.js:240:31:240:33 | key | -| tests.js:238:14:238:16 | key | tests.js:240:31:240:33 | key | -| tests.js:238:14:238:16 | key | tests.js:240:41:240:43 | key | -| tests.js:238:14:238:16 | key | tests.js:240:41:240:43 | key | -| tests.js:238:14:238:16 | key | tests.js:240:41:240:43 | key | -| tests.js:238:14:238:16 | key | tests.js:240:41:240:43 | key | -| tests.js:239:24:239:26 | key | tests.js:229:26:229:29 | key1 | -| tests.js:239:24:239:26 | key | tests.js:229:26:229:29 | key1 | -| tests.js:239:34:239:42 | data[key] | tests.js:229:38:229:42 | value | -| tests.js:239:34:239:42 | data[key] | tests.js:229:38:229:42 | value | -| tests.js:239:34:239:42 | data[key] | tests.js:229:38:229:42 | value | -| tests.js:239:34:239:42 | data[key] | tests.js:229:38:229:42 | value | -| tests.js:239:39:239:41 | key | tests.js:239:34:239:42 | data[key] | -| tests.js:239:39:239:41 | key | tests.js:239:34:239:42 | data[key] | -| tests.js:240:31:240:33 | key | tests.js:229:32:229:35 | key2 | -| tests.js:240:31:240:33 | key | tests.js:229:32:229:35 | key2 | -| tests.js:240:36:240:44 | data[key] | tests.js:229:38:229:42 | value | -| tests.js:240:36:240:44 | data[key] | tests.js:229:38:229:42 | value | -| tests.js:240:36:240:44 | data[key] | tests.js:229:38:229:42 | value | -| tests.js:240:36:240:44 | data[key] | tests.js:229:38:229:42 | value | -| tests.js:240:41:240:43 | key | tests.js:240:36:240:44 | data[key] | -| tests.js:240:41:240:43 | key | tests.js:240:36:240:44 | data[key] | -| tests.js:263:27:263:29 | dst | tests.js:268:30:268:32 | dst | -| tests.js:263:27:263:29 | dst | tests.js:268:30:268:32 | dst | -| tests.js:263:27:263:29 | dst | tests.js:270:13:270:15 | dst | -| tests.js:263:27:263:29 | dst | tests.js:270:13:270:15 | dst | -| tests.js:263:27:263:29 | dst | tests.js:270:13:270:15 | dst | -| tests.js:263:27:263:29 | dst | tests.js:270:13:270:15 | dst | -| tests.js:265:13:265:26 | key | tests.js:268:34:268:36 | key | -| tests.js:265:13:265:26 | key | tests.js:268:34:268:36 | key | -| tests.js:265:13:265:26 | key | tests.js:270:17:270:19 | key | -| tests.js:265:13:265:26 | key | tests.js:270:17:270:19 | key | -| tests.js:265:13:265:26 | key | tests.js:270:17:270:19 | key | -| tests.js:265:13:265:26 | key | tests.js:270:17:270:19 | key | -| tests.js:265:19:265:26 | entry[0] | tests.js:265:13:265:26 | key | -| tests.js:265:19:265:26 | entry[0] | tests.js:265:13:265:26 | key | -| tests.js:265:19:265:26 | entry[0] | tests.js:265:13:265:26 | key | -| tests.js:265:19:265:26 | entry[0] | tests.js:265:13:265:26 | key | -| tests.js:266:13:266:28 | value | tests.js:270:24:270:28 | value | -| tests.js:266:13:266:28 | value | tests.js:270:24:270:28 | value | -| tests.js:266:13:266:28 | value | tests.js:270:24:270:28 | value | -| tests.js:266:13:266:28 | value | tests.js:270:24:270:28 | value | -| tests.js:266:21:266:28 | entry[1] | tests.js:266:13:266:28 | value | -| tests.js:266:21:266:28 | entry[1] | tests.js:266:13:266:28 | value | -| tests.js:266:21:266:28 | entry[1] | tests.js:266:13:266:28 | value | -| tests.js:266:21:266:28 | entry[1] | tests.js:266:13:266:28 | value | -| tests.js:268:30:268:32 | dst | tests.js:268:30:268:37 | dst[key] | -| tests.js:268:30:268:32 | dst | tests.js:268:30:268:37 | dst[key] | -| tests.js:268:30:268:37 | dst[key] | tests.js:263:27:263:29 | dst | -| tests.js:268:30:268:37 | dst[key] | tests.js:263:27:263:29 | dst | -| tests.js:268:30:268:37 | dst[key] | tests.js:263:27:263:29 | dst | -| tests.js:268:30:268:37 | dst[key] | tests.js:263:27:263:29 | dst | -| tests.js:268:34:268:36 | key | tests.js:268:30:268:37 | dst[key] | -| tests.js:268:34:268:36 | key | tests.js:268:30:268:37 | dst[key] | -| tests.js:275:27:275:29 | dst | tests.js:278:30:278:32 | dst | -| tests.js:275:27:275:29 | dst | tests.js:278:30:278:32 | dst | -| tests.js:275:27:275:29 | dst | tests.js:280:13:280:15 | dst | -| tests.js:275:27:275:29 | dst | tests.js:280:13:280:15 | dst | -| tests.js:275:27:275:29 | dst | tests.js:280:13:280:15 | dst | -| tests.js:275:27:275:29 | dst | tests.js:280:13:280:15 | dst | -| tests.js:275:32:275:34 | src | tests.js:278:40:278:42 | src | -| tests.js:275:32:275:34 | src | tests.js:278:40:278:42 | src | -| tests.js:275:32:275:34 | src | tests.js:280:24:280:26 | src | -| tests.js:275:32:275:34 | src | tests.js:280:24:280:26 | src | -| tests.js:276:34:276:36 | key | tests.js:278:34:278:36 | key | -| tests.js:276:34:276:36 | key | tests.js:278:34:278:36 | key | -| tests.js:276:34:276:36 | key | tests.js:278:34:278:36 | key | -| tests.js:276:34:276:36 | key | tests.js:278:34:278:36 | key | -| tests.js:276:34:276:36 | key | tests.js:278:44:278:46 | key | -| tests.js:276:34:276:36 | key | tests.js:278:44:278:46 | key | -| tests.js:276:34:276:36 | key | tests.js:278:44:278:46 | key | -| tests.js:276:34:276:36 | key | tests.js:278:44:278:46 | key | -| tests.js:276:34:276:36 | key | tests.js:280:17:280:19 | key | -| tests.js:276:34:276:36 | key | tests.js:280:17:280:19 | key | -| tests.js:276:34:276:36 | key | tests.js:280:17:280:19 | key | -| tests.js:276:34:276:36 | key | tests.js:280:17:280:19 | key | -| tests.js:276:34:276:36 | key | tests.js:280:17:280:19 | key | -| tests.js:276:34:276:36 | key | tests.js:280:17:280:19 | key | -| tests.js:276:34:276:36 | key | tests.js:280:17:280:19 | key | -| tests.js:276:34:276:36 | key | tests.js:280:28:280:30 | key | -| tests.js:276:34:276:36 | key | tests.js:280:28:280:30 | key | -| tests.js:276:34:276:36 | key | tests.js:280:28:280:30 | key | -| tests.js:276:34:276:36 | key | tests.js:280:28:280:30 | key | -| tests.js:278:30:278:32 | dst | tests.js:278:30:278:37 | dst[key] | -| tests.js:278:30:278:32 | dst | tests.js:278:30:278:37 | dst[key] | -| tests.js:278:30:278:37 | dst[key] | tests.js:275:27:275:29 | dst | -| tests.js:278:30:278:37 | dst[key] | tests.js:275:27:275:29 | dst | -| tests.js:278:30:278:37 | dst[key] | tests.js:275:27:275:29 | dst | -| tests.js:278:30:278:37 | dst[key] | tests.js:275:27:275:29 | dst | -| tests.js:278:34:278:36 | key | tests.js:278:30:278:37 | dst[key] | -| tests.js:278:34:278:36 | key | tests.js:278:30:278:37 | dst[key] | -| tests.js:278:40:278:42 | src | tests.js:278:40:278:47 | src[key] | -| tests.js:278:40:278:42 | src | tests.js:278:40:278:47 | src[key] | -| tests.js:278:40:278:47 | src[key] | tests.js:275:32:275:34 | src | -| tests.js:278:40:278:47 | src[key] | tests.js:275:32:275:34 | src | -| tests.js:278:40:278:47 | src[key] | tests.js:275:32:275:34 | src | -| tests.js:278:40:278:47 | src[key] | tests.js:275:32:275:34 | src | -| tests.js:278:40:278:47 | src[key] | tests.js:275:32:275:34 | src | -| tests.js:278:40:278:47 | src[key] | tests.js:275:32:275:34 | src | -| tests.js:278:44:278:46 | key | tests.js:278:40:278:47 | src[key] | -| tests.js:278:44:278:46 | key | tests.js:278:40:278:47 | src[key] | -| tests.js:280:24:280:26 | src | tests.js:280:24:280:31 | src[key] | -| tests.js:280:24:280:26 | src | tests.js:280:24:280:31 | src[key] | -| tests.js:280:24:280:26 | src | tests.js:280:24:280:31 | src[key] | -| tests.js:280:24:280:26 | src | tests.js:280:24:280:31 | src[key] | -| tests.js:280:24:280:31 | src[key] | tests.js:280:24:280:31 | src[key] | -| tests.js:280:28:280:30 | key | tests.js:280:24:280:31 | src[key] | -| tests.js:280:28:280:30 | key | tests.js:280:24:280:31 | src[key] | -| tests.js:280:28:280:30 | key | tests.js:280:24:280:31 | src[key] | -| tests.js:280:28:280:30 | key | tests.js:280:24:280:31 | src[key] | -| tests.js:301:27:301:29 | dst | tests.js:306:34:306:36 | dst | -| tests.js:301:27:301:29 | dst | tests.js:306:34:306:36 | dst | -| tests.js:301:27:301:29 | dst | tests.js:308:17:308:19 | dst | -| tests.js:301:27:301:29 | dst | tests.js:308:17:308:19 | dst | -| tests.js:301:27:301:29 | dst | tests.js:308:17:308:19 | dst | -| tests.js:301:27:301:29 | dst | tests.js:308:17:308:19 | dst | -| tests.js:301:32:301:34 | src | tests.js:304:25:304:27 | src | -| tests.js:302:14:302:16 | key | tests.js:304:29:304:31 | key | -| tests.js:302:14:302:16 | key | tests.js:304:29:304:31 | key | -| tests.js:302:14:302:16 | key | tests.js:304:29:304:31 | key | -| tests.js:302:14:302:16 | key | tests.js:304:29:304:31 | key | -| tests.js:302:14:302:16 | key | tests.js:306:38:306:40 | key | -| tests.js:302:14:302:16 | key | tests.js:306:38:306:40 | key | -| tests.js:302:14:302:16 | key | tests.js:306:38:306:40 | key | -| tests.js:302:14:302:16 | key | tests.js:306:38:306:40 | key | -| tests.js:302:14:302:16 | key | tests.js:308:21:308:23 | key | -| tests.js:302:14:302:16 | key | tests.js:308:21:308:23 | key | -| tests.js:302:14:302:16 | key | tests.js:308:21:308:23 | key | -| tests.js:302:14:302:16 | key | tests.js:308:21:308:23 | key | -| tests.js:302:14:302:16 | key | tests.js:308:21:308:23 | key | -| tests.js:302:14:302:16 | key | tests.js:308:21:308:23 | key | -| tests.js:302:14:302:16 | key | tests.js:308:21:308:23 | key | -| tests.js:304:17:304:32 | value | tests.js:306:44:306:48 | value | -| tests.js:304:17:304:32 | value | tests.js:306:44:306:48 | value | -| tests.js:304:17:304:32 | value | tests.js:308:28:308:32 | value | -| tests.js:304:17:304:32 | value | tests.js:308:28:308:32 | value | -| tests.js:304:17:304:32 | value | tests.js:308:28:308:32 | value | -| tests.js:304:17:304:32 | value | tests.js:308:28:308:32 | value | -| tests.js:304:17:304:32 | value | tests.js:308:28:308:32 | value | -| tests.js:304:17:304:32 | value | tests.js:308:28:308:32 | value | -| tests.js:304:25:304:27 | src | tests.js:304:25:304:32 | src[key] | -| tests.js:304:25:304:32 | src[key] | tests.js:304:17:304:32 | value | -| tests.js:304:25:304:32 | src[key] | tests.js:304:17:304:32 | value | -| tests.js:304:25:304:32 | src[key] | tests.js:304:17:304:32 | value | -| tests.js:304:25:304:32 | src[key] | tests.js:304:17:304:32 | value | -| tests.js:304:25:304:32 | src[key] | tests.js:304:17:304:32 | value | -| tests.js:304:29:304:31 | key | tests.js:304:25:304:32 | src[key] | -| tests.js:304:29:304:31 | key | tests.js:304:25:304:32 | src[key] | -| tests.js:306:34:306:36 | dst | tests.js:306:34:306:41 | dst[key] | -| tests.js:306:34:306:36 | dst | tests.js:306:34:306:41 | dst[key] | -| tests.js:306:34:306:41 | dst[key] | tests.js:301:27:301:29 | dst | -| tests.js:306:34:306:41 | dst[key] | tests.js:301:27:301:29 | dst | -| tests.js:306:34:306:41 | dst[key] | tests.js:301:27:301:29 | dst | -| tests.js:306:34:306:41 | dst[key] | tests.js:301:27:301:29 | dst | -| tests.js:306:38:306:40 | key | tests.js:306:34:306:41 | dst[key] | -| tests.js:306:38:306:40 | key | tests.js:306:34:306:41 | dst[key] | -| tests.js:306:44:306:48 | value | tests.js:301:32:301:34 | src | -| tests.js:306:44:306:48 | value | tests.js:301:32:301:34 | src | -| tests.js:314:31:314:33 | dst | tests.js:320:38:320:40 | dst | -| tests.js:314:31:314:33 | dst | tests.js:320:38:320:40 | dst | -| tests.js:314:31:314:33 | dst | tests.js:322:17:322:19 | dst | -| tests.js:314:31:314:33 | dst | tests.js:322:17:322:19 | dst | -| tests.js:314:31:314:33 | dst | tests.js:322:17:322:19 | dst | -| tests.js:314:31:314:33 | dst | tests.js:322:17:322:19 | dst | -| tests.js:314:36:314:38 | src | tests.js:318:25:318:27 | src | -| tests.js:315:14:315:16 | key | tests.js:318:29:318:31 | key | -| tests.js:315:14:315:16 | key | tests.js:318:29:318:31 | key | -| tests.js:315:14:315:16 | key | tests.js:318:29:318:31 | key | -| tests.js:315:14:315:16 | key | tests.js:318:29:318:31 | key | -| tests.js:315:14:315:16 | key | tests.js:320:42:320:44 | key | -| tests.js:315:14:315:16 | key | tests.js:320:42:320:44 | key | -| tests.js:315:14:315:16 | key | tests.js:320:42:320:44 | key | -| tests.js:315:14:315:16 | key | tests.js:320:42:320:44 | key | -| tests.js:315:14:315:16 | key | tests.js:322:21:322:23 | key | -| tests.js:315:14:315:16 | key | tests.js:322:21:322:23 | key | -| tests.js:315:14:315:16 | key | tests.js:322:21:322:23 | key | -| tests.js:315:14:315:16 | key | tests.js:322:21:322:23 | key | -| tests.js:315:14:315:16 | key | tests.js:322:21:322:23 | key | -| tests.js:315:14:315:16 | key | tests.js:322:21:322:23 | key | -| tests.js:315:14:315:16 | key | tests.js:322:21:322:23 | key | -| tests.js:318:17:318:32 | value | tests.js:320:48:320:52 | value | -| tests.js:318:17:318:32 | value | tests.js:320:48:320:52 | value | -| tests.js:318:17:318:32 | value | tests.js:322:28:322:32 | value | -| tests.js:318:17:318:32 | value | tests.js:322:28:322:32 | value | -| tests.js:318:17:318:32 | value | tests.js:322:28:322:32 | value | -| tests.js:318:17:318:32 | value | tests.js:322:28:322:32 | value | -| tests.js:318:17:318:32 | value | tests.js:322:28:322:32 | value | -| tests.js:318:17:318:32 | value | tests.js:322:28:322:32 | value | -| tests.js:318:25:318:27 | src | tests.js:318:25:318:32 | src[key] | -| tests.js:318:25:318:32 | src[key] | tests.js:318:17:318:32 | value | -| tests.js:318:25:318:32 | src[key] | tests.js:318:17:318:32 | value | -| tests.js:318:25:318:32 | src[key] | tests.js:318:17:318:32 | value | -| tests.js:318:25:318:32 | src[key] | tests.js:318:17:318:32 | value | -| tests.js:318:25:318:32 | src[key] | tests.js:318:17:318:32 | value | -| tests.js:318:29:318:31 | key | tests.js:318:25:318:32 | src[key] | -| tests.js:318:29:318:31 | key | tests.js:318:25:318:32 | src[key] | -| tests.js:320:38:320:40 | dst | tests.js:320:38:320:45 | dst[key] | -| tests.js:320:38:320:40 | dst | tests.js:320:38:320:45 | dst[key] | -| tests.js:320:38:320:45 | dst[key] | tests.js:314:31:314:33 | dst | -| tests.js:320:38:320:45 | dst[key] | tests.js:314:31:314:33 | dst | -| tests.js:320:38:320:45 | dst[key] | tests.js:314:31:314:33 | dst | -| tests.js:320:38:320:45 | dst[key] | tests.js:314:31:314:33 | dst | -| tests.js:320:42:320:44 | key | tests.js:320:38:320:45 | dst[key] | -| tests.js:320:42:320:44 | key | tests.js:320:38:320:45 | dst[key] | -| tests.js:320:48:320:52 | value | tests.js:314:36:314:38 | src | -| tests.js:320:48:320:52 | value | tests.js:314:36:314:38 | src | -| tests.js:328:30:328:32 | src | tests.js:336:42:336:44 | src | -| tests.js:328:30:328:32 | src | tests.js:336:42:336:44 | src | -| tests.js:328:30:328:32 | src | tests.js:338:28:338:30 | src | -| tests.js:328:30:328:32 | src | tests.js:338:28:338:30 | src | -| tests.js:336:42:336:44 | src | tests.js:336:42:336:49 | src[key] | -| tests.js:336:42:336:44 | src | tests.js:336:42:336:49 | src[key] | -| tests.js:336:42:336:49 | src[key] | tests.js:328:30:328:32 | src | -| tests.js:336:42:336:49 | src[key] | tests.js:328:30:328:32 | src | -| tests.js:336:42:336:49 | src[key] | tests.js:328:30:328:32 | src | -| tests.js:336:42:336:49 | src[key] | tests.js:328:30:328:32 | src | -| tests.js:336:42:336:49 | src[key] | tests.js:328:30:328:32 | src | -| tests.js:336:42:336:49 | src[key] | tests.js:328:30:328:32 | src | -| tests.js:338:28:338:30 | src | tests.js:338:28:338:35 | src[key] | -| tests.js:338:28:338:30 | src | tests.js:338:28:338:35 | src[key] | -| tests.js:338:28:338:30 | src | tests.js:338:28:338:35 | src[key] | -| tests.js:338:28:338:30 | src | tests.js:338:28:338:35 | src[key] | -| tests.js:338:28:338:35 | src[key] | tests.js:338:28:338:35 | src[key] | -| tests.js:348:32:348:37 | target | tests.js:355:17:355:22 | target | -| tests.js:348:32:348:37 | target | tests.js:355:17:355:22 | target | -| tests.js:348:32:348:37 | target | tests.js:355:53:355:58 | target | -| tests.js:348:32:348:37 | target | tests.js:357:17:357:22 | target | -| tests.js:348:32:348:37 | target | tests.js:357:17:357:22 | target | -| tests.js:348:40:348:45 | source | tests.js:355:66:355:71 | source | -| tests.js:348:40:348:45 | source | tests.js:357:31:357:36 | source | -| tests.js:350:37:350:39 | key | tests.js:355:24:355:26 | key | -| tests.js:350:37:350:39 | key | tests.js:355:24:355:26 | key | -| tests.js:350:37:350:39 | key | tests.js:355:24:355:26 | key | -| tests.js:350:37:350:39 | key | tests.js:355:24:355:26 | key | -| tests.js:350:37:350:39 | key | tests.js:355:60:355:62 | key | -| tests.js:350:37:350:39 | key | tests.js:355:60:355:62 | key | -| tests.js:350:37:350:39 | key | tests.js:357:24:357:26 | key | -| tests.js:350:37:350:39 | key | tests.js:357:24:357:26 | key | -| tests.js:350:37:350:39 | key | tests.js:357:24:357:26 | key | -| tests.js:350:37:350:39 | key | tests.js:357:24:357:26 | key | -| tests.js:350:37:350:39 | key | tests.js:357:38:357:40 | key | -| tests.js:350:37:350:39 | key | tests.js:357:38:357:40 | key | -| tests.js:355:53:355:58 | target | tests.js:355:53:355:63 | target[key] | -| tests.js:355:53:355:63 | target[key] | tests.js:348:32:348:37 | target | -| tests.js:355:53:355:63 | target[key] | tests.js:348:32:348:37 | target | -| tests.js:355:53:355:63 | target[key] | tests.js:355:31:355:86 | mergePl ... ptions) | -| tests.js:355:53:355:63 | target[key] | tests.js:355:31:355:86 | mergePl ... ptions) | -| tests.js:355:53:355:63 | target[key] | tests.js:355:31:355:86 | mergePl ... ptions) | -| tests.js:355:53:355:63 | target[key] | tests.js:355:31:355:86 | mergePl ... ptions) | -| tests.js:355:60:355:62 | key | tests.js:355:53:355:63 | target[key] | -| tests.js:355:66:355:71 | source | tests.js:355:66:355:76 | source[key] | -| tests.js:355:66:355:76 | source[key] | tests.js:348:40:348:45 | source | -| tests.js:355:66:355:76 | source[key] | tests.js:348:40:348:45 | source | -| tests.js:355:66:355:76 | source[key] | tests.js:348:40:348:45 | source | -| tests.js:357:31:357:36 | source | tests.js:357:31:357:41 | source[key] | -| tests.js:357:31:357:36 | source | tests.js:357:31:357:41 | source[key] | -| tests.js:357:31:357:41 | source[key] | tests.js:357:31:357:41 | source[key] | -| tests.js:357:38:357:40 | key | tests.js:357:31:357:41 | source[key] | -| tests.js:357:38:357:40 | key | tests.js:357:31:357:41 | source[key] | -| tests.js:364:49:364:54 | source | tests.js:371:75:371:80 | source | -| tests.js:364:49:364:54 | source | tests.js:373:31:373:36 | source | -| tests.js:366:18:366:20 | key | tests.js:371:24:371:26 | key | -| tests.js:366:18:366:20 | key | tests.js:371:24:371:26 | key | -| tests.js:366:18:366:20 | key | tests.js:371:24:371:26 | key | -| tests.js:366:18:366:20 | key | tests.js:371:24:371:26 | key | -| tests.js:366:18:366:20 | key | tests.js:371:69:371:71 | key | -| tests.js:366:18:366:20 | key | tests.js:371:69:371:71 | key | -| tests.js:366:18:366:20 | key | tests.js:373:24:373:26 | key | -| tests.js:366:18:366:20 | key | tests.js:373:24:373:26 | key | -| tests.js:366:18:366:20 | key | tests.js:373:24:373:26 | key | -| tests.js:366:18:366:20 | key | tests.js:373:24:373:26 | key | -| tests.js:366:18:366:20 | key | tests.js:373:38:373:40 | key | -| tests.js:366:18:366:20 | key | tests.js:373:38:373:40 | key | -| tests.js:371:62:371:72 | target[key] | tests.js:371:31:371:95 | mergePl ... ptions) | -| tests.js:371:62:371:72 | target[key] | tests.js:371:31:371:95 | mergePl ... ptions) | -| tests.js:371:69:371:71 | key | tests.js:371:62:371:72 | target[key] | -| tests.js:371:75:371:80 | source | tests.js:371:75:371:85 | source[key] | -| tests.js:371:75:371:85 | source[key] | tests.js:364:49:364:54 | source | -| tests.js:371:75:371:85 | source[key] | tests.js:364:49:364:54 | source | -| tests.js:371:75:371:85 | source[key] | tests.js:364:49:364:54 | source | -| tests.js:373:31:373:36 | source | tests.js:373:31:373:41 | source[key] | -| tests.js:373:31:373:36 | source | tests.js:373:31:373:41 | source[key] | -| tests.js:373:31:373:41 | source[key] | tests.js:373:31:373:41 | source[key] | -| tests.js:373:38:373:40 | key | tests.js:373:31:373:41 | source[key] | -| tests.js:373:38:373:40 | key | tests.js:373:31:373:41 | source[key] | -| tests.js:381:14:381:16 | key | tests.js:383:22:383:24 | key | -| tests.js:381:14:381:16 | key | tests.js:383:22:383:24 | key | -| tests.js:381:14:381:16 | key | tests.js:383:22:383:24 | key | -| tests.js:381:14:381:16 | key | tests.js:383:22:383:24 | key | -| tests.js:381:14:381:16 | key | tests.js:383:31:383:33 | key | -| tests.js:381:14:381:16 | key | tests.js:383:31:383:33 | key | -| tests.js:381:14:381:16 | key | tests.js:383:31:383:33 | key | -| tests.js:381:14:381:16 | key | tests.js:383:31:383:33 | key | -| tests.js:383:22:383:24 | key | tests.js:389:22:389:24 | key | -| tests.js:383:22:383:24 | key | tests.js:389:22:389:24 | key | -| tests.js:383:22:383:24 | key | tests.js:399:23:399:25 | key | -| tests.js:383:22:383:24 | key | tests.js:399:23:399:25 | key | -| tests.js:383:27:383:34 | obj[key] | tests.js:399:28:399:32 | value | -| tests.js:383:27:383:34 | obj[key] | tests.js:399:28:399:32 | value | -| tests.js:383:27:383:34 | obj[key] | tests.js:399:28:399:32 | value | -| tests.js:383:27:383:34 | obj[key] | tests.js:399:28:399:32 | value | -| tests.js:383:31:383:33 | key | tests.js:383:27:383:34 | obj[key] | -| tests.js:383:31:383:33 | key | tests.js:383:27:383:34 | obj[key] | -| tests.js:388:29:388:31 | dst | tests.js:391:32:391:34 | dst | -| tests.js:388:29:388:31 | dst | tests.js:391:32:391:34 | dst | -| tests.js:388:29:388:31 | dst | tests.js:393:13:393:15 | dst | -| tests.js:388:29:388:31 | dst | tests.js:393:13:393:15 | dst | -| tests.js:388:29:388:31 | dst | tests.js:393:13:393:15 | dst | -| tests.js:388:29:388:31 | dst | tests.js:393:13:393:15 | dst | -| tests.js:388:34:388:36 | src | tests.js:391:42:391:44 | src | -| tests.js:388:34:388:36 | src | tests.js:391:42:391:44 | src | -| tests.js:388:34:388:36 | src | tests.js:393:24:393:26 | src | -| tests.js:388:34:388:36 | src | tests.js:393:24:393:26 | src | -| tests.js:389:22:389:24 | key | tests.js:391:36:391:38 | key | -| tests.js:389:22:389:24 | key | tests.js:391:36:391:38 | key | -| tests.js:389:22:389:24 | key | tests.js:391:46:391:48 | key | -| tests.js:389:22:389:24 | key | tests.js:391:46:391:48 | key | -| tests.js:389:22:389:24 | key | tests.js:393:17:393:19 | key | -| tests.js:389:22:389:24 | key | tests.js:393:17:393:19 | key | -| tests.js:389:22:389:24 | key | tests.js:393:17:393:19 | key | -| tests.js:389:22:389:24 | key | tests.js:393:17:393:19 | key | -| tests.js:389:22:389:24 | key | tests.js:393:28:393:30 | key | -| tests.js:389:22:389:24 | key | tests.js:393:28:393:30 | key | -| tests.js:391:32:391:34 | dst | tests.js:391:32:391:39 | dst[key] | -| tests.js:391:32:391:34 | dst | tests.js:391:32:391:39 | dst[key] | -| tests.js:391:32:391:39 | dst[key] | tests.js:388:29:388:31 | dst | -| tests.js:391:32:391:39 | dst[key] | tests.js:388:29:388:31 | dst | -| tests.js:391:36:391:38 | key | tests.js:391:32:391:39 | dst[key] | -| tests.js:391:36:391:38 | key | tests.js:391:32:391:39 | dst[key] | -| tests.js:391:42:391:44 | src | tests.js:391:42:391:49 | src[key] | -| tests.js:391:42:391:44 | src | tests.js:391:42:391:49 | src[key] | -| tests.js:391:42:391:49 | src[key] | tests.js:388:34:388:36 | src | -| tests.js:391:42:391:49 | src[key] | tests.js:388:34:388:36 | src | -| tests.js:391:46:391:48 | key | tests.js:391:42:391:49 | src[key] | -| tests.js:391:46:391:48 | key | tests.js:391:42:391:49 | src[key] | -| tests.js:393:24:393:26 | src | tests.js:393:24:393:31 | src[key] | -| tests.js:393:24:393:26 | src | tests.js:393:24:393:31 | src[key] | -| tests.js:393:24:393:26 | src | tests.js:393:24:393:31 | src[key] | -| tests.js:393:24:393:26 | src | tests.js:393:24:393:31 | src[key] | -| tests.js:393:28:393:30 | key | tests.js:393:24:393:31 | src[key] | -| tests.js:393:28:393:30 | key | tests.js:393:24:393:31 | src[key] | -| tests.js:393:28:393:30 | key | tests.js:393:24:393:31 | src[key] | -| tests.js:393:28:393:30 | key | tests.js:393:24:393:31 | src[key] | -| tests.js:398:30:398:32 | dst | tests.js:401:33:401:35 | dst | -| tests.js:398:30:398:32 | dst | tests.js:401:33:401:35 | dst | -| tests.js:398:30:398:32 | dst | tests.js:403:13:403:15 | dst | -| tests.js:398:30:398:32 | dst | tests.js:403:13:403:15 | dst | -| tests.js:398:30:398:32 | dst | tests.js:403:13:403:15 | dst | -| tests.js:398:30:398:32 | dst | tests.js:403:13:403:15 | dst | -| tests.js:398:35:398:37 | src | tests.js:399:17:399:19 | src | -| tests.js:398:35:398:37 | src | tests.js:399:17:399:19 | src | -| tests.js:399:17:399:19 | src | tests.js:399:28:399:32 | value | -| tests.js:399:17:399:19 | src | tests.js:399:28:399:32 | value | -| tests.js:399:23:399:25 | key | tests.js:401:37:401:39 | key | -| tests.js:399:23:399:25 | key | tests.js:401:37:401:39 | key | -| tests.js:399:23:399:25 | key | tests.js:403:17:403:19 | key | -| tests.js:399:23:399:25 | key | tests.js:403:17:403:19 | key | -| tests.js:399:23:399:25 | key | tests.js:403:17:403:19 | key | -| tests.js:399:23:399:25 | key | tests.js:403:17:403:19 | key | -| tests.js:399:28:399:32 | value | tests.js:401:43:401:47 | value | -| tests.js:399:28:399:32 | value | tests.js:401:43:401:47 | value | -| tests.js:399:28:399:32 | value | tests.js:403:24:403:28 | value | -| tests.js:399:28:399:32 | value | tests.js:403:24:403:28 | value | -| tests.js:399:28:399:32 | value | tests.js:403:24:403:28 | value | -| tests.js:399:28:399:32 | value | tests.js:403:24:403:28 | value | -| tests.js:401:33:401:35 | dst | tests.js:401:33:401:40 | dst[key] | -| tests.js:401:33:401:35 | dst | tests.js:401:33:401:40 | dst[key] | -| tests.js:401:33:401:40 | dst[key] | tests.js:398:30:398:32 | dst | -| tests.js:401:33:401:40 | dst[key] | tests.js:398:30:398:32 | dst | -| tests.js:401:37:401:39 | key | tests.js:401:33:401:40 | dst[key] | -| tests.js:401:37:401:39 | key | tests.js:401:33:401:40 | dst[key] | -| tests.js:401:43:401:47 | value | tests.js:398:35:398:37 | src | -| tests.js:401:43:401:47 | value | tests.js:398:35:398:37 | src | -| tests.js:412:31:412:33 | dst | tests.js:415:34:415:36 | dst | -| tests.js:412:31:412:33 | dst | tests.js:415:34:415:36 | dst | -| tests.js:412:31:412:33 | dst | tests.js:419:13:419:15 | dst | -| tests.js:412:31:412:33 | dst | tests.js:419:13:419:15 | dst | -| tests.js:412:31:412:33 | dst | tests.js:419:13:419:15 | dst | -| tests.js:412:31:412:33 | dst | tests.js:419:13:419:15 | dst | -| tests.js:412:36:412:38 | src | tests.js:414:33:414:35 | src | -| tests.js:412:36:412:38 | src | tests.js:414:33:414:35 | src | -| tests.js:413:14:413:16 | key | tests.js:414:38:414:40 | key | -| tests.js:413:14:413:16 | key | tests.js:414:38:414:40 | key | -| tests.js:413:14:413:16 | key | tests.js:414:38:414:40 | key | -| tests.js:413:14:413:16 | key | tests.js:414:38:414:40 | key | -| tests.js:413:14:413:16 | key | tests.js:415:39:415:41 | key | -| tests.js:413:14:413:16 | key | tests.js:415:39:415:41 | key | -| tests.js:413:14:413:16 | key | tests.js:415:39:415:41 | key | -| tests.js:413:14:413:16 | key | tests.js:415:39:415:41 | key | -| tests.js:413:14:413:16 | key | tests.js:419:17:419:19 | key | -| tests.js:413:14:413:16 | key | tests.js:419:17:419:19 | key | -| tests.js:413:14:413:16 | key | tests.js:419:17:419:19 | key | -| tests.js:413:14:413:16 | key | tests.js:419:17:419:19 | key | -| tests.js:413:14:413:16 | key | tests.js:419:17:419:19 | key | -| tests.js:413:14:413:16 | key | tests.js:419:17:419:19 | key | -| tests.js:413:14:413:16 | key | tests.js:419:17:419:19 | key | -| tests.js:414:13:414:41 | value | tests.js:417:42:417:46 | value | -| tests.js:414:13:414:41 | value | tests.js:417:42:417:46 | value | -| tests.js:414:13:414:41 | value | tests.js:417:42:417:46 | value | -| tests.js:414:13:414:41 | value | tests.js:417:42:417:46 | value | -| tests.js:414:13:414:41 | value | tests.js:419:24:419:28 | value | -| tests.js:414:13:414:41 | value | tests.js:419:24:419:28 | value | -| tests.js:414:13:414:41 | value | tests.js:419:24:419:28 | value | -| tests.js:414:13:414:41 | value | tests.js:419:24:419:28 | value | -| tests.js:414:13:414:41 | value | tests.js:419:24:419:28 | value | -| tests.js:414:13:414:41 | value | tests.js:419:24:419:28 | value | -| tests.js:414:13:414:41 | value | tests.js:419:24:419:28 | value | -| tests.js:414:13:414:41 | value | tests.js:419:24:419:28 | value | -| tests.js:414:21:414:41 | wrapped ... c, key) | tests.js:414:13:414:41 | value | -| tests.js:414:21:414:41 | wrapped ... c, key) | tests.js:414:13:414:41 | value | -| tests.js:414:21:414:41 | wrapped ... c, key) | tests.js:414:13:414:41 | value | -| tests.js:414:21:414:41 | wrapped ... c, key) | tests.js:414:13:414:41 | value | -| tests.js:414:21:414:41 | wrapped ... c, key) | tests.js:414:13:414:41 | value | -| tests.js:414:21:414:41 | wrapped ... c, key) | tests.js:414:13:414:41 | value | -| tests.js:414:33:414:35 | src | tests.js:414:21:414:41 | wrapped ... c, key) | -| tests.js:414:33:414:35 | src | tests.js:414:21:414:41 | wrapped ... c, key) | -| tests.js:414:38:414:40 | key | tests.js:414:21:414:41 | wrapped ... c, key) | -| tests.js:414:38:414:40 | key | tests.js:414:21:414:41 | wrapped ... c, key) | -| tests.js:415:13:415:42 | target | tests.js:417:34:417:39 | target | -| tests.js:415:13:415:42 | target | tests.js:417:34:417:39 | target | -| tests.js:415:13:415:42 | target | tests.js:417:34:417:39 | target | -| tests.js:415:13:415:42 | target | tests.js:417:34:417:39 | target | -| tests.js:415:22:415:42 | wrapped ... t, key) | tests.js:415:13:415:42 | target | -| tests.js:415:22:415:42 | wrapped ... t, key) | tests.js:415:13:415:42 | target | -| tests.js:415:22:415:42 | wrapped ... t, key) | tests.js:415:13:415:42 | target | -| tests.js:415:22:415:42 | wrapped ... t, key) | tests.js:415:13:415:42 | target | -| tests.js:415:34:415:36 | dst | tests.js:415:22:415:42 | wrapped ... t, key) | -| tests.js:415:34:415:36 | dst | tests.js:415:22:415:42 | wrapped ... t, key) | -| tests.js:415:39:415:41 | key | tests.js:415:22:415:42 | wrapped ... t, key) | -| tests.js:415:39:415:41 | key | tests.js:415:22:415:42 | wrapped ... t, key) | -| tests.js:417:34:417:39 | target | tests.js:412:31:412:33 | dst | -| tests.js:417:34:417:39 | target | tests.js:412:31:412:33 | dst | -| tests.js:417:34:417:39 | target | tests.js:412:31:412:33 | dst | -| tests.js:417:34:417:39 | target | tests.js:412:31:412:33 | dst | -| tests.js:417:42:417:46 | value | tests.js:412:36:412:38 | src | -| tests.js:417:42:417:46 | value | tests.js:412:36:412:38 | src | -| tests.js:417:42:417:46 | value | tests.js:412:36:412:38 | src | -| tests.js:417:42:417:46 | value | tests.js:412:36:412:38 | src | -| tests.js:429:34:429:36 | dst | tests.js:432:37:432:39 | dst | -| tests.js:429:34:429:36 | dst | tests.js:436:13:436:15 | dst | -| tests.js:429:34:429:36 | dst | tests.js:436:13:436:15 | dst | -| tests.js:429:39:429:41 | src | tests.js:431:36:431:38 | src | -| tests.js:429:39:429:41 | src | tests.js:431:36:431:38 | src | -| tests.js:430:14:430:16 | key | tests.js:431:41:431:43 | key | -| tests.js:430:14:430:16 | key | tests.js:431:41:431:43 | key | -| tests.js:430:14:430:16 | key | tests.js:432:42:432:44 | key | -| tests.js:430:14:430:16 | key | tests.js:432:42:432:44 | key | -| tests.js:430:14:430:16 | key | tests.js:436:17:436:19 | key | -| tests.js:430:14:430:16 | key | tests.js:436:17:436:19 | key | -| tests.js:430:14:430:16 | key | tests.js:436:17:436:19 | key | -| tests.js:430:14:430:16 | key | tests.js:436:17:436:19 | key | -| tests.js:430:14:430:16 | key | tests.js:436:17:436:19 | key | -| tests.js:430:14:430:16 | key | tests.js:436:17:436:19 | key | -| tests.js:430:14:430:16 | key | tests.js:436:17:436:19 | key | -| tests.js:431:13:431:44 | value | tests.js:434:45:434:49 | value | -| tests.js:431:13:431:44 | value | tests.js:434:45:434:49 | value | -| tests.js:431:13:431:44 | value | tests.js:434:45:434:49 | value | -| tests.js:431:13:431:44 | value | tests.js:434:45:434:49 | value | -| tests.js:431:13:431:44 | value | tests.js:436:24:436:28 | value | -| tests.js:431:13:431:44 | value | tests.js:436:24:436:28 | value | -| tests.js:431:13:431:44 | value | tests.js:436:24:436:28 | value | -| tests.js:431:13:431:44 | value | tests.js:436:24:436:28 | value | -| tests.js:431:13:431:44 | value | tests.js:436:24:436:28 | value | -| tests.js:431:13:431:44 | value | tests.js:436:24:436:28 | value | -| tests.js:431:13:431:44 | value | tests.js:436:24:436:28 | value | -| tests.js:431:13:431:44 | value | tests.js:436:24:436:28 | value | -| tests.js:431:21:431:44 | almostS ... c, key) | tests.js:431:13:431:44 | value | -| tests.js:431:21:431:44 | almostS ... c, key) | tests.js:431:13:431:44 | value | -| tests.js:431:21:431:44 | almostS ... c, key) | tests.js:431:13:431:44 | value | -| tests.js:431:21:431:44 | almostS ... c, key) | tests.js:431:13:431:44 | value | -| tests.js:431:21:431:44 | almostS ... c, key) | tests.js:431:13:431:44 | value | -| tests.js:431:21:431:44 | almostS ... c, key) | tests.js:431:13:431:44 | value | -| tests.js:431:36:431:38 | src | tests.js:431:21:431:44 | almostS ... c, key) | -| tests.js:431:36:431:38 | src | tests.js:431:21:431:44 | almostS ... c, key) | -| tests.js:431:41:431:43 | key | tests.js:431:21:431:44 | almostS ... c, key) | -| tests.js:432:13:432:45 | target | tests.js:434:37:434:42 | target | -| tests.js:432:13:432:45 | target | tests.js:434:37:434:42 | target | -| tests.js:432:22:432:45 | almostS ... t, key) | tests.js:432:13:432:45 | target | -| tests.js:432:22:432:45 | almostS ... t, key) | tests.js:432:13:432:45 | target | -| tests.js:432:37:432:39 | dst | tests.js:432:22:432:45 | almostS ... t, key) | -| tests.js:432:42:432:44 | key | tests.js:432:22:432:45 | almostS ... t, key) | -| tests.js:434:37:434:42 | target | tests.js:429:34:429:36 | dst | -| tests.js:434:37:434:42 | target | tests.js:429:34:429:36 | dst | -| tests.js:434:45:434:49 | value | tests.js:429:39:429:41 | src | -| tests.js:434:45:434:49 | value | tests.js:429:39:429:41 | src | -| tests.js:434:45:434:49 | value | tests.js:429:39:429:41 | src | -| tests.js:434:45:434:49 | value | tests.js:429:39:429:41 | src | -| tests.js:446:33:446:35 | src | tests.js:448:30:448:32 | src | -| tests.js:446:33:446:35 | src | tests.js:448:30:448:32 | src | -| tests.js:447:14:447:16 | key | tests.js:453:17:453:19 | key | -| tests.js:447:14:447:16 | key | tests.js:453:17:453:19 | key | -| tests.js:447:14:447:16 | key | tests.js:453:17:453:19 | key | -| tests.js:447:14:447:16 | key | tests.js:453:17:453:19 | key | -| tests.js:447:14:447:16 | key | tests.js:453:17:453:19 | key | -| tests.js:447:14:447:16 | key | tests.js:453:17:453:19 | key | -| tests.js:447:14:447:16 | key | tests.js:453:17:453:19 | key | -| tests.js:448:13:448:38 | value | tests.js:451:39:451:43 | value | -| tests.js:448:13:448:38 | value | tests.js:451:39:451:43 | value | -| tests.js:448:13:448:38 | value | tests.js:451:39:451:43 | value | -| tests.js:448:13:448:38 | value | tests.js:451:39:451:43 | value | -| tests.js:448:13:448:38 | value | tests.js:453:24:453:28 | value | -| tests.js:448:13:448:38 | value | tests.js:453:24:453:28 | value | -| tests.js:448:13:448:38 | value | tests.js:453:24:453:28 | value | -| tests.js:448:13:448:38 | value | tests.js:453:24:453:28 | value | -| tests.js:448:13:448:38 | value | tests.js:453:24:453:28 | value | -| tests.js:448:13:448:38 | value | tests.js:453:24:453:28 | value | -| tests.js:448:13:448:38 | value | tests.js:453:24:453:28 | value | -| tests.js:448:13:448:38 | value | tests.js:453:24:453:28 | value | -| tests.js:448:21:448:38 | safeRead(src, key) | tests.js:448:13:448:38 | value | -| tests.js:448:21:448:38 | safeRead(src, key) | tests.js:448:13:448:38 | value | -| tests.js:448:21:448:38 | safeRead(src, key) | tests.js:448:13:448:38 | value | -| tests.js:448:21:448:38 | safeRead(src, key) | tests.js:448:13:448:38 | value | -| tests.js:448:21:448:38 | safeRead(src, key) | tests.js:448:13:448:38 | value | -| tests.js:448:21:448:38 | safeRead(src, key) | tests.js:448:13:448:38 | value | -| tests.js:448:30:448:32 | src | tests.js:448:21:448:38 | safeRead(src, key) | -| tests.js:448:30:448:32 | src | tests.js:448:21:448:38 | safeRead(src, key) | -| tests.js:451:39:451:43 | value | tests.js:446:33:446:35 | src | -| tests.js:451:39:451:43 | value | tests.js:446:33:446:35 | src | -| tests.js:451:39:451:43 | value | tests.js:446:33:446:35 | src | -| tests.js:451:39:451:43 | value | tests.js:446:33:446:35 | src | -| tests.js:458:26:458:28 | dst | tests.js:462:29:462:31 | dst | -| tests.js:458:26:458:28 | dst | tests.js:462:29:462:31 | dst | -| tests.js:458:26:458:28 | dst | tests.js:465:30:465:32 | dst | -| tests.js:458:26:458:28 | dst | tests.js:465:30:465:32 | dst | -| tests.js:458:26:458:28 | dst | tests.js:465:30:465:32 | dst | -| tests.js:458:26:458:28 | dst | tests.js:465:30:465:32 | dst | -| tests.js:458:26:458:28 | dst | tests.js:466:30:466:32 | dst | -| tests.js:458:26:458:28 | dst | tests.js:466:30:466:32 | dst | -| tests.js:458:26:458:28 | dst | tests.js:466:30:466:32 | dst | -| tests.js:458:26:458:28 | dst | tests.js:466:30:466:32 | dst | -| tests.js:458:26:458:28 | dst | tests.js:467:30:467:32 | dst | -| tests.js:458:26:458:28 | dst | tests.js:467:30:467:32 | dst | -| tests.js:458:26:458:28 | dst | tests.js:467:30:467:32 | dst | -| tests.js:458:26:458:28 | dst | tests.js:467:30:467:32 | dst | -| tests.js:458:31:458:33 | src | tests.js:462:39:462:41 | src | -| tests.js:458:31:458:33 | src | tests.js:462:39:462:41 | src | -| tests.js:458:31:458:33 | src | tests.js:465:41:465:43 | src | -| tests.js:458:31:458:33 | src | tests.js:465:41:465:43 | src | -| tests.js:460:18:460:22 | value | tests.js:467:41:467:45 | value | -| tests.js:460:18:460:22 | value | tests.js:467:41:467:45 | value | -| tests.js:460:18:460:22 | value | tests.js:467:41:467:45 | value | -| tests.js:460:18:460:22 | value | tests.js:467:41:467:45 | value | -| tests.js:460:18:460:22 | value | tests.js:467:41:467:45 | value | -| tests.js:460:18:460:22 | value | tests.js:467:41:467:45 | value | -| tests.js:460:18:460:22 | value | tests.js:467:41:467:45 | value | -| tests.js:460:25:460:27 | key | tests.js:462:33:462:35 | key | -| tests.js:460:25:460:27 | key | tests.js:462:33:462:35 | key | -| tests.js:460:25:460:27 | key | tests.js:462:33:462:35 | key | -| tests.js:460:25:460:27 | key | tests.js:462:33:462:35 | key | -| tests.js:460:25:460:27 | key | tests.js:462:43:462:45 | key | -| tests.js:460:25:460:27 | key | tests.js:462:43:462:45 | key | -| tests.js:460:25:460:27 | key | tests.js:462:43:462:45 | key | -| tests.js:460:25:460:27 | key | tests.js:462:43:462:45 | key | -| tests.js:460:25:460:27 | key | tests.js:465:34:465:36 | key | -| tests.js:460:25:460:27 | key | tests.js:465:34:465:36 | key | -| tests.js:460:25:460:27 | key | tests.js:465:34:465:36 | key | -| tests.js:460:25:460:27 | key | tests.js:465:34:465:36 | key | -| tests.js:460:25:460:27 | key | tests.js:465:34:465:36 | key | -| tests.js:460:25:460:27 | key | tests.js:465:34:465:36 | key | -| tests.js:460:25:460:27 | key | tests.js:465:34:465:36 | key | -| tests.js:460:25:460:27 | key | tests.js:465:45:465:47 | key | -| tests.js:460:25:460:27 | key | tests.js:465:45:465:47 | key | -| tests.js:460:25:460:27 | key | tests.js:465:45:465:47 | key | -| tests.js:460:25:460:27 | key | tests.js:465:45:465:47 | key | -| tests.js:460:25:460:27 | key | tests.js:466:34:466:36 | key | -| tests.js:460:25:460:27 | key | tests.js:466:34:466:36 | key | -| tests.js:460:25:460:27 | key | tests.js:466:34:466:36 | key | -| tests.js:460:25:460:27 | key | tests.js:466:34:466:36 | key | -| tests.js:460:25:460:27 | key | tests.js:466:34:466:36 | key | -| tests.js:460:25:460:27 | key | tests.js:466:34:466:36 | key | -| tests.js:460:25:460:27 | key | tests.js:466:34:466:36 | key | -| tests.js:460:25:460:27 | key | tests.js:466:43:466:45 | key | -| tests.js:460:25:460:27 | key | tests.js:466:43:466:45 | key | -| tests.js:460:25:460:27 | key | tests.js:466:43:466:45 | key | -| tests.js:460:25:460:27 | key | tests.js:466:43:466:45 | key | -| tests.js:460:25:460:27 | key | tests.js:467:34:467:36 | key | -| tests.js:460:25:460:27 | key | tests.js:467:34:467:36 | key | -| tests.js:460:25:460:27 | key | tests.js:467:34:467:36 | key | -| tests.js:460:25:460:27 | key | tests.js:467:34:467:36 | key | -| tests.js:460:25:460:27 | key | tests.js:467:34:467:36 | key | -| tests.js:460:25:460:27 | key | tests.js:467:34:467:36 | key | -| tests.js:460:25:460:27 | key | tests.js:467:34:467:36 | key | -| tests.js:462:29:462:31 | dst | tests.js:462:29:462:36 | dst[key] | -| tests.js:462:29:462:31 | dst | tests.js:462:29:462:36 | dst[key] | -| tests.js:462:29:462:36 | dst[key] | tests.js:458:26:458:28 | dst | -| tests.js:462:29:462:36 | dst[key] | tests.js:458:26:458:28 | dst | -| tests.js:462:29:462:36 | dst[key] | tests.js:458:26:458:28 | dst | -| tests.js:462:29:462:36 | dst[key] | tests.js:458:26:458:28 | dst | -| tests.js:462:33:462:35 | key | tests.js:462:29:462:36 | dst[key] | -| tests.js:462:33:462:35 | key | tests.js:462:29:462:36 | dst[key] | -| tests.js:462:39:462:41 | src | tests.js:462:39:462:46 | src[key] | -| tests.js:462:39:462:41 | src | tests.js:462:39:462:46 | src[key] | -| tests.js:462:39:462:46 | src[key] | tests.js:458:31:458:33 | src | -| tests.js:462:39:462:46 | src[key] | tests.js:458:31:458:33 | src | -| tests.js:462:39:462:46 | src[key] | tests.js:458:31:458:33 | src | -| tests.js:462:39:462:46 | src[key] | tests.js:458:31:458:33 | src | -| tests.js:462:39:462:46 | src[key] | tests.js:458:31:458:33 | src | -| tests.js:462:39:462:46 | src[key] | tests.js:458:31:458:33 | src | -| tests.js:462:43:462:45 | key | tests.js:462:39:462:46 | src[key] | -| tests.js:462:43:462:45 | key | tests.js:462:39:462:46 | src[key] | -| tests.js:465:41:465:43 | src | tests.js:465:41:465:48 | src[key] | -| tests.js:465:41:465:43 | src | tests.js:465:41:465:48 | src[key] | -| tests.js:465:41:465:43 | src | tests.js:465:41:465:48 | src[key] | -| tests.js:465:41:465:43 | src | tests.js:465:41:465:48 | src[key] | -| tests.js:465:41:465:48 | src[key] | tests.js:465:41:465:48 | src[key] | -| tests.js:465:45:465:47 | key | tests.js:465:41:465:48 | src[key] | -| tests.js:465:45:465:47 | key | tests.js:465:41:465:48 | src[key] | -| tests.js:465:45:465:47 | key | tests.js:465:41:465:48 | src[key] | -| tests.js:465:45:465:47 | key | tests.js:465:41:465:48 | src[key] | -| tests.js:466:41:466:46 | o[key] | tests.js:466:41:466:46 | o[key] | -| tests.js:466:43:466:45 | key | tests.js:466:41:466:46 | o[key] | -| tests.js:466:43:466:45 | key | tests.js:466:41:466:46 | o[key] | -| tests.js:466:43:466:45 | key | tests.js:466:41:466:46 | o[key] | -| tests.js:466:43:466:45 | key | tests.js:466:41:466:46 | o[key] | -| tests.js:472:38:472:40 | dst | tests.js:475:41:475:43 | dst | -| tests.js:472:38:472:40 | dst | tests.js:475:41:475:43 | dst | -| tests.js:472:38:472:40 | dst | tests.js:477:13:477:15 | dst | -| tests.js:472:38:472:40 | dst | tests.js:477:13:477:15 | dst | -| tests.js:472:38:472:40 | dst | tests.js:477:13:477:15 | dst | -| tests.js:472:38:472:40 | dst | tests.js:477:13:477:15 | dst | -| tests.js:473:18:473:22 | value | tests.js:477:24:477:28 | value | -| tests.js:473:18:473:22 | value | tests.js:477:24:477:28 | value | -| tests.js:473:18:473:22 | value | tests.js:477:24:477:28 | value | -| tests.js:473:18:473:22 | value | tests.js:477:24:477:28 | value | -| tests.js:473:18:473:22 | value | tests.js:477:24:477:28 | value | -| tests.js:473:18:473:22 | value | tests.js:477:24:477:28 | value | -| tests.js:473:18:473:22 | value | tests.js:477:24:477:28 | value | -| tests.js:473:25:473:27 | key | tests.js:475:45:475:47 | key | -| tests.js:473:25:473:27 | key | tests.js:475:45:475:47 | key | -| tests.js:473:25:473:27 | key | tests.js:475:45:475:47 | key | -| tests.js:473:25:473:27 | key | tests.js:475:45:475:47 | key | -| tests.js:473:25:473:27 | key | tests.js:477:17:477:19 | key | -| tests.js:473:25:473:27 | key | tests.js:477:17:477:19 | key | -| tests.js:473:25:473:27 | key | tests.js:477:17:477:19 | key | -| tests.js:473:25:473:27 | key | tests.js:477:17:477:19 | key | -| tests.js:473:25:473:27 | key | tests.js:477:17:477:19 | key | -| tests.js:473:25:473:27 | key | tests.js:477:17:477:19 | key | -| tests.js:473:25:473:27 | key | tests.js:477:17:477:19 | key | -| tests.js:475:41:475:43 | dst | tests.js:475:41:475:48 | dst[key] | -| tests.js:475:41:475:43 | dst | tests.js:475:41:475:48 | dst[key] | -| tests.js:475:41:475:48 | dst[key] | tests.js:472:38:472:40 | dst | -| tests.js:475:41:475:48 | dst[key] | tests.js:472:38:472:40 | dst | -| tests.js:475:41:475:48 | dst[key] | tests.js:472:38:472:40 | dst | -| tests.js:475:41:475:48 | dst[key] | tests.js:472:38:472:40 | dst | -| tests.js:475:45:475:47 | key | tests.js:475:41:475:48 | dst[key] | -| tests.js:475:45:475:47 | key | tests.js:475:41:475:48 | dst[key] | -| tests.js:483:26:483:28 | dst | tests.js:487:29:487:31 | dst | -| tests.js:483:26:483:28 | dst | tests.js:489:13:489:15 | dst | -| tests.js:483:26:483:28 | dst | tests.js:489:13:489:15 | dst | -| tests.js:483:31:483:33 | src | tests.js:487:39:487:41 | src | -| tests.js:483:31:483:33 | src | tests.js:489:24:489:26 | src | -| tests.js:483:31:483:33 | src | tests.js:489:24:489:26 | src | -| tests.js:484:14:484:16 | key | tests.js:487:33:487:35 | key | -| tests.js:484:14:484:16 | key | tests.js:487:33:487:35 | key | -| tests.js:484:14:484:16 | key | tests.js:487:43:487:45 | key | -| tests.js:484:14:484:16 | key | tests.js:487:43:487:45 | key | -| tests.js:484:14:484:16 | key | tests.js:489:17:489:19 | key | -| tests.js:484:14:484:16 | key | tests.js:489:17:489:19 | key | -| tests.js:484:14:484:16 | key | tests.js:489:17:489:19 | key | -| tests.js:484:14:484:16 | key | tests.js:489:17:489:19 | key | -| tests.js:484:14:484:16 | key | tests.js:489:28:489:30 | key | -| tests.js:484:14:484:16 | key | tests.js:489:28:489:30 | key | -| tests.js:487:29:487:31 | dst | tests.js:487:29:487:36 | dst[key] | -| tests.js:487:29:487:36 | dst[key] | tests.js:483:26:483:28 | dst | -| tests.js:487:29:487:36 | dst[key] | tests.js:483:26:483:28 | dst | -| tests.js:487:33:487:35 | key | tests.js:487:29:487:36 | dst[key] | -| tests.js:487:39:487:41 | src | tests.js:487:39:487:46 | src[key] | -| tests.js:487:39:487:46 | src[key] | tests.js:483:31:483:33 | src | -| tests.js:487:39:487:46 | src[key] | tests.js:483:31:483:33 | src | -| tests.js:487:39:487:46 | src[key] | tests.js:483:31:483:33 | src | -| tests.js:487:39:487:46 | src[key] | tests.js:483:31:483:33 | src | -| tests.js:487:39:487:46 | src[key] | tests.js:483:31:483:33 | src | -| tests.js:487:43:487:45 | key | tests.js:487:39:487:46 | src[key] | -| tests.js:489:24:489:26 | src | tests.js:489:24:489:31 | src[key] | -| tests.js:489:24:489:26 | src | tests.js:489:24:489:31 | src[key] | -| tests.js:489:24:489:26 | src | tests.js:489:24:489:31 | src[key] | -| tests.js:489:24:489:26 | src | tests.js:489:24:489:31 | src[key] | -| tests.js:489:24:489:31 | src[key] | tests.js:489:24:489:31 | src[key] | -| tests.js:489:28:489:30 | key | tests.js:489:24:489:31 | src[key] | -| tests.js:489:28:489:30 | key | tests.js:489:24:489:31 | src[key] | -| tests.js:494:32:494:34 | src | tests.js:498:21:498:23 | src | -| tests.js:495:14:495:16 | key | tests.js:498:25:498:27 | key | -| tests.js:495:14:495:16 | key | tests.js:498:25:498:27 | key | -| tests.js:495:14:495:16 | key | tests.js:502:17:502:19 | key | -| tests.js:495:14:495:16 | key | tests.js:502:17:502:19 | key | -| tests.js:495:14:495:16 | key | tests.js:502:17:502:19 | key | -| tests.js:495:14:495:16 | key | tests.js:502:17:502:19 | key | -| tests.js:498:13:498:28 | value | tests.js:500:38:500:42 | value | -| tests.js:498:13:498:28 | value | tests.js:500:38:500:42 | value | -| tests.js:498:13:498:28 | value | tests.js:502:24:502:28 | value | -| tests.js:498:13:498:28 | value | tests.js:502:24:502:28 | value | -| tests.js:498:13:498:28 | value | tests.js:502:24:502:28 | value | -| tests.js:498:13:498:28 | value | tests.js:502:24:502:28 | value | -| tests.js:498:13:498:28 | value | tests.js:502:24:502:28 | value | -| tests.js:498:13:498:28 | value | tests.js:502:24:502:28 | value | -| tests.js:498:21:498:23 | src | tests.js:498:21:498:28 | src[key] | -| tests.js:498:21:498:28 | src[key] | tests.js:498:13:498:28 | value | -| tests.js:498:21:498:28 | src[key] | tests.js:498:13:498:28 | value | -| tests.js:498:21:498:28 | src[key] | tests.js:498:13:498:28 | value | -| tests.js:498:21:498:28 | src[key] | tests.js:498:13:498:28 | value | -| tests.js:498:21:498:28 | src[key] | tests.js:498:13:498:28 | value | -| tests.js:498:25:498:27 | key | tests.js:498:21:498:28 | src[key] | -| tests.js:500:38:500:42 | value | tests.js:494:32:494:34 | src | -| tests.js:500:38:500:42 | value | tests.js:494:32:494:34 | src | -| tests.js:508:30:508:32 | dst | tests.js:513:33:513:35 | dst | -| tests.js:508:30:508:32 | dst | tests.js:513:33:513:35 | dst | -| tests.js:508:30:508:32 | dst | tests.js:517:35:517:37 | dst | -| tests.js:508:30:508:32 | dst | tests.js:517:35:517:37 | dst | -| tests.js:508:30:508:32 | dst | tests.js:517:35:517:37 | dst | -| tests.js:508:30:508:32 | dst | tests.js:517:35:517:37 | dst | -| tests.js:508:35:508:37 | src | tests.js:513:43:513:45 | src | -| tests.js:508:35:508:37 | src | tests.js:513:43:513:45 | src | -| tests.js:508:35:508:37 | src | tests.js:516:32:516:34 | src | -| tests.js:508:35:508:37 | src | tests.js:516:32:516:34 | src | -| tests.js:511:13:511:25 | key | tests.js:513:37:513:39 | key | -| tests.js:511:13:511:25 | key | tests.js:513:37:513:39 | key | -| tests.js:511:13:511:25 | key | tests.js:513:47:513:49 | key | -| tests.js:511:13:511:25 | key | tests.js:513:47:513:49 | key | -| tests.js:511:13:511:25 | key | tests.js:516:36:516:38 | key | -| tests.js:511:13:511:25 | key | tests.js:516:36:516:38 | key | -| tests.js:511:13:511:25 | key | tests.js:517:40:517:42 | key | -| tests.js:511:13:511:25 | key | tests.js:517:40:517:42 | key | -| tests.js:511:13:511:25 | key | tests.js:517:40:517:42 | key | -| tests.js:511:13:511:25 | key | tests.js:517:40:517:42 | key | -| tests.js:511:19:511:25 | keys[i] | tests.js:511:13:511:25 | key | -| tests.js:511:19:511:25 | keys[i] | tests.js:511:13:511:25 | key | -| tests.js:511:19:511:25 | keys[i] | tests.js:511:13:511:25 | key | -| tests.js:511:19:511:25 | keys[i] | tests.js:511:13:511:25 | key | -| tests.js:513:33:513:35 | dst | tests.js:513:33:513:40 | dst[key] | -| tests.js:513:33:513:35 | dst | tests.js:513:33:513:40 | dst[key] | -| tests.js:513:33:513:40 | dst[key] | tests.js:508:30:508:32 | dst | -| tests.js:513:33:513:40 | dst[key] | tests.js:508:30:508:32 | dst | -| tests.js:513:33:513:40 | dst[key] | tests.js:508:30:508:32 | dst | -| tests.js:513:33:513:40 | dst[key] | tests.js:508:30:508:32 | dst | -| tests.js:513:37:513:39 | key | tests.js:513:33:513:40 | dst[key] | -| tests.js:513:37:513:39 | key | tests.js:513:33:513:40 | dst[key] | -| tests.js:513:43:513:45 | src | tests.js:513:43:513:50 | src[key] | -| tests.js:513:43:513:45 | src | tests.js:513:43:513:50 | src[key] | -| tests.js:513:43:513:50 | src[key] | tests.js:508:35:508:37 | src | -| tests.js:513:43:513:50 | src[key] | tests.js:508:35:508:37 | src | -| tests.js:513:43:513:50 | src[key] | tests.js:508:35:508:37 | src | -| tests.js:513:43:513:50 | src[key] | tests.js:508:35:508:37 | src | -| tests.js:513:43:513:50 | src[key] | tests.js:508:35:508:37 | src | -| tests.js:513:43:513:50 | src[key] | tests.js:508:35:508:37 | src | -| tests.js:513:47:513:49 | key | tests.js:513:43:513:50 | src[key] | -| tests.js:513:47:513:49 | key | tests.js:513:43:513:50 | src[key] | -| tests.js:516:32:516:34 | src | tests.js:516:32:516:39 | src[key] | -| tests.js:516:32:516:34 | src | tests.js:516:32:516:39 | src[key] | -| tests.js:516:32:516:34 | src | tests.js:516:32:516:39 | src[key] | -| tests.js:516:32:516:34 | src | tests.js:516:32:516:39 | src[key] | -| tests.js:516:32:516:39 | src[key] | tests.js:516:32:516:39 | src[key] | -| tests.js:516:36:516:38 | key | tests.js:516:32:516:39 | src[key] | -| tests.js:516:36:516:38 | key | tests.js:516:32:516:39 | src[key] | -| tests.js:516:36:516:38 | key | tests.js:516:32:516:39 | src[key] | -| tests.js:516:36:516:38 | key | tests.js:516:32:516:39 | src[key] | -| tests.js:523:11:523:23 | dst | tests.js:527:35:527:37 | dst | -| tests.js:523:11:523:23 | dst | tests.js:527:35:527:37 | dst | -| tests.js:523:11:523:23 | dst | tests.js:529:13:529:15 | dst | -| tests.js:523:11:523:23 | dst | tests.js:529:13:529:15 | dst | -| tests.js:523:11:523:23 | dst | tests.js:529:13:529:15 | dst | -| tests.js:523:11:523:23 | dst | tests.js:529:13:529:15 | dst | -| tests.js:523:17:523:23 | args[0] | tests.js:523:11:523:23 | dst | -| tests.js:523:17:523:23 | args[0] | tests.js:523:11:523:23 | dst | -| tests.js:524:11:524:23 | src | tests.js:527:45:527:47 | src | -| tests.js:524:11:524:23 | src | tests.js:527:45:527:47 | src | -| tests.js:524:11:524:23 | src | tests.js:529:24:529:26 | src | -| tests.js:524:11:524:23 | src | tests.js:529:24:529:26 | src | -| tests.js:524:17:524:23 | args[1] | tests.js:524:11:524:23 | src | -| tests.js:524:17:524:23 | args[1] | tests.js:524:11:524:23 | src | -| tests.js:525:14:525:16 | key | tests.js:527:39:527:41 | key | -| tests.js:525:14:525:16 | key | tests.js:527:39:527:41 | key | -| tests.js:525:14:525:16 | key | tests.js:527:39:527:41 | key | -| tests.js:525:14:525:16 | key | tests.js:527:39:527:41 | key | -| tests.js:525:14:525:16 | key | tests.js:527:49:527:51 | key | -| tests.js:525:14:525:16 | key | tests.js:527:49:527:51 | key | -| tests.js:525:14:525:16 | key | tests.js:527:49:527:51 | key | -| tests.js:525:14:525:16 | key | tests.js:527:49:527:51 | key | -| tests.js:525:14:525:16 | key | tests.js:529:17:529:19 | key | -| tests.js:525:14:525:16 | key | tests.js:529:17:529:19 | key | -| tests.js:525:14:525:16 | key | tests.js:529:17:529:19 | key | -| tests.js:525:14:525:16 | key | tests.js:529:17:529:19 | key | -| tests.js:525:14:525:16 | key | tests.js:529:17:529:19 | key | -| tests.js:525:14:525:16 | key | tests.js:529:17:529:19 | key | -| tests.js:525:14:525:16 | key | tests.js:529:17:529:19 | key | -| tests.js:525:14:525:16 | key | tests.js:529:28:529:30 | key | -| tests.js:525:14:525:16 | key | tests.js:529:28:529:30 | key | -| tests.js:525:14:525:16 | key | tests.js:529:28:529:30 | key | -| tests.js:525:14:525:16 | key | tests.js:529:28:529:30 | key | -| tests.js:527:35:527:37 | dst | tests.js:527:35:527:42 | dst[key] | -| tests.js:527:35:527:37 | dst | tests.js:527:35:527:42 | dst[key] | -| tests.js:527:35:527:42 | dst[key] | tests.js:523:17:523:23 | args[0] | -| tests.js:527:35:527:42 | dst[key] | tests.js:523:17:523:23 | args[0] | -| tests.js:527:35:527:42 | dst[key] | tests.js:523:17:523:23 | args[0] | -| tests.js:527:35:527:42 | dst[key] | tests.js:523:17:523:23 | args[0] | -| tests.js:527:39:527:41 | key | tests.js:527:35:527:42 | dst[key] | -| tests.js:527:39:527:41 | key | tests.js:527:35:527:42 | dst[key] | -| tests.js:527:45:527:47 | src | tests.js:527:45:527:52 | src[key] | -| tests.js:527:45:527:47 | src | tests.js:527:45:527:52 | src[key] | -| tests.js:527:45:527:52 | src[key] | tests.js:524:17:524:23 | args[1] | -| tests.js:527:45:527:52 | src[key] | tests.js:524:17:524:23 | args[1] | -| tests.js:527:45:527:52 | src[key] | tests.js:524:17:524:23 | args[1] | -| tests.js:527:45:527:52 | src[key] | tests.js:524:17:524:23 | args[1] | -| tests.js:527:45:527:52 | src[key] | tests.js:524:17:524:23 | args[1] | -| tests.js:527:45:527:52 | src[key] | tests.js:524:17:524:23 | args[1] | -| tests.js:527:49:527:51 | key | tests.js:527:45:527:52 | src[key] | -| tests.js:527:49:527:51 | key | tests.js:527:45:527:52 | src[key] | -| tests.js:529:24:529:26 | src | tests.js:529:24:529:31 | src[key] | -| tests.js:529:24:529:26 | src | tests.js:529:24:529:31 | src[key] | -| tests.js:529:24:529:26 | src | tests.js:529:24:529:31 | src[key] | -| tests.js:529:24:529:26 | src | tests.js:529:24:529:31 | src[key] | -| tests.js:529:24:529:31 | src[key] | tests.js:529:24:529:31 | src[key] | -| tests.js:529:28:529:30 | key | tests.js:529:24:529:31 | src[key] | -| tests.js:529:28:529:30 | key | tests.js:529:24:529:31 | src[key] | -| tests.js:529:28:529:30 | key | tests.js:529:24:529:31 | src[key] | -| tests.js:529:28:529:30 | key | tests.js:529:24:529:31 | src[key] | -| tests.js:534:31:534:33 | obj | tests.js:538:27:538:29 | obj | -| tests.js:534:31:534:33 | obj | tests.js:538:27:538:29 | obj | -| tests.js:534:31:534:33 | obj | tests.js:538:27:538:29 | obj | -| tests.js:534:31:534:33 | obj | tests.js:538:27:538:29 | obj | -| tests.js:538:18:538:24 | keys[i] | tests.js:543:32:543:34 | key | -| tests.js:538:18:538:24 | keys[i] | tests.js:543:32:543:34 | key | -| tests.js:538:18:538:24 | keys[i] | tests.js:543:32:543:34 | key | -| tests.js:538:18:538:24 | keys[i] | tests.js:543:32:543:34 | key | -| tests.js:538:18:538:24 | keys[i] | tests.js:543:32:543:34 | key | -| tests.js:538:18:538:24 | keys[i] | tests.js:543:32:543:34 | key | -| tests.js:538:18:538:24 | keys[i] | tests.js:543:32:543:34 | key | -| tests.js:538:18:538:24 | keys[i] | tests.js:543:32:543:34 | key | -| tests.js:538:27:538:29 | obj | tests.js:538:27:538:38 | obj[keys[i]] | -| tests.js:538:27:538:29 | obj | tests.js:538:27:538:38 | obj[keys[i]] | -| tests.js:538:27:538:29 | obj | tests.js:538:27:538:38 | obj[keys[i]] | -| tests.js:538:27:538:29 | obj | tests.js:538:27:538:38 | obj[keys[i]] | -| tests.js:538:27:538:38 | obj[keys[i]] | tests.js:543:37:543:41 | value | -| tests.js:538:27:538:38 | obj[keys[i]] | tests.js:543:37:543:41 | value | -| tests.js:538:27:538:38 | obj[keys[i]] | tests.js:543:37:543:41 | value | -| tests.js:538:27:538:38 | obj[keys[i]] | tests.js:543:37:543:41 | value | -| tests.js:538:27:538:38 | obj[keys[i]] | tests.js:543:37:543:41 | value | -| tests.js:538:27:538:38 | obj[keys[i]] | tests.js:543:37:543:41 | value | -| tests.js:538:27:538:38 | obj[keys[i]] | tests.js:543:37:543:41 | value | -| tests.js:538:27:538:38 | obj[keys[i]] | tests.js:543:37:543:41 | value | -| tests.js:538:27:538:38 | obj[keys[i]] | tests.js:543:37:543:41 | value | -| tests.js:538:27:538:38 | obj[keys[i]] | tests.js:543:37:543:41 | value | -| tests.js:538:27:538:38 | obj[keys[i]] | tests.js:543:37:543:41 | value | -| tests.js:538:27:538:38 | obj[keys[i]] | tests.js:543:37:543:41 | value | -| tests.js:538:31:538:37 | keys[i] | tests.js:538:27:538:38 | obj[keys[i]] | -| tests.js:538:31:538:37 | keys[i] | tests.js:538:27:538:38 | obj[keys[i]] | -| tests.js:538:31:538:37 | keys[i] | tests.js:538:27:538:38 | obj[keys[i]] | -| tests.js:538:31:538:37 | keys[i] | tests.js:538:27:538:38 | obj[keys[i]] | -| tests.js:542:30:542:32 | dst | tests.js:545:33:545:35 | dst | -| tests.js:542:30:542:32 | dst | tests.js:545:33:545:35 | dst | -| tests.js:542:30:542:32 | dst | tests.js:545:33:545:35 | dst | -| tests.js:542:30:542:32 | dst | tests.js:545:33:545:35 | dst | -| tests.js:542:30:542:32 | dst | tests.js:547:13:547:15 | dst | -| tests.js:542:30:542:32 | dst | tests.js:547:13:547:15 | dst | -| tests.js:542:30:542:32 | dst | tests.js:547:13:547:15 | dst | -| tests.js:542:30:542:32 | dst | tests.js:547:13:547:15 | dst | -| tests.js:542:30:542:32 | dst | tests.js:547:13:547:15 | dst | -| tests.js:542:30:542:32 | dst | tests.js:547:13:547:15 | dst | -| tests.js:542:30:542:32 | dst | tests.js:547:13:547:15 | dst | -| tests.js:542:30:542:32 | dst | tests.js:547:13:547:15 | dst | -| tests.js:542:35:542:37 | src | tests.js:543:26:543:28 | src | -| tests.js:542:35:542:37 | src | tests.js:543:26:543:28 | src | -| tests.js:542:35:542:37 | src | tests.js:543:26:543:28 | src | -| tests.js:542:35:542:37 | src | tests.js:543:26:543:28 | src | -| tests.js:543:26:543:28 | src | tests.js:534:31:534:33 | obj | -| tests.js:543:26:543:28 | src | tests.js:534:31:534:33 | obj | -| tests.js:543:26:543:28 | src | tests.js:534:31:534:33 | obj | -| tests.js:543:26:543:28 | src | tests.js:534:31:534:33 | obj | -| tests.js:543:26:543:28 | src | tests.js:543:37:543:41 | value | -| tests.js:543:26:543:28 | src | tests.js:543:37:543:41 | value | -| tests.js:543:26:543:28 | src | tests.js:543:37:543:41 | value | -| tests.js:543:26:543:28 | src | tests.js:543:37:543:41 | value | -| tests.js:543:32:543:34 | key | tests.js:545:37:545:39 | key | -| tests.js:543:32:543:34 | key | tests.js:545:37:545:39 | key | -| tests.js:543:32:543:34 | key | tests.js:545:37:545:39 | key | -| tests.js:543:32:543:34 | key | tests.js:545:37:545:39 | key | -| tests.js:543:32:543:34 | key | tests.js:547:17:547:19 | key | -| tests.js:543:32:543:34 | key | tests.js:547:17:547:19 | key | -| tests.js:543:32:543:34 | key | tests.js:547:17:547:19 | key | -| tests.js:543:32:543:34 | key | tests.js:547:17:547:19 | key | -| tests.js:543:32:543:34 | key | tests.js:547:17:547:19 | key | -| tests.js:543:32:543:34 | key | tests.js:547:17:547:19 | key | -| tests.js:543:32:543:34 | key | tests.js:547:17:547:19 | key | -| tests.js:543:32:543:34 | key | tests.js:547:17:547:19 | key | -| tests.js:543:37:543:41 | value | tests.js:545:43:545:47 | value | -| tests.js:543:37:543:41 | value | tests.js:545:43:545:47 | value | -| tests.js:543:37:543:41 | value | tests.js:545:43:545:47 | value | -| tests.js:543:37:543:41 | value | tests.js:545:43:545:47 | value | -| tests.js:543:37:543:41 | value | tests.js:547:24:547:28 | value | -| tests.js:543:37:543:41 | value | tests.js:547:24:547:28 | value | -| tests.js:543:37:543:41 | value | tests.js:547:24:547:28 | value | -| tests.js:543:37:543:41 | value | tests.js:547:24:547:28 | value | -| tests.js:543:37:543:41 | value | tests.js:547:24:547:28 | value | -| tests.js:543:37:543:41 | value | tests.js:547:24:547:28 | value | -| tests.js:543:37:543:41 | value | tests.js:547:24:547:28 | value | -| tests.js:543:37:543:41 | value | tests.js:547:24:547:28 | value | -| tests.js:545:33:545:35 | dst | tests.js:545:33:545:40 | dst[key] | -| tests.js:545:33:545:35 | dst | tests.js:545:33:545:40 | dst[key] | -| tests.js:545:33:545:35 | dst | tests.js:545:33:545:40 | dst[key] | -| tests.js:545:33:545:35 | dst | tests.js:545:33:545:40 | dst[key] | -| tests.js:545:33:545:40 | dst[key] | tests.js:542:30:542:32 | dst | -| tests.js:545:33:545:40 | dst[key] | tests.js:542:30:542:32 | dst | -| tests.js:545:33:545:40 | dst[key] | tests.js:542:30:542:32 | dst | -| tests.js:545:33:545:40 | dst[key] | tests.js:542:30:542:32 | dst | -| tests.js:545:37:545:39 | key | tests.js:545:33:545:40 | dst[key] | -| tests.js:545:37:545:39 | key | tests.js:545:33:545:40 | dst[key] | -| tests.js:545:37:545:39 | key | tests.js:545:33:545:40 | dst[key] | -| tests.js:545:37:545:39 | key | tests.js:545:33:545:40 | dst[key] | -| tests.js:545:43:545:47 | value | tests.js:542:35:542:37 | src | -| tests.js:545:43:545:47 | value | tests.js:542:35:542:37 | src | -| tests.js:545:43:545:47 | value | tests.js:542:35:542:37 | src | -| tests.js:545:43:545:47 | value | tests.js:542:35:542:37 | src | -| tests.js:552:35:552:37 | src | tests.js:557:43:557:45 | src | -| tests.js:552:35:552:37 | src | tests.js:557:43:557:45 | src | -| tests.js:552:35:552:37 | src | tests.js:559:24:559:26 | src | -| tests.js:552:35:552:37 | src | tests.js:559:24:559:26 | src | -| tests.js:553:14:553:16 | key | tests.js:559:17:559:19 | key | -| tests.js:553:14:553:16 | key | tests.js:559:17:559:19 | key | -| tests.js:553:14:553:16 | key | tests.js:559:17:559:19 | key | -| tests.js:553:14:553:16 | key | tests.js:559:17:559:19 | key | -| tests.js:553:14:553:16 | key | tests.js:559:17:559:19 | key | -| tests.js:553:14:553:16 | key | tests.js:559:17:559:19 | key | -| tests.js:553:14:553:16 | key | tests.js:559:17:559:19 | key | -| tests.js:553:14:553:16 | key | tests.js:559:28:559:30 | key | -| tests.js:553:14:553:16 | key | tests.js:559:28:559:30 | key | -| tests.js:553:14:553:16 | key | tests.js:559:28:559:30 | key | -| tests.js:553:14:553:16 | key | tests.js:559:28:559:30 | key | -| tests.js:557:43:557:45 | src | tests.js:557:43:557:50 | src[key] | -| tests.js:557:43:557:45 | src | tests.js:557:43:557:50 | src[key] | -| tests.js:557:43:557:50 | src[key] | tests.js:552:35:552:37 | src | -| tests.js:557:43:557:50 | src[key] | tests.js:552:35:552:37 | src | -| tests.js:557:43:557:50 | src[key] | tests.js:552:35:552:37 | src | -| tests.js:557:43:557:50 | src[key] | tests.js:552:35:552:37 | src | -| tests.js:557:43:557:50 | src[key] | tests.js:552:35:552:37 | src | -| tests.js:557:43:557:50 | src[key] | tests.js:552:35:552:37 | src | -| tests.js:559:24:559:26 | src | tests.js:559:24:559:31 | src[key] | -| tests.js:559:24:559:26 | src | tests.js:559:24:559:31 | src[key] | -| tests.js:559:24:559:26 | src | tests.js:559:24:559:31 | src[key] | -| tests.js:559:24:559:26 | src | tests.js:559:24:559:31 | src[key] | -| tests.js:559:24:559:31 | src[key] | tests.js:559:24:559:31 | src[key] | -| tests.js:559:28:559:30 | key | tests.js:559:24:559:31 | src[key] | -| tests.js:559:28:559:30 | key | tests.js:559:24:559:31 | src[key] | -| tests.js:559:28:559:30 | key | tests.js:559:24:559:31 | src[key] | -| tests.js:559:28:559:30 | key | tests.js:559:24:559:31 | src[key] | -| tests.js:564:35:564:37 | src | tests.js:569:43:569:45 | src | -| tests.js:564:35:564:37 | src | tests.js:569:43:569:45 | src | -| tests.js:564:35:564:37 | src | tests.js:571:24:571:26 | src | -| tests.js:564:35:564:37 | src | tests.js:571:24:571:26 | src | -| tests.js:565:14:565:16 | key | tests.js:571:17:571:19 | key | -| tests.js:565:14:565:16 | key | tests.js:571:17:571:19 | key | -| tests.js:565:14:565:16 | key | tests.js:571:17:571:19 | key | -| tests.js:565:14:565:16 | key | tests.js:571:17:571:19 | key | -| tests.js:565:14:565:16 | key | tests.js:571:17:571:19 | key | -| tests.js:565:14:565:16 | key | tests.js:571:17:571:19 | key | -| tests.js:565:14:565:16 | key | tests.js:571:17:571:19 | key | -| tests.js:565:14:565:16 | key | tests.js:571:28:571:30 | key | -| tests.js:565:14:565:16 | key | tests.js:571:28:571:30 | key | -| tests.js:565:14:565:16 | key | tests.js:571:28:571:30 | key | -| tests.js:565:14:565:16 | key | tests.js:571:28:571:30 | key | -| tests.js:569:43:569:45 | src | tests.js:569:43:569:50 | src[key] | -| tests.js:569:43:569:45 | src | tests.js:569:43:569:50 | src[key] | -| tests.js:569:43:569:50 | src[key] | tests.js:564:35:564:37 | src | -| tests.js:569:43:569:50 | src[key] | tests.js:564:35:564:37 | src | -| tests.js:569:43:569:50 | src[key] | tests.js:564:35:564:37 | src | -| tests.js:569:43:569:50 | src[key] | tests.js:564:35:564:37 | src | -| tests.js:569:43:569:50 | src[key] | tests.js:564:35:564:37 | src | -| tests.js:569:43:569:50 | src[key] | tests.js:564:35:564:37 | src | -| tests.js:571:24:571:26 | src | tests.js:571:24:571:31 | src[key] | -| tests.js:571:24:571:26 | src | tests.js:571:24:571:31 | src[key] | -| tests.js:571:24:571:26 | src | tests.js:571:24:571:31 | src[key] | -| tests.js:571:24:571:26 | src | tests.js:571:24:571:31 | src[key] | -| tests.js:571:24:571:31 | src[key] | tests.js:571:24:571:31 | src[key] | -| tests.js:571:28:571:30 | key | tests.js:571:24:571:31 | src[key] | -| tests.js:571:28:571:30 | key | tests.js:571:24:571:31 | src[key] | -| tests.js:571:28:571:30 | key | tests.js:571:24:571:31 | src[key] | -| tests.js:571:28:571:30 | key | tests.js:571:24:571:31 | src[key] | -| tests.js:576:30:576:32 | src | tests.js:580:38:580:40 | src | -| tests.js:576:30:576:32 | src | tests.js:580:38:580:40 | src | -| tests.js:576:30:576:32 | src | tests.js:582:24:582:26 | src | -| tests.js:576:30:576:32 | src | tests.js:582:24:582:26 | src | -| tests.js:577:14:577:16 | key | tests.js:582:17:582:19 | key | -| tests.js:577:14:577:16 | key | tests.js:582:17:582:19 | key | -| tests.js:577:14:577:16 | key | tests.js:582:17:582:19 | key | -| tests.js:577:14:577:16 | key | tests.js:582:17:582:19 | key | -| tests.js:577:14:577:16 | key | tests.js:582:17:582:19 | key | -| tests.js:577:14:577:16 | key | tests.js:582:17:582:19 | key | -| tests.js:577:14:577:16 | key | tests.js:582:17:582:19 | key | -| tests.js:577:14:577:16 | key | tests.js:582:28:582:30 | key | -| tests.js:577:14:577:16 | key | tests.js:582:28:582:30 | key | -| tests.js:577:14:577:16 | key | tests.js:582:28:582:30 | key | -| tests.js:577:14:577:16 | key | tests.js:582:28:582:30 | key | -| tests.js:580:38:580:40 | src | tests.js:580:38:580:45 | src[key] | -| tests.js:580:38:580:40 | src | tests.js:580:38:580:45 | src[key] | -| tests.js:580:38:580:45 | src[key] | tests.js:576:30:576:32 | src | -| tests.js:580:38:580:45 | src[key] | tests.js:576:30:576:32 | src | -| tests.js:580:38:580:45 | src[key] | tests.js:576:30:576:32 | src | -| tests.js:580:38:580:45 | src[key] | tests.js:576:30:576:32 | src | -| tests.js:580:38:580:45 | src[key] | tests.js:576:30:576:32 | src | -| tests.js:580:38:580:45 | src[key] | tests.js:576:30:576:32 | src | -| tests.js:582:24:582:26 | src | tests.js:582:24:582:31 | src[key] | -| tests.js:582:24:582:26 | src | tests.js:582:24:582:31 | src[key] | -| tests.js:582:24:582:26 | src | tests.js:582:24:582:31 | src[key] | -| tests.js:582:24:582:26 | src | tests.js:582:24:582:31 | src[key] | -| tests.js:582:24:582:31 | src[key] | tests.js:582:24:582:31 | src[key] | -| tests.js:582:28:582:30 | key | tests.js:582:24:582:31 | src[key] | -| tests.js:582:28:582:30 | key | tests.js:582:24:582:31 | src[key] | -| tests.js:582:28:582:30 | key | tests.js:582:24:582:31 | src[key] | -| tests.js:582:28:582:30 | key | tests.js:582:24:582:31 | src[key] | +| examples/PrototypePollutingFunction.js:1:16:1:18 | dst | examples/PrototypePollutingFunction.js:5:19:5:21 | dst | provenance | | +| examples/PrototypePollutingFunction.js:1:16:1:18 | dst | examples/PrototypePollutingFunction.js:7:13:7:15 | dst | provenance | | +| examples/PrototypePollutingFunction.js:1:21:1:23 | src | examples/PrototypePollutingFunction.js:5:29:5:31 | src | provenance | | +| examples/PrototypePollutingFunction.js:1:21:1:23 | src | examples/PrototypePollutingFunction.js:7:24:7:26 | src | provenance | | +| examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:5:23:5:25 | key | provenance | | +| examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:5:33:5:35 | key | provenance | | +| examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:7:17:7:19 | key | provenance | | +| examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:7:28:7:30 | key | provenance | | +| examples/PrototypePollutingFunction.js:5:19:5:21 | dst | examples/PrototypePollutingFunction.js:5:19:5:26 | dst[key] | provenance | Config | +| examples/PrototypePollutingFunction.js:5:19:5:26 | dst[key] | examples/PrototypePollutingFunction.js:1:16:1:18 | dst | provenance | | +| examples/PrototypePollutingFunction.js:5:23:5:25 | key | examples/PrototypePollutingFunction.js:5:19:5:26 | dst[key] | provenance | Config | +| examples/PrototypePollutingFunction.js:5:29:5:31 | src | examples/PrototypePollutingFunction.js:5:29:5:36 | src[key] | provenance | Config | +| examples/PrototypePollutingFunction.js:5:29:5:36 | src[key] | examples/PrototypePollutingFunction.js:1:21:1:23 | src | provenance | | +| examples/PrototypePollutingFunction.js:5:33:5:35 | key | examples/PrototypePollutingFunction.js:5:29:5:36 | src[key] | provenance | Config | +| examples/PrototypePollutingFunction.js:7:24:7:26 | src | examples/PrototypePollutingFunction.js:7:24:7:31 | src[key] | provenance | Config | +| examples/PrototypePollutingFunction.js:7:28:7:30 | key | examples/PrototypePollutingFunction.js:7:24:7:31 | src[key] | provenance | Config | +| examples/PrototypePollutingFunction_fixed2.js:1:21:1:23 | src | examples/PrototypePollutingFunction_fixed2.js:6:29:6:31 | src | provenance | | +| examples/PrototypePollutingFunction_fixed2.js:1:21:1:23 | src | examples/PrototypePollutingFunction_fixed2.js:8:24:8:26 | src | provenance | | +| examples/PrototypePollutingFunction_fixed2.js:6:29:6:31 | src | examples/PrototypePollutingFunction_fixed2.js:6:29:6:36 | src[key] | provenance | Config | +| examples/PrototypePollutingFunction_fixed2.js:6:29:6:36 | src[key] | examples/PrototypePollutingFunction_fixed2.js:1:21:1:23 | src | provenance | | +| examples/PrototypePollutingFunction_fixed2.js:8:24:8:26 | src | examples/PrototypePollutingFunction_fixed2.js:8:24:8:31 | src[key] | provenance | Config | +| examples/PrototypePollutingFunction_fixed.js:1:21:1:23 | src | examples/PrototypePollutingFunction_fixed.js:5:29:5:31 | src | provenance | | +| examples/PrototypePollutingFunction_fixed.js:1:21:1:23 | src | examples/PrototypePollutingFunction_fixed.js:7:24:7:26 | src | provenance | | +| examples/PrototypePollutingFunction_fixed.js:2:14:2:16 | key | examples/PrototypePollutingFunction_fixed.js:7:17:7:19 | key | provenance | | +| examples/PrototypePollutingFunction_fixed.js:2:14:2:16 | key | examples/PrototypePollutingFunction_fixed.js:7:28:7:30 | key | provenance | | +| examples/PrototypePollutingFunction_fixed.js:5:29:5:31 | src | examples/PrototypePollutingFunction_fixed.js:5:29:5:36 | src[key] | provenance | Config | +| examples/PrototypePollutingFunction_fixed.js:5:29:5:36 | src[key] | examples/PrototypePollutingFunction_fixed.js:1:21:1:23 | src | provenance | | +| examples/PrototypePollutingFunction_fixed.js:7:24:7:26 | src | examples/PrototypePollutingFunction_fixed.js:7:24:7:31 | src[key] | provenance | Config | +| examples/PrototypePollutingFunction_fixed.js:7:28:7:30 | key | examples/PrototypePollutingFunction_fixed.js:7:24:7:31 | src[key] | provenance | Config | +| path-assignment.js:8:13:8:25 | key | path-assignment.js:13:29:13:31 | key | provenance | | +| path-assignment.js:8:13:8:25 | key | path-assignment.js:15:20:15:22 | key | provenance | | +| path-assignment.js:8:19:8:25 | keys[i] | path-assignment.js:8:13:8:25 | key | provenance | | +| path-assignment.js:13:13:13:32 | target | path-assignment.js:13:22:13:27 | target | provenance | | +| path-assignment.js:13:13:13:32 | target | path-assignment.js:15:13:15:18 | target | provenance | | +| path-assignment.js:13:22:13:27 | target | path-assignment.js:13:22:13:32 | target[key] | provenance | Config | +| path-assignment.js:13:22:13:32 | target[key] | path-assignment.js:13:13:13:32 | target | provenance | | +| path-assignment.js:13:29:13:31 | key | path-assignment.js:13:22:13:32 | target[key] | provenance | Config | +| path-assignment.js:41:13:41:25 | key | path-assignment.js:42:25:42:27 | key | provenance | | +| path-assignment.js:41:13:41:25 | key | path-assignment.js:42:39:42:41 | key | provenance | | +| path-assignment.js:41:19:41:25 | keys[i] | path-assignment.js:41:13:41:25 | key | provenance | | +| path-assignment.js:42:9:42:48 | target | path-assignment.js:42:18:42:23 | target | provenance | | +| path-assignment.js:42:9:42:48 | target | path-assignment.js:42:32:42:37 | target | provenance | | +| path-assignment.js:42:9:42:48 | target | path-assignment.js:44:5:44:10 | target | provenance | | +| path-assignment.js:42:32:42:37 | target | path-assignment.js:42:32:42:42 | target[key] | provenance | Config | +| path-assignment.js:42:32:42:42 | target[key] | path-assignment.js:42:9:42:48 | target | provenance | | +| path-assignment.js:42:32:42:42 | target[key] | path-assignment.js:42:32:42:48 | target[key] \|\| {} | provenance | | +| path-assignment.js:42:39:42:41 | key | path-assignment.js:42:32:42:42 | target[key] | provenance | Config | +| path-assignment.js:58:13:58:25 | key | path-assignment.js:59:25:59:27 | key | provenance | | +| path-assignment.js:58:13:58:25 | key | path-assignment.js:59:39:59:41 | key | provenance | | +| path-assignment.js:58:19:58:25 | keys[i] | path-assignment.js:58:13:58:25 | key | provenance | | +| path-assignment.js:59:9:59:48 | target | path-assignment.js:59:18:59:23 | target | provenance | | +| path-assignment.js:59:9:59:48 | target | path-assignment.js:59:32:59:37 | target | provenance | | +| path-assignment.js:59:9:59:48 | target | path-assignment.js:61:5:61:10 | target | provenance | | +| path-assignment.js:59:32:59:37 | target | path-assignment.js:59:32:59:42 | target[key] | provenance | Config | +| path-assignment.js:59:32:59:42 | target[key] | path-assignment.js:59:9:59:48 | target | provenance | | +| path-assignment.js:59:32:59:42 | target[key] | path-assignment.js:59:32:59:48 | target[key] \|\| {} | provenance | | +| path-assignment.js:59:39:59:41 | key | path-assignment.js:59:32:59:42 | target[key] | provenance | Config | +| path-assignment.js:68:13:68:25 | key | path-assignment.js:69:25:69:27 | key | provenance | | +| path-assignment.js:68:13:68:25 | key | path-assignment.js:69:39:69:41 | key | provenance | | +| path-assignment.js:68:19:68:25 | keys[i] | path-assignment.js:68:13:68:25 | key | provenance | | +| path-assignment.js:69:9:69:48 | target | path-assignment.js:69:18:69:23 | target | provenance | | +| path-assignment.js:69:9:69:48 | target | path-assignment.js:69:32:69:37 | target | provenance | | +| path-assignment.js:69:9:69:48 | target | path-assignment.js:71:5:71:10 | target | provenance | | +| path-assignment.js:69:32:69:37 | target | path-assignment.js:69:32:69:42 | target[key] | provenance | Config | +| path-assignment.js:69:32:69:42 | target[key] | path-assignment.js:69:9:69:48 | target | provenance | | +| path-assignment.js:69:32:69:42 | target[key] | path-assignment.js:69:32:69:48 | target[key] \|\| {} | provenance | | +| path-assignment.js:69:39:69:41 | key | path-assignment.js:69:32:69:42 | target[key] | provenance | Config | +| tests.js:3:25:3:27 | dst | tests.js:6:28:6:30 | dst | provenance | | +| tests.js:3:25:3:27 | dst | tests.js:8:13:8:15 | dst | provenance | | +| tests.js:3:30:3:32 | src | tests.js:6:38:6:40 | src | provenance | | +| tests.js:3:30:3:32 | src | tests.js:8:24:8:26 | src | provenance | | +| tests.js:4:14:4:16 | key | tests.js:6:32:6:34 | key | provenance | | +| tests.js:4:14:4:16 | key | tests.js:6:42:6:44 | key | provenance | | +| tests.js:4:14:4:16 | key | tests.js:8:17:8:19 | key | provenance | | +| tests.js:4:14:4:16 | key | tests.js:8:28:8:30 | key | provenance | | +| tests.js:6:28:6:30 | dst | tests.js:6:28:6:35 | dst[key] | provenance | Config | +| tests.js:6:28:6:35 | dst[key] | tests.js:3:25:3:27 | dst | provenance | | +| tests.js:6:32:6:34 | key | tests.js:6:28:6:35 | dst[key] | provenance | Config | +| tests.js:6:38:6:40 | src | tests.js:6:38:6:45 | src[key] | provenance | Config | +| tests.js:6:38:6:45 | src[key] | tests.js:3:30:3:32 | src | provenance | | +| tests.js:6:42:6:44 | key | tests.js:6:38:6:45 | src[key] | provenance | Config | +| tests.js:8:24:8:26 | src | tests.js:8:24:8:31 | src[key] | provenance | Config | +| tests.js:8:28:8:30 | key | tests.js:8:24:8:31 | src[key] | provenance | Config | +| tests.js:13:24:13:26 | dst | tests.js:16:27:16:29 | dst | provenance | | +| tests.js:13:24:13:26 | dst | tests.js:18:13:18:15 | dst | provenance | | +| tests.js:13:29:13:31 | src | tests.js:14:17:14:19 | src | provenance | | +| tests.js:14:17:14:19 | src | tests.js:16:37:16:39 | src | provenance | | +| tests.js:14:17:14:19 | src | tests.js:18:24:18:26 | src | provenance | | +| tests.js:14:30:14:32 | key | tests.js:16:31:16:33 | key | provenance | | +| tests.js:14:30:14:32 | key | tests.js:16:41:16:43 | key | provenance | | +| tests.js:14:30:14:32 | key | tests.js:18:17:18:19 | key | provenance | | +| tests.js:14:30:14:32 | key | tests.js:18:28:18:30 | key | provenance | | +| tests.js:16:27:16:29 | dst | tests.js:16:27:16:34 | dst[key] | provenance | Config | +| tests.js:16:27:16:34 | dst[key] | tests.js:13:24:13:26 | dst | provenance | | +| tests.js:16:31:16:33 | key | tests.js:16:27:16:34 | dst[key] | provenance | Config | +| tests.js:16:37:16:39 | src | tests.js:16:37:16:44 | src[key] | provenance | Config | +| tests.js:16:37:16:44 | src[key] | tests.js:13:29:13:31 | src | provenance | | +| tests.js:16:41:16:43 | key | tests.js:16:37:16:44 | src[key] | provenance | Config | +| tests.js:18:24:18:26 | src | tests.js:18:24:18:31 | src[key] | provenance | Config | +| tests.js:18:28:18:30 | key | tests.js:18:24:18:31 | src[key] | provenance | Config | +| tests.js:23:19:23:21 | dst | tests.js:26:25:26:27 | dst | provenance | | +| tests.js:25:18:25:20 | key | tests.js:26:37:26:39 | key | provenance | | +| tests.js:25:18:25:20 | key | tests.js:26:43:26:45 | key | provenance | | +| tests.js:26:25:26:27 | dst | tests.js:31:22:31:24 | dst | provenance | | +| tests.js:26:30:26:40 | source[key] | tests.js:31:27:31:31 | value | provenance | | +| tests.js:26:37:26:39 | key | tests.js:26:30:26:40 | source[key] | provenance | Config | +| tests.js:26:43:26:45 | key | tests.js:31:34:31:36 | key | provenance | | +| tests.js:31:22:31:24 | dst | tests.js:32:20:32:22 | dst | provenance | | +| tests.js:31:22:31:24 | dst | tests.js:36:9:36:11 | dst | provenance | | +| tests.js:31:27:31:31 | value | tests.js:36:20:36:24 | value | provenance | | +| tests.js:31:34:31:36 | key | tests.js:32:24:32:26 | key | provenance | | +| tests.js:31:34:31:36 | key | tests.js:36:13:36:15 | key | provenance | | +| tests.js:32:9:32:27 | dstValue | tests.js:34:18:34:25 | dstValue | provenance | | +| tests.js:32:20:32:22 | dst | tests.js:32:20:32:27 | dst[key] | provenance | Config | +| tests.js:32:20:32:27 | dst[key] | tests.js:32:9:32:27 | dstValue | provenance | | +| tests.js:32:24:32:26 | key | tests.js:32:20:32:27 | dst[key] | provenance | Config | +| tests.js:34:18:34:25 | dstValue | tests.js:23:19:23:21 | dst | provenance | | +| tests.js:40:27:40:29 | dst | tests.js:44:30:44:32 | dst | provenance | | +| tests.js:40:27:40:29 | dst | tests.js:46:13:46:15 | dst | provenance | | +| tests.js:40:32:40:34 | src | tests.js:44:40:44:42 | src | provenance | | +| tests.js:40:32:40:34 | src | tests.js:46:24:46:26 | src | provenance | | +| tests.js:41:14:41:16 | key | tests.js:44:34:44:36 | key | provenance | | +| tests.js:41:14:41:16 | key | tests.js:44:44:44:46 | key | provenance | | +| tests.js:41:14:41:16 | key | tests.js:46:17:46:19 | key | provenance | | +| tests.js:41:14:41:16 | key | tests.js:46:28:46:30 | key | provenance | | +| tests.js:44:30:44:32 | dst | tests.js:44:30:44:37 | dst[key] | provenance | Config | +| tests.js:44:30:44:37 | dst[key] | tests.js:40:27:40:29 | dst | provenance | | +| tests.js:44:34:44:36 | key | tests.js:44:30:44:37 | dst[key] | provenance | Config | +| tests.js:44:40:44:42 | src | tests.js:44:40:44:47 | src[key] | provenance | Config | +| tests.js:44:40:44:47 | src[key] | tests.js:40:32:40:34 | src | provenance | | +| tests.js:44:44:44:46 | key | tests.js:44:40:44:47 | src[key] | provenance | Config | +| tests.js:46:24:46:26 | src | tests.js:46:24:46:31 | src[key] | provenance | Config | +| tests.js:46:28:46:30 | key | tests.js:46:24:46:31 | src[key] | provenance | Config | +| tests.js:51:26:51:28 | dst | tests.js:55:29:55:31 | dst | provenance | | +| tests.js:51:26:51:28 | dst | tests.js:57:13:57:15 | dst | provenance | | +| tests.js:51:31:51:33 | src | tests.js:55:39:55:41 | src | provenance | | +| tests.js:51:31:51:33 | src | tests.js:57:24:57:26 | src | provenance | | +| tests.js:52:14:52:16 | key | tests.js:55:33:55:35 | key | provenance | | +| tests.js:52:14:52:16 | key | tests.js:55:43:55:45 | key | provenance | | +| tests.js:52:14:52:16 | key | tests.js:57:17:57:19 | key | provenance | | +| tests.js:52:14:52:16 | key | tests.js:57:28:57:30 | key | provenance | | +| tests.js:55:29:55:31 | dst | tests.js:55:29:55:36 | dst[key] | provenance | Config | +| tests.js:55:29:55:36 | dst[key] | tests.js:51:26:51:28 | dst | provenance | | +| tests.js:55:33:55:35 | key | tests.js:55:29:55:36 | dst[key] | provenance | Config | +| tests.js:55:39:55:41 | src | tests.js:55:39:55:46 | src[key] | provenance | Config | +| tests.js:55:39:55:46 | src[key] | tests.js:51:31:51:33 | src | provenance | | +| tests.js:55:43:55:45 | key | tests.js:55:39:55:46 | src[key] | provenance | Config | +| tests.js:57:24:57:26 | src | tests.js:57:24:57:31 | src[key] | provenance | Config | +| tests.js:57:28:57:30 | key | tests.js:57:24:57:31 | src[key] | provenance | Config | +| tests.js:62:33:62:35 | src | tests.js:66:41:66:43 | src | provenance | | +| tests.js:62:33:62:35 | src | tests.js:68:24:68:26 | src | provenance | | +| tests.js:66:41:66:43 | src | tests.js:66:41:66:48 | src[key] | provenance | Config | +| tests.js:66:41:66:48 | src[key] | tests.js:62:33:62:35 | src | provenance | | +| tests.js:68:24:68:26 | src | tests.js:68:24:68:31 | src[key] | provenance | Config | +| tests.js:77:27:77:29 | src | tests.js:81:39:81:41 | src | provenance | | +| tests.js:77:27:77:29 | src | tests.js:83:28:83:30 | src | provenance | | +| tests.js:81:39:81:41 | src | tests.js:81:39:81:46 | src[key] | provenance | Config | +| tests.js:81:39:81:46 | src[key] | tests.js:77:27:77:29 | src | provenance | | +| tests.js:83:28:83:30 | src | tests.js:83:28:83:35 | src[key] | provenance | Config | +| tests.js:89:34:89:36 | src | tests.js:94:42:94:44 | src | provenance | | +| tests.js:89:34:89:36 | src | tests.js:96:24:96:26 | src | provenance | | +| tests.js:90:14:90:16 | key | tests.js:96:17:96:19 | key | provenance | | +| tests.js:90:14:90:16 | key | tests.js:96:28:96:30 | key | provenance | | +| tests.js:94:42:94:44 | src | tests.js:94:42:94:49 | src[key] | provenance | Config | +| tests.js:94:42:94:49 | src[key] | tests.js:89:34:89:36 | src | provenance | | +| tests.js:96:24:96:26 | src | tests.js:96:24:96:31 | src[key] | provenance | Config | +| tests.js:96:28:96:30 | key | tests.js:96:24:96:31 | src[key] | provenance | Config | +| tests.js:101:32:101:34 | dst | tests.js:107:35:107:37 | dst | provenance | | +| tests.js:101:32:101:34 | dst | tests.js:109:13:109:15 | dst | provenance | | +| tests.js:101:37:101:39 | src | tests.js:107:45:107:47 | src | provenance | | +| tests.js:101:37:101:39 | src | tests.js:109:24:109:26 | src | provenance | | +| tests.js:102:14:102:16 | key | tests.js:107:39:107:41 | key | provenance | | +| tests.js:102:14:102:16 | key | tests.js:107:49:107:51 | key | provenance | | +| tests.js:102:14:102:16 | key | tests.js:109:17:109:19 | key | provenance | | +| tests.js:102:14:102:16 | key | tests.js:109:28:109:30 | key | provenance | | +| tests.js:107:35:107:37 | dst | tests.js:107:35:107:42 | dst[key] | provenance | Config | +| tests.js:107:35:107:42 | dst[key] | tests.js:101:32:101:34 | dst | provenance | | +| tests.js:107:39:107:41 | key | tests.js:107:35:107:42 | dst[key] | provenance | Config | +| tests.js:107:45:107:47 | src | tests.js:107:45:107:52 | src[key] | provenance | Config | +| tests.js:107:45:107:52 | src[key] | tests.js:101:37:101:39 | src | provenance | | +| tests.js:107:49:107:51 | key | tests.js:107:45:107:52 | src[key] | provenance | Config | +| tests.js:109:24:109:26 | src | tests.js:109:24:109:31 | src[key] | provenance | Config | +| tests.js:109:28:109:30 | key | tests.js:109:24:109:31 | src[key] | provenance | Config | +| tests.js:116:41:116:43 | src | tests.js:119:49:119:51 | src | provenance | | +| tests.js:116:41:116:43 | src | tests.js:121:24:121:26 | src | provenance | | +| tests.js:117:14:117:16 | key | tests.js:121:17:121:19 | key | provenance | | +| tests.js:117:14:117:16 | key | tests.js:121:28:121:30 | key | provenance | | +| tests.js:119:49:119:51 | src | tests.js:119:49:119:56 | src[key] | provenance | Config | +| tests.js:119:49:119:56 | src[key] | tests.js:116:41:116:43 | src | provenance | | +| tests.js:121:24:121:26 | src | tests.js:121:24:121:31 | src[key] | provenance | Config | +| tests.js:121:28:121:30 | key | tests.js:121:24:121:31 | src[key] | provenance | Config | +| tests.js:149:31:149:33 | dst | tests.js:152:22:152:24 | dst | provenance | | +| tests.js:149:31:149:33 | dst | tests.js:154:13:154:15 | dst | provenance | | +| tests.js:149:36:149:38 | src | tests.js:152:27:152:29 | src | provenance | | +| tests.js:149:36:149:38 | src | tests.js:154:24:154:26 | src | provenance | | +| tests.js:150:14:150:16 | key | tests.js:152:32:152:34 | key | provenance | | +| tests.js:150:14:150:16 | key | tests.js:154:17:154:19 | key | provenance | | +| tests.js:150:14:150:16 | key | tests.js:154:28:154:30 | key | provenance | | +| tests.js:152:22:152:24 | dst | tests.js:160:37:160:39 | dst | provenance | | +| tests.js:152:27:152:29 | src | tests.js:160:42:160:44 | src | provenance | | +| tests.js:152:32:152:34 | key | tests.js:160:47:160:49 | key | provenance | | +| tests.js:154:24:154:26 | src | tests.js:154:24:154:31 | src[key] | provenance | Config | +| tests.js:154:28:154:30 | key | tests.js:154:24:154:31 | src[key] | provenance | Config | +| tests.js:159:36:159:38 | dst | tests.js:160:26:160:28 | dst | provenance | | +| tests.js:159:41:159:43 | src | tests.js:160:31:160:33 | src | provenance | | +| tests.js:160:26:160:28 | dst | tests.js:149:31:149:33 | dst | provenance | | +| tests.js:160:31:160:33 | src | tests.js:149:36:149:38 | src | provenance | | +| tests.js:160:37:160:39 | dst | tests.js:161:35:161:37 | dst | provenance | | +| tests.js:160:42:160:44 | src | tests.js:161:45:161:47 | src | provenance | | +| tests.js:160:47:160:49 | key | tests.js:161:39:161:41 | key | provenance | | +| tests.js:160:47:160:49 | key | tests.js:161:49:161:51 | key | provenance | | +| tests.js:161:35:161:37 | dst | tests.js:161:35:161:42 | dst[key] | provenance | Config | +| tests.js:161:35:161:42 | dst[key] | tests.js:159:36:159:38 | dst | provenance | | +| tests.js:161:39:161:41 | key | tests.js:161:35:161:42 | dst[key] | provenance | Config | +| tests.js:161:45:161:47 | src | tests.js:161:45:161:52 | src[key] | provenance | Config | +| tests.js:161:45:161:52 | src[key] | tests.js:159:41:159:43 | src | provenance | | +| tests.js:161:49:161:51 | key | tests.js:161:45:161:52 | src[key] | provenance | Config | +| tests.js:165:37:165:39 | src | tests.js:169:45:169:47 | src | provenance | | +| tests.js:165:37:165:39 | src | tests.js:171:24:171:26 | src | provenance | | +| tests.js:166:14:166:16 | key | tests.js:169:49:169:51 | key | provenance | | +| tests.js:166:14:166:16 | key | tests.js:171:17:171:19 | key | provenance | | +| tests.js:166:14:166:16 | key | tests.js:171:28:171:30 | key | provenance | | +| tests.js:169:45:169:47 | src | tests.js:169:45:169:52 | src[key] | provenance | Config | +| tests.js:169:45:169:52 | src[key] | tests.js:165:37:165:39 | src | provenance | | +| tests.js:169:49:169:51 | key | tests.js:169:45:169:52 | src[key] | provenance | Config | +| tests.js:171:24:171:26 | src | tests.js:171:24:171:31 | src[key] | provenance | Config | +| tests.js:171:28:171:30 | key | tests.js:171:24:171:31 | src[key] | provenance | Config | +| tests.js:178:33:178:35 | src | tests.js:182:41:182:43 | src | provenance | | +| tests.js:178:33:178:35 | src | tests.js:184:24:184:26 | src | provenance | | +| tests.js:182:41:182:43 | src | tests.js:182:41:182:48 | src[key] | provenance | Config | +| tests.js:182:41:182:48 | src[key] | tests.js:178:33:178:35 | src | provenance | | +| tests.js:184:24:184:26 | src | tests.js:184:24:184:31 | src[key] | provenance | Config | +| tests.js:189:32:189:34 | dst | tests.js:194:35:194:37 | dst | provenance | | +| tests.js:189:32:189:34 | dst | tests.js:196:13:196:15 | dst | provenance | | +| tests.js:189:37:189:39 | src | tests.js:194:45:194:47 | src | provenance | | +| tests.js:189:37:189:39 | src | tests.js:196:24:196:26 | src | provenance | | +| tests.js:192:13:192:25 | key | tests.js:194:39:194:41 | key | provenance | | +| tests.js:192:13:192:25 | key | tests.js:194:49:194:51 | key | provenance | | +| tests.js:192:13:192:25 | key | tests.js:196:17:196:19 | key | provenance | | +| tests.js:192:13:192:25 | key | tests.js:196:28:196:30 | key | provenance | | +| tests.js:192:19:192:25 | keys[i] | tests.js:192:13:192:25 | key | provenance | | +| tests.js:194:35:194:37 | dst | tests.js:194:35:194:42 | dst[key] | provenance | Config | +| tests.js:194:35:194:42 | dst[key] | tests.js:189:32:189:34 | dst | provenance | | +| tests.js:194:39:194:41 | key | tests.js:194:35:194:42 | dst[key] | provenance | Config | +| tests.js:194:45:194:47 | src | tests.js:194:45:194:52 | src[key] | provenance | Config | +| tests.js:194:45:194:52 | src[key] | tests.js:189:37:189:39 | src | provenance | | +| tests.js:194:49:194:51 | key | tests.js:194:45:194:52 | src[key] | provenance | Config | +| tests.js:196:24:196:26 | src | tests.js:196:24:196:31 | src[key] | provenance | Config | +| tests.js:196:28:196:30 | key | tests.js:196:24:196:31 | src[key] | provenance | Config | +| tests.js:201:39:201:41 | dst | tests.js:206:42:206:44 | dst | provenance | | +| tests.js:201:39:201:41 | dst | tests.js:208:13:208:15 | dst | provenance | | +| tests.js:201:44:201:46 | src | tests.js:206:56:206:58 | src | provenance | | +| tests.js:201:44:201:46 | src | tests.js:208:28:208:30 | src | provenance | | +| tests.js:206:42:206:44 | dst | tests.js:206:42:206:53 | dst[keys[i]] | provenance | Config | +| tests.js:206:42:206:53 | dst[keys[i]] | tests.js:201:39:201:41 | dst | provenance | | +| tests.js:206:46:206:52 | keys[i] | tests.js:206:42:206:53 | dst[keys[i]] | provenance | Config | +| tests.js:206:56:206:58 | src | tests.js:206:56:206:67 | src[keys[i]] | provenance | Config | +| tests.js:206:56:206:67 | src[keys[i]] | tests.js:201:44:201:46 | src | provenance | | +| tests.js:206:60:206:66 | keys[i] | tests.js:206:56:206:67 | src[keys[i]] | provenance | Config | +| tests.js:208:28:208:30 | src | tests.js:208:28:208:39 | src[keys[i]] | provenance | Config | +| tests.js:208:32:208:38 | keys[i] | tests.js:208:28:208:39 | src[keys[i]] | provenance | Config | +| tests.js:213:23:213:26 | key1 | tests.js:217:9:217:12 | key1 | provenance | | +| tests.js:213:29:213:32 | key2 | tests.js:217:15:217:18 | key2 | provenance | | +| tests.js:213:35:213:39 | value | tests.js:217:23:217:27 | value | provenance | | +| tests.js:217:9:217:12 | key1 | tests.js:217:5:217:13 | map[key1] | provenance | Config | +| tests.js:223:14:223:16 | key | tests.js:224:23:224:25 | key | provenance | | +| tests.js:223:14:223:16 | key | tests.js:224:38:224:40 | key | provenance | | +| tests.js:223:14:223:16 | key | tests.js:225:28:225:30 | key | provenance | | +| tests.js:223:14:223:16 | key | tests.js:225:38:225:40 | key | provenance | | +| tests.js:224:23:224:25 | key | tests.js:213:23:213:26 | key1 | provenance | | +| tests.js:224:33:224:41 | data[key] | tests.js:213:35:213:39 | value | provenance | | +| tests.js:224:38:224:40 | key | tests.js:224:33:224:41 | data[key] | provenance | Config | +| tests.js:225:28:225:30 | key | tests.js:213:29:213:32 | key2 | provenance | | +| tests.js:225:33:225:41 | data[key] | tests.js:213:35:213:39 | value | provenance | | +| tests.js:225:38:225:40 | key | tests.js:225:33:225:41 | data[key] | provenance | Config | +| tests.js:229:26:229:29 | key1 | tests.js:233:9:233:12 | key1 | provenance | | +| tests.js:229:32:229:35 | key2 | tests.js:233:15:233:18 | key2 | provenance | | +| tests.js:229:38:229:42 | value | tests.js:233:23:233:27 | value | provenance | | +| tests.js:233:9:233:12 | key1 | tests.js:233:5:233:13 | map[key1] | provenance | Config | +| tests.js:238:14:238:16 | key | tests.js:239:24:239:26 | key | provenance | | +| tests.js:238:14:238:16 | key | tests.js:239:39:239:41 | key | provenance | | +| tests.js:238:14:238:16 | key | tests.js:240:31:240:33 | key | provenance | | +| tests.js:238:14:238:16 | key | tests.js:240:41:240:43 | key | provenance | | +| tests.js:239:24:239:26 | key | tests.js:229:26:229:29 | key1 | provenance | | +| tests.js:239:34:239:42 | data[key] | tests.js:229:38:229:42 | value | provenance | | +| tests.js:239:39:239:41 | key | tests.js:239:34:239:42 | data[key] | provenance | Config | +| tests.js:240:31:240:33 | key | tests.js:229:32:229:35 | key2 | provenance | | +| tests.js:240:36:240:44 | data[key] | tests.js:229:38:229:42 | value | provenance | | +| tests.js:240:41:240:43 | key | tests.js:240:36:240:44 | data[key] | provenance | Config | +| tests.js:263:27:263:29 | dst | tests.js:268:30:268:32 | dst | provenance | | +| tests.js:263:27:263:29 | dst | tests.js:270:13:270:15 | dst | provenance | | +| tests.js:265:13:265:26 | key | tests.js:268:34:268:36 | key | provenance | | +| tests.js:265:13:265:26 | key | tests.js:270:17:270:19 | key | provenance | | +| tests.js:265:19:265:26 | entry[0] | tests.js:265:13:265:26 | key | provenance | | +| tests.js:266:13:266:28 | value | tests.js:270:24:270:28 | value | provenance | | +| tests.js:266:21:266:28 | entry[1] | tests.js:266:13:266:28 | value | provenance | | +| tests.js:268:30:268:32 | dst | tests.js:268:30:268:37 | dst[key] | provenance | Config | +| tests.js:268:30:268:37 | dst[key] | tests.js:263:27:263:29 | dst | provenance | | +| tests.js:268:34:268:36 | key | tests.js:268:30:268:37 | dst[key] | provenance | Config | +| tests.js:275:27:275:29 | dst | tests.js:278:30:278:32 | dst | provenance | | +| tests.js:275:27:275:29 | dst | tests.js:280:13:280:15 | dst | provenance | | +| tests.js:275:32:275:34 | src | tests.js:276:21:276:23 | src | provenance | | +| tests.js:276:21:276:23 | src | tests.js:278:40:278:42 | src | provenance | | +| tests.js:276:21:276:23 | src | tests.js:280:24:280:26 | src | provenance | | +| tests.js:276:34:276:36 | key | tests.js:278:34:278:36 | key | provenance | | +| tests.js:276:34:276:36 | key | tests.js:278:44:278:46 | key | provenance | | +| tests.js:276:34:276:36 | key | tests.js:280:17:280:19 | key | provenance | | +| tests.js:276:34:276:36 | key | tests.js:280:28:280:30 | key | provenance | | +| tests.js:278:30:278:32 | dst | tests.js:278:30:278:37 | dst[key] | provenance | Config | +| tests.js:278:30:278:37 | dst[key] | tests.js:275:27:275:29 | dst | provenance | | +| tests.js:278:34:278:36 | key | tests.js:278:30:278:37 | dst[key] | provenance | Config | +| tests.js:278:40:278:42 | src | tests.js:278:40:278:47 | src[key] | provenance | Config | +| tests.js:278:40:278:47 | src[key] | tests.js:275:32:275:34 | src | provenance | | +| tests.js:278:44:278:46 | key | tests.js:278:40:278:47 | src[key] | provenance | Config | +| tests.js:280:24:280:26 | src | tests.js:280:24:280:31 | src[key] | provenance | Config | +| tests.js:280:28:280:30 | key | tests.js:280:24:280:31 | src[key] | provenance | Config | +| tests.js:301:27:301:29 | dst | tests.js:306:34:306:36 | dst | provenance | | +| tests.js:301:27:301:29 | dst | tests.js:308:17:308:19 | dst | provenance | | +| tests.js:301:32:301:34 | src | tests.js:304:25:304:27 | src | provenance | | +| tests.js:302:14:302:16 | key | tests.js:304:29:304:31 | key | provenance | | +| tests.js:302:14:302:16 | key | tests.js:306:38:306:40 | key | provenance | | +| tests.js:302:14:302:16 | key | tests.js:308:21:308:23 | key | provenance | | +| tests.js:304:17:304:32 | value | tests.js:306:44:306:48 | value | provenance | | +| tests.js:304:17:304:32 | value | tests.js:306:44:306:48 | value | provenance | | +| tests.js:304:17:304:32 | value | tests.js:308:28:308:32 | value | provenance | | +| tests.js:304:17:304:32 | value | tests.js:308:28:308:32 | value | provenance | | +| tests.js:304:17:304:32 | value | tests.js:308:28:308:32 | value | provenance | | +| tests.js:304:25:304:27 | src | tests.js:304:25:304:32 | src[key] | provenance | Config | +| tests.js:304:25:304:32 | src[key] | tests.js:304:17:304:32 | value | provenance | | +| tests.js:304:25:304:32 | src[key] | tests.js:304:17:304:32 | value | provenance | | +| tests.js:304:25:304:32 | src[key] | tests.js:304:17:304:32 | value | provenance | | +| tests.js:304:29:304:31 | key | tests.js:304:25:304:32 | src[key] | provenance | Config | +| tests.js:304:29:304:31 | key | tests.js:304:25:304:32 | src[key] | provenance | Config | +| tests.js:306:34:306:36 | dst | tests.js:306:34:306:41 | dst[key] | provenance | Config | +| tests.js:306:34:306:41 | dst[key] | tests.js:301:27:301:29 | dst | provenance | | +| tests.js:306:38:306:40 | key | tests.js:306:34:306:41 | dst[key] | provenance | Config | +| tests.js:306:44:306:48 | value | tests.js:301:32:301:34 | src | provenance | | +| tests.js:306:44:306:48 | value | tests.js:301:32:301:34 | src | provenance | | +| tests.js:314:31:314:33 | dst | tests.js:320:38:320:40 | dst | provenance | | +| tests.js:314:31:314:33 | dst | tests.js:322:17:322:19 | dst | provenance | | +| tests.js:314:36:314:38 | src | tests.js:318:25:318:27 | src | provenance | | +| tests.js:315:14:315:16 | key | tests.js:318:29:318:31 | key | provenance | | +| tests.js:315:14:315:16 | key | tests.js:320:42:320:44 | key | provenance | | +| tests.js:315:14:315:16 | key | tests.js:322:21:322:23 | key | provenance | | +| tests.js:318:17:318:32 | value | tests.js:320:48:320:52 | value | provenance | | +| tests.js:318:17:318:32 | value | tests.js:320:48:320:52 | value | provenance | | +| tests.js:318:17:318:32 | value | tests.js:322:28:322:32 | value | provenance | | +| tests.js:318:17:318:32 | value | tests.js:322:28:322:32 | value | provenance | | +| tests.js:318:17:318:32 | value | tests.js:322:28:322:32 | value | provenance | | +| tests.js:318:25:318:27 | src | tests.js:318:25:318:32 | src[key] | provenance | Config | +| tests.js:318:25:318:32 | src[key] | tests.js:318:17:318:32 | value | provenance | | +| tests.js:318:25:318:32 | src[key] | tests.js:318:17:318:32 | value | provenance | | +| tests.js:318:25:318:32 | src[key] | tests.js:318:17:318:32 | value | provenance | | +| tests.js:318:29:318:31 | key | tests.js:318:25:318:32 | src[key] | provenance | Config | +| tests.js:318:29:318:31 | key | tests.js:318:25:318:32 | src[key] | provenance | Config | +| tests.js:320:38:320:40 | dst | tests.js:320:38:320:45 | dst[key] | provenance | Config | +| tests.js:320:38:320:45 | dst[key] | tests.js:314:31:314:33 | dst | provenance | | +| tests.js:320:42:320:44 | key | tests.js:320:38:320:45 | dst[key] | provenance | Config | +| tests.js:320:48:320:52 | value | tests.js:314:36:314:38 | src | provenance | | +| tests.js:320:48:320:52 | value | tests.js:314:36:314:38 | src | provenance | | +| tests.js:328:25:328:27 | dst | tests.js:336:32:336:34 | dst | provenance | | +| tests.js:328:25:328:27 | dst | tests.js:338:17:338:19 | dst | provenance | | +| tests.js:328:30:328:32 | src | tests.js:336:42:336:44 | src | provenance | | +| tests.js:328:30:328:32 | src | tests.js:338:28:338:30 | src | provenance | | +| tests.js:329:14:329:16 | key | tests.js:336:36:336:38 | key | provenance | | +| tests.js:329:14:329:16 | key | tests.js:336:46:336:48 | key | provenance | | +| tests.js:329:14:329:16 | key | tests.js:338:21:338:23 | key | provenance | | +| tests.js:329:14:329:16 | key | tests.js:338:32:338:34 | key | provenance | | +| tests.js:336:32:336:34 | dst | tests.js:336:32:336:39 | dst[key] | provenance | Config | +| tests.js:336:32:336:39 | dst[key] | tests.js:328:25:328:27 | dst | provenance | | +| tests.js:336:36:336:38 | key | tests.js:336:32:336:39 | dst[key] | provenance | Config | +| tests.js:336:42:336:44 | src | tests.js:336:42:336:49 | src[key] | provenance | Config | +| tests.js:336:42:336:49 | src[key] | tests.js:328:30:328:32 | src | provenance | | +| tests.js:336:46:336:48 | key | tests.js:336:42:336:49 | src[key] | provenance | Config | +| tests.js:338:28:338:30 | src | tests.js:338:28:338:35 | src[key] | provenance | Config | +| tests.js:338:32:338:34 | key | tests.js:338:28:338:35 | src[key] | provenance | Config | +| tests.js:348:32:348:37 | target | tests.js:349:26:349:31 | target | provenance | | +| tests.js:348:32:348:37 | target | tests.js:361:12:361:17 | target | provenance | | +| tests.js:348:40:348:45 | source | tests.js:349:54:349:59 | source | provenance | | +| tests.js:348:40:348:45 | source | tests.js:350:21:350:26 | source | provenance | | +| tests.js:349:26:349:31 | target | tests.js:355:17:355:22 | target | provenance | | +| tests.js:349:26:349:31 | target | tests.js:355:53:355:58 | target | provenance | | +| tests.js:349:26:349:31 | target | tests.js:357:17:357:22 | target | provenance | | +| tests.js:349:26:349:31 | target | tests.js:361:12:361:17 | target | provenance | | +| tests.js:349:54:349:59 | source | tests.js:350:21:350:26 | source | provenance | | +| tests.js:350:21:350:26 | source | tests.js:355:66:355:71 | source | provenance | | +| tests.js:350:21:350:26 | source | tests.js:357:31:357:36 | source | provenance | | +| tests.js:350:37:350:39 | key | tests.js:355:24:355:26 | key | provenance | | +| tests.js:350:37:350:39 | key | tests.js:355:60:355:62 | key | provenance | | +| tests.js:350:37:350:39 | key | tests.js:357:24:357:26 | key | provenance | | +| tests.js:350:37:350:39 | key | tests.js:357:38:357:40 | key | provenance | | +| tests.js:355:53:355:58 | target | tests.js:355:53:355:63 | target[key] | provenance | Config | +| tests.js:355:53:355:63 | target[key] | tests.js:348:32:348:37 | target | provenance | | +| tests.js:355:53:355:63 | target[key] | tests.js:355:31:355:86 | mergePl ... ptions) | provenance | | +| tests.js:355:60:355:62 | key | tests.js:355:53:355:63 | target[key] | provenance | Config | +| tests.js:355:66:355:71 | source | tests.js:355:66:355:76 | source[key] | provenance | Config | +| tests.js:355:66:355:76 | source[key] | tests.js:348:40:348:45 | source | provenance | | +| tests.js:357:31:357:36 | source | tests.js:357:31:357:41 | source[key] | provenance | Config | +| tests.js:357:38:357:40 | key | tests.js:357:31:357:41 | source[key] | provenance | Config | +| tests.js:364:41:364:46 | target | tests.js:377:12:377:17 | target | provenance | | +| tests.js:364:49:364:54 | source | tests.js:371:75:371:80 | source | provenance | | +| tests.js:364:49:364:54 | source | tests.js:373:31:373:36 | source | provenance | | +| tests.js:366:18:366:20 | key | tests.js:371:24:371:26 | key | provenance | | +| tests.js:366:18:366:20 | key | tests.js:371:69:371:71 | key | provenance | | +| tests.js:366:18:366:20 | key | tests.js:373:24:373:26 | key | provenance | | +| tests.js:366:18:366:20 | key | tests.js:373:38:373:40 | key | provenance | | +| tests.js:371:62:371:72 | target[key] | tests.js:364:41:364:46 | target | provenance | | +| tests.js:371:62:371:72 | target[key] | tests.js:371:31:371:95 | mergePl ... ptions) | provenance | | +| tests.js:371:69:371:71 | key | tests.js:371:62:371:72 | target[key] | provenance | Config | +| tests.js:371:75:371:80 | source | tests.js:371:75:371:85 | source[key] | provenance | Config | +| tests.js:371:75:371:85 | source[key] | tests.js:364:49:364:54 | source | provenance | | +| tests.js:373:31:373:36 | source | tests.js:373:31:373:41 | source[key] | provenance | Config | +| tests.js:373:38:373:40 | key | tests.js:373:31:373:41 | source[key] | provenance | Config | +| tests.js:380:22:380:24 | obj | tests.js:383:27:383:29 | obj | provenance | | +| tests.js:380:27:380:34 | callback [dst] | tests.js:383:13:383:20 | callback [dst] | provenance | | +| tests.js:380:27:380:34 | callback [dst] | tests.js:383:13:383:20 | callback [dst] | provenance | | +| tests.js:380:27:380:34 | callback [dst] | tests.js:383:13:383:20 | callback [dst] | provenance | | +| tests.js:380:27:380:34 | callback [dst] | tests.js:383:13:383:20 | callback [dst] | provenance | | +| tests.js:380:27:380:34 | callback [src] | tests.js:383:13:383:20 | callback [src] | provenance | | +| tests.js:381:14:381:16 | key | tests.js:383:22:383:24 | key | provenance | | +| tests.js:381:14:381:16 | key | tests.js:383:31:383:33 | key | provenance | | +| tests.js:383:13:383:20 | callback [dst] | tests.js:391:32:391:34 | dst | provenance | | +| tests.js:383:13:383:20 | callback [dst] | tests.js:391:32:391:34 | dst | provenance | | +| tests.js:383:13:383:20 | callback [dst] | tests.js:393:13:393:15 | dst | provenance | | +| tests.js:383:13:383:20 | callback [dst] | tests.js:393:13:393:15 | dst | provenance | | +| tests.js:383:13:383:20 | callback [dst] | tests.js:401:33:401:35 | dst | provenance | | +| tests.js:383:13:383:20 | callback [dst] | tests.js:401:33:401:35 | dst | provenance | | +| tests.js:383:13:383:20 | callback [dst] | tests.js:403:13:403:15 | dst | provenance | | +| tests.js:383:13:383:20 | callback [dst] | tests.js:403:13:403:15 | dst | provenance | | +| tests.js:383:13:383:20 | callback [src] | tests.js:391:42:391:44 | src | provenance | | +| tests.js:383:13:383:20 | callback [src] | tests.js:393:24:393:26 | src | provenance | | +| tests.js:383:22:383:24 | key | tests.js:389:22:389:24 | key | provenance | | +| tests.js:383:22:383:24 | key | tests.js:399:23:399:25 | key | provenance | | +| tests.js:383:27:383:29 | obj | tests.js:383:27:383:34 | obj[key] | provenance | Config | +| tests.js:383:27:383:34 | obj[key] | tests.js:399:28:399:32 | value | provenance | | +| tests.js:383:31:383:33 | key | tests.js:383:27:383:34 | obj[key] | provenance | Config | +| tests.js:388:29:388:31 | dst | tests.js:380:27:380:34 | callback [dst] | provenance | | +| tests.js:388:29:388:31 | dst | tests.js:380:27:380:34 | callback [dst] | provenance | | +| tests.js:388:29:388:31 | dst | tests.js:391:32:391:34 | dst | provenance | | +| tests.js:388:29:388:31 | dst | tests.js:391:32:391:34 | dst | provenance | | +| tests.js:388:29:388:31 | dst | tests.js:393:13:393:15 | dst | provenance | | +| tests.js:388:29:388:31 | dst | tests.js:393:13:393:15 | dst | provenance | | +| tests.js:388:34:388:36 | src | tests.js:389:17:389:19 | src | provenance | | +| tests.js:389:17:389:19 | src | tests.js:380:27:380:34 | callback [src] | provenance | | +| tests.js:389:17:389:19 | src | tests.js:391:42:391:44 | src | provenance | | +| tests.js:389:17:389:19 | src | tests.js:393:24:393:26 | src | provenance | | +| tests.js:389:22:389:24 | key | tests.js:391:36:391:38 | key | provenance | | +| tests.js:389:22:389:24 | key | tests.js:391:46:391:48 | key | provenance | | +| tests.js:389:22:389:24 | key | tests.js:393:17:393:19 | key | provenance | | +| tests.js:389:22:389:24 | key | tests.js:393:28:393:30 | key | provenance | | +| tests.js:391:32:391:34 | dst | tests.js:391:32:391:39 | dst[key] | provenance | Config | +| tests.js:391:32:391:34 | dst | tests.js:391:32:391:39 | dst[key] | provenance | Config | +| tests.js:391:32:391:39 | dst[key] | tests.js:388:29:388:31 | dst | provenance | | +| tests.js:391:32:391:39 | dst[key] | tests.js:388:29:388:31 | dst | provenance | | +| tests.js:391:36:391:38 | key | tests.js:391:32:391:39 | dst[key] | provenance | Config | +| tests.js:391:36:391:38 | key | tests.js:391:32:391:39 | dst[key] | provenance | Config | +| tests.js:391:42:391:44 | src | tests.js:391:42:391:49 | src[key] | provenance | Config | +| tests.js:391:42:391:49 | src[key] | tests.js:388:34:388:36 | src | provenance | | +| tests.js:391:46:391:48 | key | tests.js:391:42:391:49 | src[key] | provenance | Config | +| tests.js:393:24:393:26 | src | tests.js:393:24:393:31 | src[key] | provenance | Config | +| tests.js:393:28:393:30 | key | tests.js:393:24:393:31 | src[key] | provenance | Config | +| tests.js:398:30:398:32 | dst | tests.js:380:27:380:34 | callback [dst] | provenance | | +| tests.js:398:30:398:32 | dst | tests.js:380:27:380:34 | callback [dst] | provenance | | +| tests.js:398:30:398:32 | dst | tests.js:401:33:401:35 | dst | provenance | | +| tests.js:398:30:398:32 | dst | tests.js:401:33:401:35 | dst | provenance | | +| tests.js:398:30:398:32 | dst | tests.js:403:13:403:15 | dst | provenance | | +| tests.js:398:30:398:32 | dst | tests.js:403:13:403:15 | dst | provenance | | +| tests.js:398:35:398:37 | src | tests.js:399:17:399:19 | src | provenance | | +| tests.js:399:17:399:19 | src | tests.js:380:22:380:24 | obj | provenance | | +| tests.js:399:23:399:25 | key | tests.js:401:37:401:39 | key | provenance | | +| tests.js:399:23:399:25 | key | tests.js:403:17:403:19 | key | provenance | | +| tests.js:399:28:399:32 | value | tests.js:401:43:401:47 | value | provenance | | +| tests.js:399:28:399:32 | value | tests.js:403:24:403:28 | value | provenance | | +| tests.js:401:33:401:35 | dst | tests.js:401:33:401:40 | dst[key] | provenance | Config | +| tests.js:401:33:401:35 | dst | tests.js:401:33:401:40 | dst[key] | provenance | Config | +| tests.js:401:33:401:40 | dst[key] | tests.js:398:30:398:32 | dst | provenance | | +| tests.js:401:33:401:40 | dst[key] | tests.js:398:30:398:32 | dst | provenance | | +| tests.js:401:37:401:39 | key | tests.js:401:33:401:40 | dst[key] | provenance | Config | +| tests.js:401:37:401:39 | key | tests.js:401:33:401:40 | dst[key] | provenance | Config | +| tests.js:401:43:401:47 | value | tests.js:398:35:398:37 | src | provenance | | +| tests.js:408:22:408:24 | obj | tests.js:409:12:409:14 | obj | provenance | | +| tests.js:408:27:408:29 | key | tests.js:409:16:409:18 | key | provenance | | +| tests.js:409:12:409:14 | obj | tests.js:409:12:409:19 | obj[key] | provenance | Config | +| tests.js:409:16:409:18 | key | tests.js:409:12:409:19 | obj[key] | provenance | Config | +| tests.js:412:31:412:33 | dst | tests.js:415:34:415:36 | dst | provenance | | +| tests.js:412:31:412:33 | dst | tests.js:419:13:419:15 | dst | provenance | | +| tests.js:412:36:412:38 | src | tests.js:414:33:414:35 | src | provenance | | +| tests.js:413:14:413:16 | key | tests.js:414:38:414:40 | key | provenance | | +| tests.js:413:14:413:16 | key | tests.js:415:39:415:41 | key | provenance | | +| tests.js:413:14:413:16 | key | tests.js:419:17:419:19 | key | provenance | | +| tests.js:414:13:414:41 | value | tests.js:417:42:417:46 | value | provenance | | +| tests.js:414:13:414:41 | value | tests.js:419:24:419:28 | value | provenance | | +| tests.js:414:21:414:41 | wrapped ... c, key) | tests.js:414:13:414:41 | value | provenance | | +| tests.js:414:33:414:35 | src | tests.js:408:22:408:24 | obj | provenance | | +| tests.js:414:33:414:35 | src | tests.js:414:21:414:41 | wrapped ... c, key) | provenance | Config | +| tests.js:414:38:414:40 | key | tests.js:408:27:408:29 | key | provenance | | +| tests.js:414:38:414:40 | key | tests.js:414:21:414:41 | wrapped ... c, key) | provenance | Config | +| tests.js:415:13:415:42 | target | tests.js:417:34:417:39 | target | provenance | | +| tests.js:415:22:415:42 | wrapped ... t, key) | tests.js:415:13:415:42 | target | provenance | | +| tests.js:415:34:415:36 | dst | tests.js:408:22:408:24 | obj | provenance | | +| tests.js:415:34:415:36 | dst | tests.js:415:22:415:42 | wrapped ... t, key) | provenance | Config | +| tests.js:415:39:415:41 | key | tests.js:408:27:408:29 | key | provenance | | +| tests.js:415:39:415:41 | key | tests.js:415:22:415:42 | wrapped ... t, key) | provenance | Config | +| tests.js:417:34:417:39 | target | tests.js:412:31:412:33 | dst | provenance | | +| tests.js:417:42:417:46 | value | tests.js:412:36:412:38 | src | provenance | | +| tests.js:424:25:424:27 | obj | tests.js:426:12:426:14 | obj | provenance | | +| tests.js:424:30:424:32 | key | tests.js:426:16:426:18 | key | provenance | | +| tests.js:426:12:426:14 | obj | tests.js:426:12:426:19 | obj[key] | provenance | Config | +| tests.js:426:16:426:18 | key | tests.js:426:12:426:19 | obj[key] | provenance | Config | +| tests.js:429:34:429:36 | dst | tests.js:432:37:432:39 | dst | provenance | | +| tests.js:429:34:429:36 | dst | tests.js:436:13:436:15 | dst | provenance | | +| tests.js:429:39:429:41 | src | tests.js:431:36:431:38 | src | provenance | | +| tests.js:430:14:430:16 | key | tests.js:431:41:431:43 | key | provenance | | +| tests.js:430:14:430:16 | key | tests.js:432:42:432:44 | key | provenance | | +| tests.js:430:14:430:16 | key | tests.js:436:17:436:19 | key | provenance | | +| tests.js:431:13:431:44 | value | tests.js:434:45:434:49 | value | provenance | | +| tests.js:431:13:431:44 | value | tests.js:436:24:436:28 | value | provenance | | +| tests.js:431:21:431:44 | almostS ... c, key) | tests.js:431:13:431:44 | value | provenance | | +| tests.js:431:36:431:38 | src | tests.js:424:25:424:27 | obj | provenance | | +| tests.js:431:36:431:38 | src | tests.js:431:21:431:44 | almostS ... c, key) | provenance | Config | +| tests.js:431:41:431:43 | key | tests.js:424:30:424:32 | key | provenance | | +| tests.js:431:41:431:43 | key | tests.js:431:21:431:44 | almostS ... c, key) | provenance | Config | +| tests.js:432:13:432:45 | target | tests.js:434:37:434:42 | target | provenance | | +| tests.js:432:22:432:45 | almostS ... t, key) | tests.js:432:13:432:45 | target | provenance | | +| tests.js:432:37:432:39 | dst | tests.js:424:25:424:27 | obj | provenance | | +| tests.js:432:37:432:39 | dst | tests.js:432:22:432:45 | almostS ... t, key) | provenance | Config | +| tests.js:432:42:432:44 | key | tests.js:424:30:424:32 | key | provenance | | +| tests.js:432:42:432:44 | key | tests.js:432:22:432:45 | almostS ... t, key) | provenance | Config | +| tests.js:434:37:434:42 | target | tests.js:429:34:429:36 | dst | provenance | | +| tests.js:434:45:434:49 | value | tests.js:429:39:429:41 | src | provenance | | +| tests.js:441:19:441:21 | obj | tests.js:443:12:443:14 | obj | provenance | | +| tests.js:443:12:443:14 | obj | tests.js:443:12:443:19 | obj[key] | provenance | Config | +| tests.js:446:33:446:35 | src | tests.js:448:30:448:32 | src | provenance | | +| tests.js:447:14:447:16 | key | tests.js:453:17:453:19 | key | provenance | | +| tests.js:448:13:448:38 | value | tests.js:451:39:451:43 | value | provenance | | +| tests.js:448:13:448:38 | value | tests.js:453:24:453:28 | value | provenance | | +| tests.js:448:21:448:38 | safeRead(src, key) | tests.js:448:13:448:38 | value | provenance | | +| tests.js:448:30:448:32 | src | tests.js:441:19:441:21 | obj | provenance | | +| tests.js:448:30:448:32 | src | tests.js:448:21:448:38 | safeRead(src, key) | provenance | Config | +| tests.js:451:39:451:43 | value | tests.js:446:33:446:35 | src | provenance | | +| tests.js:458:26:458:28 | dst | tests.js:462:29:462:31 | dst | provenance | | +| tests.js:458:26:458:28 | dst | tests.js:465:30:465:32 | dst | provenance | | +| tests.js:458:26:458:28 | dst | tests.js:466:30:466:32 | dst | provenance | | +| tests.js:458:26:458:28 | dst | tests.js:467:30:467:32 | dst | provenance | | +| tests.js:458:31:458:33 | src | tests.js:460:12:460:14 | src | provenance | | +| tests.js:460:12:460:14 | src | tests.js:462:39:462:41 | src | provenance | | +| tests.js:460:12:460:14 | src | tests.js:465:41:465:43 | src | provenance | | +| tests.js:460:18:460:22 | value | tests.js:467:41:467:45 | value | provenance | | +| tests.js:460:25:460:27 | key | tests.js:462:33:462:35 | key | provenance | | +| tests.js:460:25:460:27 | key | tests.js:462:43:462:45 | key | provenance | | +| tests.js:460:25:460:27 | key | tests.js:465:34:465:36 | key | provenance | | +| tests.js:460:25:460:27 | key | tests.js:465:45:465:47 | key | provenance | | +| tests.js:460:25:460:27 | key | tests.js:466:34:466:36 | key | provenance | | +| tests.js:460:25:460:27 | key | tests.js:466:43:466:45 | key | provenance | | +| tests.js:460:25:460:27 | key | tests.js:467:34:467:36 | key | provenance | | +| tests.js:462:29:462:31 | dst | tests.js:462:29:462:36 | dst[key] | provenance | Config | +| tests.js:462:29:462:36 | dst[key] | tests.js:458:26:458:28 | dst | provenance | | +| tests.js:462:33:462:35 | key | tests.js:462:29:462:36 | dst[key] | provenance | Config | +| tests.js:462:39:462:41 | src | tests.js:462:39:462:46 | src[key] | provenance | Config | +| tests.js:462:39:462:46 | src[key] | tests.js:458:31:458:33 | src | provenance | | +| tests.js:462:43:462:45 | key | tests.js:462:39:462:46 | src[key] | provenance | Config | +| tests.js:465:41:465:43 | src | tests.js:465:41:465:48 | src[key] | provenance | Config | +| tests.js:465:45:465:47 | key | tests.js:465:41:465:48 | src[key] | provenance | Config | +| tests.js:466:43:466:45 | key | tests.js:466:41:466:46 | o[key] | provenance | Config | +| tests.js:472:38:472:40 | dst | tests.js:475:41:475:43 | dst | provenance | | +| tests.js:472:38:472:40 | dst | tests.js:477:13:477:15 | dst | provenance | | +| tests.js:473:18:473:22 | value | tests.js:477:24:477:28 | value | provenance | | +| tests.js:473:25:473:27 | key | tests.js:475:45:475:47 | key | provenance | | +| tests.js:473:25:473:27 | key | tests.js:477:17:477:19 | key | provenance | | +| tests.js:475:41:475:43 | dst | tests.js:475:41:475:48 | dst[key] | provenance | Config | +| tests.js:475:41:475:48 | dst[key] | tests.js:472:38:472:40 | dst | provenance | | +| tests.js:475:45:475:47 | key | tests.js:475:41:475:48 | dst[key] | provenance | Config | +| tests.js:483:26:483:28 | dst | tests.js:487:29:487:31 | dst | provenance | | +| tests.js:483:26:483:28 | dst | tests.js:489:13:489:15 | dst | provenance | | +| tests.js:483:31:483:33 | src | tests.js:487:39:487:41 | src | provenance | | +| tests.js:483:31:483:33 | src | tests.js:489:24:489:26 | src | provenance | | +| tests.js:483:31:483:33 | src | tests.js:489:24:489:26 | src | provenance | | +| tests.js:484:14:484:16 | key | tests.js:487:33:487:35 | key | provenance | | +| tests.js:484:14:484:16 | key | tests.js:487:43:487:45 | key | provenance | | +| tests.js:484:14:484:16 | key | tests.js:489:17:489:19 | key | provenance | | +| tests.js:484:14:484:16 | key | tests.js:489:28:489:30 | key | provenance | | +| tests.js:487:29:487:31 | dst | tests.js:487:29:487:36 | dst[key] | provenance | Config | +| tests.js:487:29:487:36 | dst[key] | tests.js:483:26:483:28 | dst | provenance | | +| tests.js:487:33:487:35 | key | tests.js:487:29:487:36 | dst[key] | provenance | Config | +| tests.js:487:39:487:41 | src | tests.js:487:39:487:46 | src[key] | provenance | Config | +| tests.js:487:39:487:46 | src[key] | tests.js:483:31:483:33 | src | provenance | | +| tests.js:487:39:487:46 | src[key] | tests.js:483:31:483:33 | src | provenance | | +| tests.js:487:39:487:46 | src[key] | tests.js:483:31:483:33 | src | provenance | | +| tests.js:487:43:487:45 | key | tests.js:487:39:487:46 | src[key] | provenance | Config | +| tests.js:489:24:489:26 | src | tests.js:489:24:489:31 | src[key] | provenance | Config | +| tests.js:489:28:489:30 | key | tests.js:489:24:489:31 | src[key] | provenance | Config | +| tests.js:494:32:494:34 | src | tests.js:498:21:498:23 | src | provenance | | +| tests.js:495:14:495:16 | key | tests.js:498:25:498:27 | key | provenance | | +| tests.js:495:14:495:16 | key | tests.js:502:17:502:19 | key | provenance | | +| tests.js:498:13:498:28 | value | tests.js:500:38:500:42 | value | provenance | | +| tests.js:498:13:498:28 | value | tests.js:500:38:500:42 | value | provenance | | +| tests.js:498:13:498:28 | value | tests.js:502:24:502:28 | value | provenance | | +| tests.js:498:13:498:28 | value | tests.js:502:24:502:28 | value | provenance | | +| tests.js:498:13:498:28 | value | tests.js:502:24:502:28 | value | provenance | | +| tests.js:498:21:498:23 | src | tests.js:498:21:498:28 | src[key] | provenance | Config | +| tests.js:498:21:498:28 | src[key] | tests.js:498:13:498:28 | value | provenance | | +| tests.js:498:21:498:28 | src[key] | tests.js:498:13:498:28 | value | provenance | | +| tests.js:498:21:498:28 | src[key] | tests.js:498:13:498:28 | value | provenance | | +| tests.js:498:25:498:27 | key | tests.js:498:21:498:28 | src[key] | provenance | Config | +| tests.js:500:38:500:42 | value | tests.js:494:32:494:34 | src | provenance | | +| tests.js:500:38:500:42 | value | tests.js:494:32:494:34 | src | provenance | | +| tests.js:508:30:508:32 | dst | tests.js:513:33:513:35 | dst | provenance | | +| tests.js:508:30:508:32 | dst | tests.js:517:35:517:37 | dst | provenance | | +| tests.js:508:35:508:37 | src | tests.js:513:43:513:45 | src | provenance | | +| tests.js:508:35:508:37 | src | tests.js:516:32:516:34 | src | provenance | | +| tests.js:511:13:511:25 | key | tests.js:513:37:513:39 | key | provenance | | +| tests.js:511:13:511:25 | key | tests.js:513:47:513:49 | key | provenance | | +| tests.js:511:13:511:25 | key | tests.js:516:36:516:38 | key | provenance | | +| tests.js:511:13:511:25 | key | tests.js:517:40:517:42 | key | provenance | | +| tests.js:511:19:511:25 | keys[i] | tests.js:511:13:511:25 | key | provenance | | +| tests.js:513:33:513:35 | dst | tests.js:513:33:513:40 | dst[key] | provenance | Config | +| tests.js:513:33:513:40 | dst[key] | tests.js:508:30:508:32 | dst | provenance | | +| tests.js:513:37:513:39 | key | tests.js:513:33:513:40 | dst[key] | provenance | Config | +| tests.js:513:43:513:45 | src | tests.js:513:43:513:50 | src[key] | provenance | Config | +| tests.js:513:43:513:50 | src[key] | tests.js:508:35:508:37 | src | provenance | | +| tests.js:513:47:513:49 | key | tests.js:513:43:513:50 | src[key] | provenance | Config | +| tests.js:516:32:516:34 | src | tests.js:516:32:516:39 | src[key] | provenance | Config | +| tests.js:516:36:516:38 | key | tests.js:516:32:516:39 | src[key] | provenance | Config | +| tests.js:525:14:525:16 | key | tests.js:529:17:529:19 | key | provenance | | +| tests.js:525:14:525:16 | key | tests.js:529:28:529:30 | key | provenance | | +| tests.js:529:28:529:30 | key | tests.js:529:24:529:31 | src[key] | provenance | Config | +| tests.js:534:31:534:33 | obj | tests.js:538:27:538:29 | obj | provenance | | +| tests.js:534:36:534:43 | callback [dst] | tests.js:538:9:538:16 | callback [dst] | provenance | | +| tests.js:538:9:538:16 | callback [dst] | tests.js:545:33:545:35 | dst | provenance | | +| tests.js:538:9:538:16 | callback [dst] | tests.js:547:13:547:15 | dst | provenance | | +| tests.js:538:18:538:24 | keys[i] | tests.js:543:32:543:34 | key | provenance | | +| tests.js:538:27:538:29 | obj | tests.js:538:27:538:38 | obj[keys[i]] | provenance | Config | +| tests.js:538:27:538:38 | obj[keys[i]] | tests.js:543:37:543:41 | value | provenance | | +| tests.js:538:31:538:37 | keys[i] | tests.js:538:27:538:38 | obj[keys[i]] | provenance | Config | +| tests.js:542:30:542:32 | dst | tests.js:534:36:534:43 | callback [dst] | provenance | | +| tests.js:542:30:542:32 | dst | tests.js:545:33:545:35 | dst | provenance | | +| tests.js:542:30:542:32 | dst | tests.js:547:13:547:15 | dst | provenance | | +| tests.js:542:35:542:37 | src | tests.js:543:26:543:28 | src | provenance | | +| tests.js:543:26:543:28 | src | tests.js:534:31:534:33 | obj | provenance | | +| tests.js:543:32:543:34 | key | tests.js:545:37:545:39 | key | provenance | | +| tests.js:543:32:543:34 | key | tests.js:547:17:547:19 | key | provenance | | +| tests.js:543:37:543:41 | value | tests.js:545:43:545:47 | value | provenance | | +| tests.js:543:37:543:41 | value | tests.js:547:24:547:28 | value | provenance | | +| tests.js:545:33:545:35 | dst | tests.js:545:33:545:40 | dst[key] | provenance | Config | +| tests.js:545:33:545:40 | dst[key] | tests.js:542:30:542:32 | dst | provenance | | +| tests.js:545:37:545:39 | key | tests.js:545:33:545:40 | dst[key] | provenance | Config | +| tests.js:545:43:545:47 | value | tests.js:542:35:542:37 | src | provenance | | +| tests.js:552:35:552:37 | src | tests.js:557:43:557:45 | src | provenance | | +| tests.js:552:35:552:37 | src | tests.js:559:24:559:26 | src | provenance | | +| tests.js:553:14:553:16 | key | tests.js:559:17:559:19 | key | provenance | | +| tests.js:553:14:553:16 | key | tests.js:559:28:559:30 | key | provenance | | +| tests.js:557:43:557:45 | src | tests.js:557:43:557:50 | src[key] | provenance | Config | +| tests.js:557:43:557:50 | src[key] | tests.js:552:35:552:37 | src | provenance | | +| tests.js:559:24:559:26 | src | tests.js:559:24:559:31 | src[key] | provenance | Config | +| tests.js:559:28:559:30 | key | tests.js:559:24:559:31 | src[key] | provenance | Config | +| tests.js:564:35:564:37 | src | tests.js:569:43:569:45 | src | provenance | | +| tests.js:564:35:564:37 | src | tests.js:571:24:571:26 | src | provenance | | +| tests.js:565:14:565:16 | key | tests.js:571:17:571:19 | key | provenance | | +| tests.js:565:14:565:16 | key | tests.js:571:28:571:30 | key | provenance | | +| tests.js:569:43:569:45 | src | tests.js:569:43:569:50 | src[key] | provenance | Config | +| tests.js:569:43:569:50 | src[key] | tests.js:564:35:564:37 | src | provenance | | +| tests.js:571:24:571:26 | src | tests.js:571:24:571:31 | src[key] | provenance | Config | +| tests.js:571:28:571:30 | key | tests.js:571:24:571:31 | src[key] | provenance | Config | +| tests.js:576:30:576:32 | src | tests.js:580:38:580:40 | src | provenance | | +| tests.js:576:30:576:32 | src | tests.js:582:24:582:26 | src | provenance | | +| tests.js:577:14:577:16 | key | tests.js:582:17:582:19 | key | provenance | | +| tests.js:577:14:577:16 | key | tests.js:582:28:582:30 | key | provenance | | +| tests.js:580:38:580:40 | src | tests.js:580:38:580:45 | src[key] | provenance | Config | +| tests.js:580:38:580:45 | src[key] | tests.js:576:30:576:32 | src | provenance | | +| tests.js:582:24:582:26 | src | tests.js:582:24:582:31 | src[key] | provenance | Config | +| tests.js:582:28:582:30 | key | tests.js:582:24:582:31 | src[key] | provenance | Config | +| tests.js:591:25:591:27 | obj | tests.js:592:7:592:9 | obj | provenance | | +| tests.js:591:25:591:27 | obj | tests.js:592:21:592:23 | obj | provenance | | +| tests.js:592:7:592:9 | obj | tests.js:592:21:592:23 | obj | provenance | | +| tests.js:592:7:592:9 | obj | tests.js:593:10:593:12 | obj | provenance | | +| tests.js:592:21:592:23 | obj | tests.js:593:10:593:12 | obj | provenance | | +| tests.js:600:31:600:34 | dest | tests.js:603:34:603:37 | dest | provenance | | +| tests.js:600:31:600:34 | dest | tests.js:605:13:605:16 | dest | provenance | | +| tests.js:600:37:600:42 | source | tests.js:603:45:603:50 | source | provenance | | +| tests.js:600:37:600:42 | source | tests.js:605:40:605:45 | source | provenance | | +| tests.js:601:16:601:18 | key | tests.js:603:39:603:41 | key | provenance | | +| tests.js:601:16:601:18 | key | tests.js:603:52:603:54 | key | provenance | | +| tests.js:601:16:601:18 | key | tests.js:605:18:605:20 | key | provenance | | +| tests.js:601:16:601:18 | key | tests.js:605:47:605:49 | key | provenance | | +| tests.js:603:34:603:37 | dest | tests.js:603:34:603:42 | dest[key] | provenance | Config | +| tests.js:603:34:603:42 | dest[key] | tests.js:600:31:600:34 | dest | provenance | | +| tests.js:603:39:603:41 | key | tests.js:603:34:603:42 | dest[key] | provenance | Config | +| tests.js:603:45:603:50 | source | tests.js:603:45:603:55 | source[key] | provenance | Config | +| tests.js:603:45:603:55 | source[key] | tests.js:600:37:600:42 | source | provenance | | +| tests.js:603:52:603:54 | key | tests.js:603:45:603:55 | source[key] | provenance | Config | +| tests.js:605:40:605:45 | source | tests.js:605:40:605:50 | source[key] | provenance | Config | +| tests.js:605:40:605:50 | source[key] | tests.js:591:25:591:27 | obj | provenance | | +| tests.js:605:40:605:50 | source[key] | tests.js:605:25:605:51 | capture ... e[key]) | provenance | | +| tests.js:605:47:605:49 | key | tests.js:605:40:605:50 | source[key] | provenance | Config | +subpaths +| tests.js:355:53:355:63 | target[key] | tests.js:348:32:348:37 | target | tests.js:361:12:361:17 | target | tests.js:355:31:355:86 | mergePl ... ptions) | +| tests.js:371:62:371:72 | target[key] | tests.js:364:41:364:46 | target | tests.js:377:12:377:17 | target | tests.js:371:31:371:95 | mergePl ... ptions) | +| tests.js:414:33:414:35 | src | tests.js:408:22:408:24 | obj | tests.js:409:12:409:19 | obj[key] | tests.js:414:21:414:41 | wrapped ... c, key) | +| tests.js:414:38:414:40 | key | tests.js:408:27:408:29 | key | tests.js:409:12:409:19 | obj[key] | tests.js:414:21:414:41 | wrapped ... c, key) | +| tests.js:415:34:415:36 | dst | tests.js:408:22:408:24 | obj | tests.js:409:12:409:19 | obj[key] | tests.js:415:22:415:42 | wrapped ... t, key) | +| tests.js:415:39:415:41 | key | tests.js:408:27:408:29 | key | tests.js:409:12:409:19 | obj[key] | tests.js:415:22:415:42 | wrapped ... t, key) | +| tests.js:431:36:431:38 | src | tests.js:424:25:424:27 | obj | tests.js:426:12:426:19 | obj[key] | tests.js:431:21:431:44 | almostS ... c, key) | +| tests.js:431:41:431:43 | key | tests.js:424:30:424:32 | key | tests.js:426:12:426:19 | obj[key] | tests.js:431:21:431:44 | almostS ... c, key) | +| tests.js:432:37:432:39 | dst | tests.js:424:25:424:27 | obj | tests.js:426:12:426:19 | obj[key] | tests.js:432:22:432:45 | almostS ... t, key) | +| tests.js:432:42:432:44 | key | tests.js:424:30:424:32 | key | tests.js:426:12:426:19 | obj[key] | tests.js:432:22:432:45 | almostS ... t, key) | +| tests.js:448:30:448:32 | src | tests.js:441:19:441:21 | obj | tests.js:443:12:443:19 | obj[key] | tests.js:448:21:448:38 | safeRead(src, key) | +| tests.js:605:40:605:50 | source[key] | tests.js:591:25:591:27 | obj | tests.js:593:10:593:12 | obj | tests.js:605:25:605:51 | capture ... e[key]) | #select | examples/PrototypePollutingFunction.js:7:13:7:15 | dst | examples/PrototypePollutingFunction.js:2:14:2:16 | key | examples/PrototypePollutingFunction.js:7:13:7:15 | dst | Properties are copied from $@ to $@ without guarding against prototype pollution. | examples/PrototypePollutingFunction.js:2:21:2:23 | src | src | examples/PrototypePollutingFunction.js:7:13:7:15 | dst | dst | | path-assignment.js:15:13:15:18 | target | path-assignment.js:8:19:8:25 | keys[i] | path-assignment.js:15:13:15:18 | target | The property chain $@ is recursively assigned to $@ without guarding against prototype pollution. | path-assignment.js:8:19:8:25 | keys[i] | here | path-assignment.js:15:13:15:18 | target | target | @@ -3537,6 +1360,7 @@ edges | tests.js:280:13:280:15 | dst | tests.js:276:34:276:36 | key | tests.js:280:13:280:15 | dst | Properties are copied from $@ to $@ without guarding against prototype pollution. | tests.js:276:21:276:23 | src | src | tests.js:280:13:280:15 | dst | dst | | tests.js:308:17:308:19 | dst | tests.js:302:14:302:16 | key | tests.js:308:17:308:19 | dst | Properties are copied from $@ to $@ without guarding against prototype pollution. | tests.js:302:21:302:23 | src | src | tests.js:308:17:308:19 | dst | dst | | tests.js:322:17:322:19 | dst | tests.js:315:14:315:16 | key | tests.js:322:17:322:19 | dst | Properties are copied from $@ to $@ without guarding against prototype pollution. | tests.js:315:21:315:23 | src | src | tests.js:322:17:322:19 | dst | dst | +| tests.js:338:17:338:19 | dst | tests.js:329:14:329:16 | key | tests.js:338:17:338:19 | dst | Properties are copied from $@ to $@ without guarding against prototype pollution. | tests.js:329:21:329:23 | src | src | tests.js:338:17:338:19 | dst | dst | | tests.js:357:17:357:22 | target | tests.js:350:37:350:39 | key | tests.js:357:17:357:22 | target | Properties are copied from $@ to $@ without guarding against prototype pollution. | tests.js:350:21:350:26 | source | source | tests.js:357:17:357:22 | target | target | | tests.js:403:13:403:15 | dst | tests.js:381:14:381:16 | key | tests.js:403:13:403:15 | dst | Properties are copied from $@ to $@ without guarding against prototype pollution. | tests.js:381:21:381:23 | obj | obj | tests.js:403:13:403:15 | dst | dst | | tests.js:419:13:419:15 | dst | tests.js:413:14:413:16 | key | tests.js:419:13:419:15 | dst | Properties are copied from $@ to $@ without guarding against prototype pollution. | tests.js:413:21:413:23 | src | src | tests.js:419:13:419:15 | dst | dst | @@ -3547,5 +1371,5 @@ edges | tests.js:477:13:477:15 | dst | tests.js:473:25:473:27 | key | tests.js:477:13:477:15 | dst | Properties are copied from $@ to $@ without guarding against prototype pollution. | tests.js:473:12:473:14 | src | src | tests.js:477:13:477:15 | dst | dst | | tests.js:489:13:489:15 | dst | tests.js:484:14:484:16 | key | tests.js:489:13:489:15 | dst | Properties are copied from $@ to $@ without guarding against prototype pollution. | tests.js:484:21:484:23 | src | src | tests.js:489:13:489:15 | dst | dst | | tests.js:517:35:517:37 | dst | tests.js:511:19:511:25 | keys[i] | tests.js:517:35:517:37 | dst | Properties are copied from $@ to $@ without guarding against prototype pollution. | tests.js:509:28:509:30 | src | src | tests.js:517:35:517:37 | dst | dst | -| tests.js:529:13:529:15 | dst | tests.js:525:14:525:16 | key | tests.js:529:13:529:15 | dst | Properties are copied from $@ to $@ without guarding against prototype pollution. | tests.js:525:21:525:23 | src | src | tests.js:529:13:529:15 | dst | dst | | tests.js:547:13:547:15 | dst | tests.js:538:18:538:24 | keys[i] | tests.js:547:13:547:15 | dst | Properties are copied from $@ to $@ without guarding against prototype pollution. | tests.js:535:30:535:32 | obj | obj | tests.js:547:13:547:15 | dst | dst | +| tests.js:605:13:605:16 | dest | tests.js:601:16:601:18 | key | tests.js:605:13:605:16 | dest | Properties are copied from $@ to $@ without guarding against prototype pollution. | tests.js:601:35:601:40 | source | source | tests.js:605:13:605:16 | dest | dest | diff --git a/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingFunction/tests.js b/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingFunction/tests.js index 2efba5e773e4..14a0a19fb626 100644 --- a/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingFunction/tests.js +++ b/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingFunction/tests.js @@ -513,7 +513,7 @@ function usingDefineProperty(dst, src) { usingDefineProperty(dst[key], src[key]); } else { var descriptor = {}; - descriptor.value = src[key]; + descriptor.value = src[key]; Object.defineProperty(dst, key, descriptor); // NOT OK } } @@ -587,3 +587,22 @@ function indirectHasOwn(dst, src) { function hasOwn(obj, key) { return obj.hasOwnProperty(key) } + +function captureBarrier(obj) { + if (!obj || typeof obj !== 'object') { + return obj; // 'obj' is captured but should not propagate through here + } + const fn = () => obj; + fn(); + return "safe"; +} + +function merge_captureBarrier(dest, source) { + for (const key of Object.keys(source)) { + if (dest[key]) { + merge_captureBarrier(dest[key], source[key]); + } else { + dest[key] = captureBarrier(source[key]); // OK - but currently flagged anyway + } + } +} diff --git a/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingMergeCall/PrototypePollutingMergeCall.expected b/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingMergeCall/PrototypePollutingMergeCall.expected index a697bd247604..b773f9b2dee4 100644 --- a/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingMergeCall/PrototypePollutingMergeCall.expected +++ b/javascript/ql/test/query-tests/Security/CWE-915/PrototypePollutingMergeCall/PrototypePollutingMergeCall.expected @@ -1,77 +1,62 @@ nodes -| angularmerge.js:1:30:1:34 | event | -| angularmerge.js:1:30:1:34 | event | -| angularmerge.js:2:21:2:42 | JSON.pa ... t.data) | -| angularmerge.js:2:21:2:42 | JSON.pa ... t.data) | -| angularmerge.js:2:32:2:36 | event | -| angularmerge.js:2:32:2:41 | event.data | -| src-vulnerable-lodash/tst.js:7:17:7:29 | req.query.foo | -| src-vulnerable-lodash/tst.js:7:17:7:29 | req.query.foo | -| src-vulnerable-lodash/tst.js:7:17:7:29 | req.query.foo | -| src-vulnerable-lodash/tst.js:10:17:12:5 | {\\n ... K\\n } | -| src-vulnerable-lodash/tst.js:10:17:12:5 | {\\n ... K\\n } | -| src-vulnerable-lodash/tst.js:11:16:11:30 | req.query.value | -| src-vulnerable-lodash/tst.js:11:16:11:30 | req.query.value | -| src-vulnerable-lodash/tst.js:15:14:15:28 | req.query.value | -| src-vulnerable-lodash/tst.js:15:14:15:28 | req.query.value | -| src-vulnerable-lodash/tst.js:17:17:19:5 | {\\n ... K\\n } | -| src-vulnerable-lodash/tst.js:17:17:19:5 | {\\n ... K\\n } | -| src-vulnerable-lodash/tst.js:18:16:18:25 | opts.thing | -| webix/webix.html:3:34:3:38 | event | -| webix/webix.html:3:34:3:38 | event | -| webix/webix.html:4:26:4:47 | JSON.pa ... t.data) | -| webix/webix.html:4:26:4:47 | JSON.pa ... t.data) | -| webix/webix.html:4:37:4:41 | event | -| webix/webix.html:4:37:4:46 | event.data | -| webix/webix.html:5:24:5:45 | JSON.pa ... t.data) | -| webix/webix.html:5:24:5:45 | JSON.pa ... t.data) | -| webix/webix.html:5:35:5:39 | event | -| webix/webix.html:5:35:5:44 | event.data | -| webix/webix.js:3:30:3:34 | event | -| webix/webix.js:3:30:3:34 | event | -| webix/webix.js:4:22:4:43 | JSON.pa ... t.data) | -| webix/webix.js:4:22:4:43 | JSON.pa ... t.data) | -| webix/webix.js:4:33:4:37 | event | -| webix/webix.js:4:33:4:42 | event.data | -| webix/webix.js:5:20:5:41 | JSON.pa ... t.data) | -| webix/webix.js:5:20:5:41 | JSON.pa ... t.data) | -| webix/webix.js:5:31:5:35 | event | -| webix/webix.js:5:31:5:40 | event.data | +| angularmerge.js:1:30:1:34 | event | semmle.label | event | +| angularmerge.js:2:21:2:42 | JSON.pa ... t.data) | semmle.label | JSON.pa ... t.data) | +| angularmerge.js:2:32:2:36 | event | semmle.label | event | +| angularmerge.js:2:32:2:41 | event.data | semmle.label | event.data | +| src-vulnerable-lodash/tst.js:7:17:7:29 | req.query.foo | semmle.label | req.query.foo | +| src-vulnerable-lodash/tst.js:10:17:12:5 | [post update] {\\n ... K\\n } [value] | semmle.label | [post update] {\\n ... K\\n } [value] | +| src-vulnerable-lodash/tst.js:10:17:12:5 | {\\n ... K\\n } | semmle.label | {\\n ... K\\n } | +| src-vulnerable-lodash/tst.js:10:17:12:5 | {\\n ... K\\n } [value] | semmle.label | {\\n ... K\\n } [value] | +| src-vulnerable-lodash/tst.js:11:16:11:30 | req.query.value | semmle.label | req.query.value | +| src-vulnerable-lodash/tst.js:14:9:16:5 | opts [thing] | semmle.label | opts [thing] | +| src-vulnerable-lodash/tst.js:14:16:16:5 | {\\n ... e\\n } [thing] | semmle.label | {\\n ... e\\n } [thing] | +| src-vulnerable-lodash/tst.js:15:14:15:28 | req.query.value | semmle.label | req.query.value | +| src-vulnerable-lodash/tst.js:17:17:19:5 | [post update] {\\n ... K\\n } [value] | semmle.label | [post update] {\\n ... K\\n } [value] | +| src-vulnerable-lodash/tst.js:17:17:19:5 | {\\n ... K\\n } | semmle.label | {\\n ... K\\n } | +| src-vulnerable-lodash/tst.js:17:17:19:5 | {\\n ... K\\n } [value] | semmle.label | {\\n ... K\\n } [value] | +| src-vulnerable-lodash/tst.js:18:16:18:19 | opts [thing] | semmle.label | opts [thing] | +| src-vulnerable-lodash/tst.js:18:16:18:25 | opts.thing | semmle.label | opts.thing | +| webix/webix.html:3:34:3:38 | event | semmle.label | event | +| webix/webix.html:4:26:4:47 | JSON.pa ... t.data) | semmle.label | JSON.pa ... t.data) | +| webix/webix.html:4:37:4:41 | event | semmle.label | event | +| webix/webix.html:4:37:4:46 | event.data | semmle.label | event.data | +| webix/webix.html:5:24:5:45 | JSON.pa ... t.data) | semmle.label | JSON.pa ... t.data) | +| webix/webix.html:5:35:5:39 | event | semmle.label | event | +| webix/webix.html:5:35:5:44 | event.data | semmle.label | event.data | +| webix/webix.js:3:30:3:34 | event | semmle.label | event | +| webix/webix.js:4:22:4:43 | JSON.pa ... t.data) | semmle.label | JSON.pa ... t.data) | +| webix/webix.js:4:33:4:37 | event | semmle.label | event | +| webix/webix.js:4:33:4:42 | event.data | semmle.label | event.data | +| webix/webix.js:5:20:5:41 | JSON.pa ... t.data) | semmle.label | JSON.pa ... t.data) | +| webix/webix.js:5:31:5:35 | event | semmle.label | event | +| webix/webix.js:5:31:5:40 | event.data | semmle.label | event.data | edges -| angularmerge.js:1:30:1:34 | event | angularmerge.js:2:32:2:36 | event | -| angularmerge.js:1:30:1:34 | event | angularmerge.js:2:32:2:36 | event | -| angularmerge.js:2:32:2:36 | event | angularmerge.js:2:32:2:41 | event.data | -| angularmerge.js:2:32:2:41 | event.data | angularmerge.js:2:21:2:42 | JSON.pa ... t.data) | -| angularmerge.js:2:32:2:41 | event.data | angularmerge.js:2:21:2:42 | JSON.pa ... t.data) | -| src-vulnerable-lodash/tst.js:7:17:7:29 | req.query.foo | src-vulnerable-lodash/tst.js:7:17:7:29 | req.query.foo | -| src-vulnerable-lodash/tst.js:11:16:11:30 | req.query.value | src-vulnerable-lodash/tst.js:10:17:12:5 | {\\n ... K\\n } | -| src-vulnerable-lodash/tst.js:11:16:11:30 | req.query.value | src-vulnerable-lodash/tst.js:10:17:12:5 | {\\n ... K\\n } | -| src-vulnerable-lodash/tst.js:11:16:11:30 | req.query.value | src-vulnerable-lodash/tst.js:10:17:12:5 | {\\n ... K\\n } | -| src-vulnerable-lodash/tst.js:11:16:11:30 | req.query.value | src-vulnerable-lodash/tst.js:10:17:12:5 | {\\n ... K\\n } | -| src-vulnerable-lodash/tst.js:15:14:15:28 | req.query.value | src-vulnerable-lodash/tst.js:18:16:18:25 | opts.thing | -| src-vulnerable-lodash/tst.js:15:14:15:28 | req.query.value | src-vulnerable-lodash/tst.js:18:16:18:25 | opts.thing | -| src-vulnerable-lodash/tst.js:18:16:18:25 | opts.thing | src-vulnerable-lodash/tst.js:17:17:19:5 | {\\n ... K\\n } | -| src-vulnerable-lodash/tst.js:18:16:18:25 | opts.thing | src-vulnerable-lodash/tst.js:17:17:19:5 | {\\n ... K\\n } | -| webix/webix.html:3:34:3:38 | event | webix/webix.html:4:37:4:41 | event | -| webix/webix.html:3:34:3:38 | event | webix/webix.html:4:37:4:41 | event | -| webix/webix.html:3:34:3:38 | event | webix/webix.html:5:35:5:39 | event | -| webix/webix.html:3:34:3:38 | event | webix/webix.html:5:35:5:39 | event | -| webix/webix.html:4:37:4:41 | event | webix/webix.html:4:37:4:46 | event.data | -| webix/webix.html:4:37:4:46 | event.data | webix/webix.html:4:26:4:47 | JSON.pa ... t.data) | -| webix/webix.html:4:37:4:46 | event.data | webix/webix.html:4:26:4:47 | JSON.pa ... t.data) | -| webix/webix.html:5:35:5:39 | event | webix/webix.html:5:35:5:44 | event.data | -| webix/webix.html:5:35:5:44 | event.data | webix/webix.html:5:24:5:45 | JSON.pa ... t.data) | -| webix/webix.html:5:35:5:44 | event.data | webix/webix.html:5:24:5:45 | JSON.pa ... t.data) | -| webix/webix.js:3:30:3:34 | event | webix/webix.js:4:33:4:37 | event | -| webix/webix.js:3:30:3:34 | event | webix/webix.js:4:33:4:37 | event | -| webix/webix.js:3:30:3:34 | event | webix/webix.js:5:31:5:35 | event | -| webix/webix.js:3:30:3:34 | event | webix/webix.js:5:31:5:35 | event | -| webix/webix.js:4:33:4:37 | event | webix/webix.js:4:33:4:42 | event.data | -| webix/webix.js:4:33:4:42 | event.data | webix/webix.js:4:22:4:43 | JSON.pa ... t.data) | -| webix/webix.js:4:33:4:42 | event.data | webix/webix.js:4:22:4:43 | JSON.pa ... t.data) | -| webix/webix.js:5:31:5:35 | event | webix/webix.js:5:31:5:40 | event.data | -| webix/webix.js:5:31:5:40 | event.data | webix/webix.js:5:20:5:41 | JSON.pa ... t.data) | -| webix/webix.js:5:31:5:40 | event.data | webix/webix.js:5:20:5:41 | JSON.pa ... t.data) | +| angularmerge.js:1:30:1:34 | event | angularmerge.js:2:32:2:36 | event | provenance | | +| angularmerge.js:2:32:2:36 | event | angularmerge.js:2:32:2:41 | event.data | provenance | | +| angularmerge.js:2:32:2:41 | event.data | angularmerge.js:2:21:2:42 | JSON.pa ... t.data) | provenance | Config | +| src-vulnerable-lodash/tst.js:10:17:12:5 | [post update] {\\n ... K\\n } [value] | src-vulnerable-lodash/tst.js:10:17:12:5 | {\\n ... K\\n } [value] | provenance | | +| src-vulnerable-lodash/tst.js:10:17:12:5 | {\\n ... K\\n } [value] | src-vulnerable-lodash/tst.js:10:17:12:5 | {\\n ... K\\n } | provenance | | +| src-vulnerable-lodash/tst.js:11:16:11:30 | req.query.value | src-vulnerable-lodash/tst.js:10:17:12:5 | [post update] {\\n ... K\\n } [value] | provenance | | +| src-vulnerable-lodash/tst.js:14:9:16:5 | opts [thing] | src-vulnerable-lodash/tst.js:18:16:18:19 | opts [thing] | provenance | | +| src-vulnerable-lodash/tst.js:14:16:16:5 | {\\n ... e\\n } [thing] | src-vulnerable-lodash/tst.js:14:9:16:5 | opts [thing] | provenance | | +| src-vulnerable-lodash/tst.js:15:14:15:28 | req.query.value | src-vulnerable-lodash/tst.js:14:16:16:5 | {\\n ... e\\n } [thing] | provenance | | +| src-vulnerable-lodash/tst.js:17:17:19:5 | [post update] {\\n ... K\\n } [value] | src-vulnerable-lodash/tst.js:17:17:19:5 | {\\n ... K\\n } [value] | provenance | | +| src-vulnerable-lodash/tst.js:17:17:19:5 | {\\n ... K\\n } [value] | src-vulnerable-lodash/tst.js:17:17:19:5 | {\\n ... K\\n } | provenance | | +| src-vulnerable-lodash/tst.js:18:16:18:19 | opts [thing] | src-vulnerable-lodash/tst.js:18:16:18:25 | opts.thing | provenance | | +| src-vulnerable-lodash/tst.js:18:16:18:25 | opts.thing | src-vulnerable-lodash/tst.js:17:17:19:5 | [post update] {\\n ... K\\n } [value] | provenance | | +| webix/webix.html:3:34:3:38 | event | webix/webix.html:4:37:4:41 | event | provenance | | +| webix/webix.html:3:34:3:38 | event | webix/webix.html:5:35:5:39 | event | provenance | | +| webix/webix.html:4:37:4:41 | event | webix/webix.html:4:37:4:46 | event.data | provenance | | +| webix/webix.html:4:37:4:46 | event.data | webix/webix.html:4:26:4:47 | JSON.pa ... t.data) | provenance | Config | +| webix/webix.html:5:35:5:39 | event | webix/webix.html:5:35:5:44 | event.data | provenance | | +| webix/webix.html:5:35:5:44 | event.data | webix/webix.html:5:24:5:45 | JSON.pa ... t.data) | provenance | Config | +| webix/webix.js:3:30:3:34 | event | webix/webix.js:4:33:4:37 | event | provenance | | +| webix/webix.js:3:30:3:34 | event | webix/webix.js:5:31:5:35 | event | provenance | | +| webix/webix.js:4:33:4:37 | event | webix/webix.js:4:33:4:42 | event.data | provenance | | +| webix/webix.js:4:33:4:42 | event.data | webix/webix.js:4:22:4:43 | JSON.pa ... t.data) | provenance | Config | +| webix/webix.js:5:31:5:35 | event | webix/webix.js:5:31:5:40 | event.data | provenance | | +| webix/webix.js:5:31:5:40 | event.data | webix/webix.js:5:20:5:41 | JSON.pa ... t.data) | provenance | Config | +subpaths #select | angularmerge.js:2:21:2:42 | JSON.pa ... t.data) | angularmerge.js:1:30:1:34 | event | angularmerge.js:2:21:2:42 | JSON.pa ... t.data) | Prototype pollution caused by merging a $@ using a vulnerable version of $@. | angularmerge.js:1:30:1:34 | event | user-controlled value | angularmerge.js:2:3:2:43 | angular ... .data)) | angular | | src-vulnerable-lodash/tst.js:7:17:7:29 | req.query.foo | src-vulnerable-lodash/tst.js:7:17:7:29 | req.query.foo | src-vulnerable-lodash/tst.js:7:17:7:29 | req.query.foo | Prototype pollution caused by merging a $@ using a vulnerable version of $@. | src-vulnerable-lodash/tst.js:7:17:7:29 | req.query.foo | user-controlled value | src-vulnerable-lodash/package.json:3:19:3:26 | "4.17.4" | lodash | diff --git a/javascript/ql/test/query-tests/Security/CWE-916/InsufficientPasswordHash.expected b/javascript/ql/test/query-tests/Security/CWE-916/InsufficientPasswordHash.expected index 40cd78138e4a..231a40251383 100644 --- a/javascript/ql/test/query-tests/Security/CWE-916/InsufficientPasswordHash.expected +++ b/javascript/ql/test/query-tests/Security/CWE-916/InsufficientPasswordHash.expected @@ -1,17 +1,9 @@ -nodes -| tst.js:5:48:5:55 | password | -| tst.js:5:48:5:55 | password | -| tst.js:5:48:5:55 | password | -| tst.js:7:46:7:53 | password | -| tst.js:7:46:7:53 | password | -| tst.js:7:46:7:53 | password | -| tst.js:9:43:9:50 | password | -| tst.js:9:43:9:50 | password | -| tst.js:9:43:9:50 | password | edges -| tst.js:5:48:5:55 | password | tst.js:5:48:5:55 | password | -| tst.js:7:46:7:53 | password | tst.js:7:46:7:53 | password | -| tst.js:9:43:9:50 | password | tst.js:9:43:9:50 | password | +nodes +| tst.js:5:48:5:55 | password | semmle.label | password | +| tst.js:7:46:7:53 | password | semmle.label | password | +| tst.js:9:43:9:50 | password | semmle.label | password | +subpaths #select | tst.js:5:48:5:55 | password | tst.js:5:48:5:55 | password | tst.js:5:48:5:55 | password | Password from $@ is hashed insecurely. | tst.js:5:48:5:55 | password | an access to password | | tst.js:7:46:7:53 | password | tst.js:7:46:7:53 | password | tst.js:7:46:7:53 | password | Password from $@ is hashed insecurely. | tst.js:7:46:7:53 | password | an access to password | diff --git a/javascript/ql/test/query-tests/Security/CWE-918/ClientSideRequestForgery.expected b/javascript/ql/test/query-tests/Security/CWE-918/ClientSideRequestForgery.expected index 1390cf8cd32d..5a267ea56891 100644 --- a/javascript/ql/test/query-tests/Security/CWE-918/ClientSideRequestForgery.expected +++ b/javascript/ql/test/query-tests/Security/CWE-918/ClientSideRequestForgery.expected @@ -1,50 +1,34 @@ -nodes -| clientSide.js:11:11:11:53 | query | -| clientSide.js:11:19:11:40 | window. ... .search | -| clientSide.js:11:19:11:40 | window. ... .search | -| clientSide.js:11:19:11:53 | window. ... ring(1) | -| clientSide.js:12:13:12:54 | 'https: ... + '/id' | -| clientSide.js:12:13:12:54 | 'https: ... + '/id' | -| clientSide.js:12:42:12:46 | query | -| clientSide.js:14:13:14:63 | 'https: ... .search | -| clientSide.js:14:13:14:63 | 'https: ... .search | -| clientSide.js:14:42:14:63 | window. ... .search | -| clientSide.js:14:42:14:63 | window. ... .search | -| clientSide.js:16:11:16:54 | fragment | -| clientSide.js:16:22:16:41 | window.location.hash | -| clientSide.js:16:22:16:41 | window.location.hash | -| clientSide.js:16:22:16:54 | window. ... ring(1) | -| clientSide.js:17:13:17:57 | 'https: ... + '/id' | -| clientSide.js:17:13:17:57 | 'https: ... + '/id' | -| clientSide.js:17:42:17:49 | fragment | -| clientSide.js:20:11:20:28 | name | -| clientSide.js:20:18:20:28 | window.name | -| clientSide.js:20:18:20:28 | window.name | -| clientSide.js:21:13:21:53 | 'https: ... + '/id' | -| clientSide.js:21:13:21:53 | 'https: ... + '/id' | -| clientSide.js:21:42:21:45 | name | edges -| clientSide.js:11:11:11:53 | query | clientSide.js:12:42:12:46 | query | -| clientSide.js:11:19:11:40 | window. ... .search | clientSide.js:11:19:11:53 | window. ... ring(1) | -| clientSide.js:11:19:11:40 | window. ... .search | clientSide.js:11:19:11:53 | window. ... ring(1) | -| clientSide.js:11:19:11:53 | window. ... ring(1) | clientSide.js:11:11:11:53 | query | -| clientSide.js:12:42:12:46 | query | clientSide.js:12:13:12:54 | 'https: ... + '/id' | -| clientSide.js:12:42:12:46 | query | clientSide.js:12:13:12:54 | 'https: ... + '/id' | -| clientSide.js:14:42:14:63 | window. ... .search | clientSide.js:14:13:14:63 | 'https: ... .search | -| clientSide.js:14:42:14:63 | window. ... .search | clientSide.js:14:13:14:63 | 'https: ... .search | -| clientSide.js:14:42:14:63 | window. ... .search | clientSide.js:14:13:14:63 | 'https: ... .search | -| clientSide.js:14:42:14:63 | window. ... .search | clientSide.js:14:13:14:63 | 'https: ... .search | -| clientSide.js:16:11:16:54 | fragment | clientSide.js:17:42:17:49 | fragment | -| clientSide.js:16:22:16:41 | window.location.hash | clientSide.js:16:22:16:54 | window. ... ring(1) | -| clientSide.js:16:22:16:41 | window.location.hash | clientSide.js:16:22:16:54 | window. ... ring(1) | -| clientSide.js:16:22:16:54 | window. ... ring(1) | clientSide.js:16:11:16:54 | fragment | -| clientSide.js:17:42:17:49 | fragment | clientSide.js:17:13:17:57 | 'https: ... + '/id' | -| clientSide.js:17:42:17:49 | fragment | clientSide.js:17:13:17:57 | 'https: ... + '/id' | -| clientSide.js:20:11:20:28 | name | clientSide.js:21:42:21:45 | name | -| clientSide.js:20:18:20:28 | window.name | clientSide.js:20:11:20:28 | name | -| clientSide.js:20:18:20:28 | window.name | clientSide.js:20:11:20:28 | name | -| clientSide.js:21:42:21:45 | name | clientSide.js:21:13:21:53 | 'https: ... + '/id' | -| clientSide.js:21:42:21:45 | name | clientSide.js:21:13:21:53 | 'https: ... + '/id' | +| clientSide.js:11:11:11:53 | query | clientSide.js:12:42:12:46 | query | provenance | | +| clientSide.js:11:19:11:40 | window. ... .search | clientSide.js:11:19:11:53 | window. ... ring(1) | provenance | | +| clientSide.js:11:19:11:53 | window. ... ring(1) | clientSide.js:11:11:11:53 | query | provenance | | +| clientSide.js:12:42:12:46 | query | clientSide.js:12:13:12:54 | 'https: ... + '/id' | provenance | | +| clientSide.js:14:42:14:63 | window. ... .search | clientSide.js:14:13:14:63 | 'https: ... .search | provenance | | +| clientSide.js:16:11:16:54 | fragment | clientSide.js:17:42:17:49 | fragment | provenance | | +| clientSide.js:16:22:16:41 | window.location.hash | clientSide.js:16:22:16:54 | window. ... ring(1) | provenance | | +| clientSide.js:16:22:16:54 | window. ... ring(1) | clientSide.js:16:11:16:54 | fragment | provenance | | +| clientSide.js:17:42:17:49 | fragment | clientSide.js:17:13:17:57 | 'https: ... + '/id' | provenance | | +| clientSide.js:20:11:20:28 | name | clientSide.js:21:42:21:45 | name | provenance | | +| clientSide.js:20:18:20:28 | window.name | clientSide.js:20:11:20:28 | name | provenance | | +| clientSide.js:21:42:21:45 | name | clientSide.js:21:13:21:53 | 'https: ... + '/id' | provenance | | +nodes +| clientSide.js:11:11:11:53 | query | semmle.label | query | +| clientSide.js:11:19:11:40 | window. ... .search | semmle.label | window. ... .search | +| clientSide.js:11:19:11:53 | window. ... ring(1) | semmle.label | window. ... ring(1) | +| clientSide.js:12:13:12:54 | 'https: ... + '/id' | semmle.label | 'https: ... + '/id' | +| clientSide.js:12:42:12:46 | query | semmle.label | query | +| clientSide.js:14:13:14:63 | 'https: ... .search | semmle.label | 'https: ... .search | +| clientSide.js:14:42:14:63 | window. ... .search | semmle.label | window. ... .search | +| clientSide.js:16:11:16:54 | fragment | semmle.label | fragment | +| clientSide.js:16:22:16:41 | window.location.hash | semmle.label | window.location.hash | +| clientSide.js:16:22:16:54 | window. ... ring(1) | semmle.label | window. ... ring(1) | +| clientSide.js:17:13:17:57 | 'https: ... + '/id' | semmle.label | 'https: ... + '/id' | +| clientSide.js:17:42:17:49 | fragment | semmle.label | fragment | +| clientSide.js:20:11:20:28 | name | semmle.label | name | +| clientSide.js:20:18:20:28 | window.name | semmle.label | window.name | +| clientSide.js:21:13:21:53 | 'https: ... + '/id' | semmle.label | 'https: ... + '/id' | +| clientSide.js:21:42:21:45 | name | semmle.label | name | +subpaths #select | clientSide.js:12:5:12:55 | request ... '/id') | clientSide.js:11:19:11:40 | window. ... .search | clientSide.js:12:13:12:54 | 'https: ... + '/id' | The $@ of this request depends on a $@. | clientSide.js:12:13:12:54 | 'https: ... + '/id' | URL | clientSide.js:11:19:11:40 | window. ... .search | user-provided value | | clientSide.js:14:5:14:64 | request ... search) | clientSide.js:14:42:14:63 | window. ... .search | clientSide.js:14:13:14:63 | 'https: ... .search | The $@ of this request depends on a $@. | clientSide.js:14:13:14:63 | 'https: ... .search | URL | clientSide.js:14:42:14:63 | window. ... .search | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-918/Consistency.ql b/javascript/ql/test/query-tests/Security/CWE-918/Consistency.ql index 7950d897e8fa..1e81213b108b 100644 --- a/javascript/ql/test/query-tests/Security/CWE-918/Consistency.ql +++ b/javascript/ql/test/query-tests/Security/CWE-918/Consistency.ql @@ -4,14 +4,22 @@ import semmle.javascript.security.dataflow.ClientSideRequestForgeryQuery as Clie import testUtilities.ConsistencyChecking query predicate resultInWrongFile(DataFlow::Node node) { - exists(DataFlow::Configuration cfg, string filePattern | - cfg instanceof RequestForgery::Configuration and + exists(string filePattern | + RequestForgery::RequestForgeryFlow::flowTo(node) and filePattern = ".*serverSide.*" or - cfg instanceof ClientSideRequestForgery::Configuration and + ClientSideRequestForgery::ClientSideRequestForgeryFlow::flowTo(node) and filePattern = ".*clientSide.*" | - cfg.hasFlow(_, node) and not node.getFile().getRelativePath().regexpMatch(filePattern) ) } + +class Consistency extends ConsistencyConfiguration { + Consistency() { this = "Consistency" } + + override DataFlow::Node getAnAlert() { + RequestForgery::RequestForgeryFlow::flowTo(result) or + ClientSideRequestForgery::ClientSideRequestForgeryFlow::flowTo(result) + } +} diff --git a/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected b/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected index 012033fce624..edeab8f1d94f 100644 --- a/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected +++ b/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected @@ -1,202 +1,112 @@ -nodes -| serverSide.js:14:9:14:52 | tainted | -| serverSide.js:14:19:14:42 | url.par ... , true) | -| serverSide.js:14:19:14:48 | url.par ... ).query | -| serverSide.js:14:19:14:52 | url.par ... ery.url | -| serverSide.js:14:29:14:35 | req.url | -| serverSide.js:14:29:14:35 | req.url | -| serverSide.js:18:13:18:19 | tainted | -| serverSide.js:18:13:18:19 | tainted | -| serverSide.js:20:17:20:23 | tainted | -| serverSide.js:20:17:20:23 | tainted | -| serverSide.js:23:19:23:25 | tainted | -| serverSide.js:23:19:23:25 | tainted | -| serverSide.js:26:13:26:31 | "http://" + tainted | -| serverSide.js:26:13:26:31 | "http://" + tainted | -| serverSide.js:26:25:26:31 | tainted | -| serverSide.js:28:13:28:42 | "http:/ ... tainted | -| serverSide.js:28:13:28:42 | "http:/ ... tainted | -| serverSide.js:28:36:28:42 | tainted | -| serverSide.js:30:13:30:43 | "http:/ ... tainted | -| serverSide.js:30:13:30:43 | "http:/ ... tainted | -| serverSide.js:30:37:30:43 | tainted | -| serverSide.js:34:34:34:40 | tainted | -| serverSide.js:34:34:34:40 | tainted | -| serverSide.js:36:16:36:31 | new Uri(tainted) | -| serverSide.js:36:16:36:31 | new Uri(tainted) | -| serverSide.js:36:24:36:30 | tainted | -| serverSide.js:37:22:37:37 | new Uri(tainted) | -| serverSide.js:37:22:37:37 | new Uri(tainted) | -| serverSide.js:37:30:37:36 | tainted | -| serverSide.js:41:13:41:51 | `http:/ ... inted}` | -| serverSide.js:41:13:41:51 | `http:/ ... inted}` | -| serverSide.js:41:43:41:49 | tainted | -| serverSide.js:43:13:43:54 | `http:/ ... inted}` | -| serverSide.js:43:13:43:54 | `http:/ ... inted}` | -| serverSide.js:43:46:43:52 | tainted | -| serverSide.js:45:13:45:56 | 'http:/ ... tainted | -| serverSide.js:45:13:45:56 | 'http:/ ... tainted | -| serverSide.js:45:50:45:56 | tainted | -| serverSide.js:58:9:58:52 | tainted | -| serverSide.js:58:19:58:42 | url.par ... , true) | -| serverSide.js:58:19:58:48 | url.par ... ).query | -| serverSide.js:58:19:58:52 | url.par ... ery.url | -| serverSide.js:58:29:58:35 | req.url | -| serverSide.js:58:29:58:35 | req.url | -| serverSide.js:61:29:61:35 | tainted | -| serverSide.js:61:29:61:35 | tainted | -| serverSide.js:64:30:64:36 | tainted | -| serverSide.js:64:30:64:36 | tainted | -| serverSide.js:68:30:68:36 | tainted | -| serverSide.js:68:30:68:36 | tainted | -| serverSide.js:74:9:74:52 | tainted | -| serverSide.js:74:19:74:42 | url.par ... , true) | -| serverSide.js:74:19:74:48 | url.par ... ).query | -| serverSide.js:74:19:74:52 | url.par ... ery.url | -| serverSide.js:74:29:74:35 | req.url | -| serverSide.js:74:29:74:35 | req.url | -| serverSide.js:76:19:76:25 | tainted | -| serverSide.js:76:19:76:25 | tainted | -| serverSide.js:83:38:83:43 | param1 | -| serverSide.js:83:38:83:43 | param1 | -| serverSide.js:84:19:84:24 | param1 | -| serverSide.js:84:19:84:24 | param1 | -| serverSide.js:90:19:90:28 | ctx.params | -| serverSide.js:90:19:90:28 | ctx.params | -| serverSide.js:90:19:90:32 | ctx.params.foo | -| serverSide.js:90:19:90:32 | ctx.params.foo | -| serverSide.js:92:19:92:28 | ctx.params | -| serverSide.js:92:19:92:28 | ctx.params | -| serverSide.js:92:19:92:32 | ctx.params.foo | -| serverSide.js:92:19:92:32 | ctx.params.foo | -| serverSide.js:98:9:98:52 | tainted | -| serverSide.js:98:19:98:42 | url.par ... , true) | -| serverSide.js:98:19:98:48 | url.par ... ).query | -| serverSide.js:98:19:98:52 | url.par ... ery.url | -| serverSide.js:98:29:98:35 | req.url | -| serverSide.js:98:29:98:35 | req.url | -| serverSide.js:100:19:100:25 | tainted | -| serverSide.js:100:19:100:25 | tainted | -| serverSide.js:108:11:108:27 | url | -| serverSide.js:108:17:108:27 | request.url | -| serverSide.js:108:17:108:27 | request.url | -| serverSide.js:109:27:109:29 | url | -| serverSide.js:109:27:109:29 | url | -| serverSide.js:115:11:115:42 | url | -| serverSide.js:115:17:115:42 | new URL ... , base) | -| serverSide.js:115:25:115:35 | request.url | -| serverSide.js:115:25:115:35 | request.url | -| serverSide.js:117:27:117:29 | url | -| serverSide.js:117:27:117:29 | url | -| serverSide.js:123:9:123:52 | tainted | -| serverSide.js:123:19:123:42 | url.par ... , true) | -| serverSide.js:123:19:123:48 | url.par ... ).query | -| serverSide.js:123:19:123:52 | url.par ... ery.url | -| serverSide.js:123:29:123:35 | req.url | -| serverSide.js:123:29:123:35 | req.url | -| serverSide.js:127:14:127:20 | tainted | -| serverSide.js:127:14:127:20 | tainted | -| serverSide.js:130:9:130:45 | myUrl | -| serverSide.js:130:17:130:45 | `${some ... inted}` | -| serverSide.js:130:37:130:43 | tainted | -| serverSide.js:131:15:131:19 | myUrl | -| serverSide.js:131:15:131:19 | myUrl | edges -| serverSide.js:14:9:14:52 | tainted | serverSide.js:18:13:18:19 | tainted | -| serverSide.js:14:9:14:52 | tainted | serverSide.js:18:13:18:19 | tainted | -| serverSide.js:14:9:14:52 | tainted | serverSide.js:20:17:20:23 | tainted | -| serverSide.js:14:9:14:52 | tainted | serverSide.js:20:17:20:23 | tainted | -| serverSide.js:14:9:14:52 | tainted | serverSide.js:23:19:23:25 | tainted | -| serverSide.js:14:9:14:52 | tainted | serverSide.js:23:19:23:25 | tainted | -| serverSide.js:14:9:14:52 | tainted | serverSide.js:26:25:26:31 | tainted | -| serverSide.js:14:9:14:52 | tainted | serverSide.js:28:36:28:42 | tainted | -| serverSide.js:14:9:14:52 | tainted | serverSide.js:30:37:30:43 | tainted | -| serverSide.js:14:9:14:52 | tainted | serverSide.js:34:34:34:40 | tainted | -| serverSide.js:14:9:14:52 | tainted | serverSide.js:34:34:34:40 | tainted | -| serverSide.js:14:9:14:52 | tainted | serverSide.js:36:24:36:30 | tainted | -| serverSide.js:14:9:14:52 | tainted | serverSide.js:37:30:37:36 | tainted | -| serverSide.js:14:9:14:52 | tainted | serverSide.js:41:43:41:49 | tainted | -| serverSide.js:14:9:14:52 | tainted | serverSide.js:43:46:43:52 | tainted | -| serverSide.js:14:9:14:52 | tainted | serverSide.js:45:50:45:56 | tainted | -| serverSide.js:14:19:14:42 | url.par ... , true) | serverSide.js:14:19:14:48 | url.par ... ).query | -| serverSide.js:14:19:14:48 | url.par ... ).query | serverSide.js:14:19:14:52 | url.par ... ery.url | -| serverSide.js:14:19:14:52 | url.par ... ery.url | serverSide.js:14:9:14:52 | tainted | -| serverSide.js:14:29:14:35 | req.url | serverSide.js:14:19:14:42 | url.par ... , true) | -| serverSide.js:14:29:14:35 | req.url | serverSide.js:14:19:14:42 | url.par ... , true) | -| serverSide.js:26:25:26:31 | tainted | serverSide.js:26:13:26:31 | "http://" + tainted | -| serverSide.js:26:25:26:31 | tainted | serverSide.js:26:13:26:31 | "http://" + tainted | -| serverSide.js:28:36:28:42 | tainted | serverSide.js:28:13:28:42 | "http:/ ... tainted | -| serverSide.js:28:36:28:42 | tainted | serverSide.js:28:13:28:42 | "http:/ ... tainted | -| serverSide.js:30:37:30:43 | tainted | serverSide.js:30:13:30:43 | "http:/ ... tainted | -| serverSide.js:30:37:30:43 | tainted | serverSide.js:30:13:30:43 | "http:/ ... tainted | -| serverSide.js:36:24:36:30 | tainted | serverSide.js:36:16:36:31 | new Uri(tainted) | -| serverSide.js:36:24:36:30 | tainted | serverSide.js:36:16:36:31 | new Uri(tainted) | -| serverSide.js:37:30:37:36 | tainted | serverSide.js:37:22:37:37 | new Uri(tainted) | -| serverSide.js:37:30:37:36 | tainted | serverSide.js:37:22:37:37 | new Uri(tainted) | -| serverSide.js:41:43:41:49 | tainted | serverSide.js:41:13:41:51 | `http:/ ... inted}` | -| serverSide.js:41:43:41:49 | tainted | serverSide.js:41:13:41:51 | `http:/ ... inted}` | -| serverSide.js:43:46:43:52 | tainted | serverSide.js:43:13:43:54 | `http:/ ... inted}` | -| serverSide.js:43:46:43:52 | tainted | serverSide.js:43:13:43:54 | `http:/ ... inted}` | -| serverSide.js:45:50:45:56 | tainted | serverSide.js:45:13:45:56 | 'http:/ ... tainted | -| serverSide.js:45:50:45:56 | tainted | serverSide.js:45:13:45:56 | 'http:/ ... tainted | -| serverSide.js:58:9:58:52 | tainted | serverSide.js:61:29:61:35 | tainted | -| serverSide.js:58:9:58:52 | tainted | serverSide.js:61:29:61:35 | tainted | -| serverSide.js:58:9:58:52 | tainted | serverSide.js:64:30:64:36 | tainted | -| serverSide.js:58:9:58:52 | tainted | serverSide.js:64:30:64:36 | tainted | -| serverSide.js:58:9:58:52 | tainted | serverSide.js:68:30:68:36 | tainted | -| serverSide.js:58:9:58:52 | tainted | serverSide.js:68:30:68:36 | tainted | -| serverSide.js:58:19:58:42 | url.par ... , true) | serverSide.js:58:19:58:48 | url.par ... ).query | -| serverSide.js:58:19:58:48 | url.par ... ).query | serverSide.js:58:19:58:52 | url.par ... ery.url | -| serverSide.js:58:19:58:52 | url.par ... ery.url | serverSide.js:58:9:58:52 | tainted | -| serverSide.js:58:29:58:35 | req.url | serverSide.js:58:19:58:42 | url.par ... , true) | -| serverSide.js:58:29:58:35 | req.url | serverSide.js:58:19:58:42 | url.par ... , true) | -| serverSide.js:74:9:74:52 | tainted | serverSide.js:76:19:76:25 | tainted | -| serverSide.js:74:9:74:52 | tainted | serverSide.js:76:19:76:25 | tainted | -| serverSide.js:74:19:74:42 | url.par ... , true) | serverSide.js:74:19:74:48 | url.par ... ).query | -| serverSide.js:74:19:74:48 | url.par ... ).query | serverSide.js:74:19:74:52 | url.par ... ery.url | -| serverSide.js:74:19:74:52 | url.par ... ery.url | serverSide.js:74:9:74:52 | tainted | -| serverSide.js:74:29:74:35 | req.url | serverSide.js:74:19:74:42 | url.par ... , true) | -| serverSide.js:74:29:74:35 | req.url | serverSide.js:74:19:74:42 | url.par ... , true) | -| serverSide.js:83:38:83:43 | param1 | serverSide.js:84:19:84:24 | param1 | -| serverSide.js:83:38:83:43 | param1 | serverSide.js:84:19:84:24 | param1 | -| serverSide.js:83:38:83:43 | param1 | serverSide.js:84:19:84:24 | param1 | -| serverSide.js:83:38:83:43 | param1 | serverSide.js:84:19:84:24 | param1 | -| serverSide.js:90:19:90:28 | ctx.params | serverSide.js:90:19:90:32 | ctx.params.foo | -| serverSide.js:90:19:90:28 | ctx.params | serverSide.js:90:19:90:32 | ctx.params.foo | -| serverSide.js:90:19:90:28 | ctx.params | serverSide.js:90:19:90:32 | ctx.params.foo | -| serverSide.js:90:19:90:28 | ctx.params | serverSide.js:90:19:90:32 | ctx.params.foo | -| serverSide.js:92:19:92:28 | ctx.params | serverSide.js:92:19:92:32 | ctx.params.foo | -| serverSide.js:92:19:92:28 | ctx.params | serverSide.js:92:19:92:32 | ctx.params.foo | -| serverSide.js:92:19:92:28 | ctx.params | serverSide.js:92:19:92:32 | ctx.params.foo | -| serverSide.js:92:19:92:28 | ctx.params | serverSide.js:92:19:92:32 | ctx.params.foo | -| serverSide.js:98:9:98:52 | tainted | serverSide.js:100:19:100:25 | tainted | -| serverSide.js:98:9:98:52 | tainted | serverSide.js:100:19:100:25 | tainted | -| serverSide.js:98:19:98:42 | url.par ... , true) | serverSide.js:98:19:98:48 | url.par ... ).query | -| serverSide.js:98:19:98:48 | url.par ... ).query | serverSide.js:98:19:98:52 | url.par ... ery.url | -| serverSide.js:98:19:98:52 | url.par ... ery.url | serverSide.js:98:9:98:52 | tainted | -| serverSide.js:98:29:98:35 | req.url | serverSide.js:98:19:98:42 | url.par ... , true) | -| serverSide.js:98:29:98:35 | req.url | serverSide.js:98:19:98:42 | url.par ... , true) | -| serverSide.js:108:11:108:27 | url | serverSide.js:109:27:109:29 | url | -| serverSide.js:108:11:108:27 | url | serverSide.js:109:27:109:29 | url | -| serverSide.js:108:17:108:27 | request.url | serverSide.js:108:11:108:27 | url | -| serverSide.js:108:17:108:27 | request.url | serverSide.js:108:11:108:27 | url | -| serverSide.js:115:11:115:42 | url | serverSide.js:117:27:117:29 | url | -| serverSide.js:115:11:115:42 | url | serverSide.js:117:27:117:29 | url | -| serverSide.js:115:17:115:42 | new URL ... , base) | serverSide.js:115:11:115:42 | url | -| serverSide.js:115:25:115:35 | request.url | serverSide.js:115:17:115:42 | new URL ... , base) | -| serverSide.js:115:25:115:35 | request.url | serverSide.js:115:17:115:42 | new URL ... , base) | -| serverSide.js:123:9:123:52 | tainted | serverSide.js:127:14:127:20 | tainted | -| serverSide.js:123:9:123:52 | tainted | serverSide.js:127:14:127:20 | tainted | -| serverSide.js:123:9:123:52 | tainted | serverSide.js:130:37:130:43 | tainted | -| serverSide.js:123:19:123:42 | url.par ... , true) | serverSide.js:123:19:123:48 | url.par ... ).query | -| serverSide.js:123:19:123:48 | url.par ... ).query | serverSide.js:123:19:123:52 | url.par ... ery.url | -| serverSide.js:123:19:123:52 | url.par ... ery.url | serverSide.js:123:9:123:52 | tainted | -| serverSide.js:123:29:123:35 | req.url | serverSide.js:123:19:123:42 | url.par ... , true) | -| serverSide.js:123:29:123:35 | req.url | serverSide.js:123:19:123:42 | url.par ... , true) | -| serverSide.js:130:9:130:45 | myUrl | serverSide.js:131:15:131:19 | myUrl | -| serverSide.js:130:9:130:45 | myUrl | serverSide.js:131:15:131:19 | myUrl | -| serverSide.js:130:17:130:45 | `${some ... inted}` | serverSide.js:130:9:130:45 | myUrl | -| serverSide.js:130:37:130:43 | tainted | serverSide.js:130:17:130:45 | `${some ... inted}` | +| serverSide.js:14:9:14:52 | tainted | serverSide.js:18:13:18:19 | tainted | provenance | | +| serverSide.js:14:9:14:52 | tainted | serverSide.js:20:17:20:23 | tainted | provenance | | +| serverSide.js:14:9:14:52 | tainted | serverSide.js:23:19:23:25 | tainted | provenance | | +| serverSide.js:14:9:14:52 | tainted | serverSide.js:26:25:26:31 | tainted | provenance | | +| serverSide.js:14:9:14:52 | tainted | serverSide.js:28:36:28:42 | tainted | provenance | | +| serverSide.js:14:9:14:52 | tainted | serverSide.js:30:37:30:43 | tainted | provenance | | +| serverSide.js:14:9:14:52 | tainted | serverSide.js:34:34:34:40 | tainted | provenance | | +| serverSide.js:14:9:14:52 | tainted | serverSide.js:36:24:36:30 | tainted | provenance | | +| serverSide.js:14:9:14:52 | tainted | serverSide.js:37:30:37:36 | tainted | provenance | | +| serverSide.js:14:9:14:52 | tainted | serverSide.js:41:43:41:49 | tainted | provenance | | +| serverSide.js:14:9:14:52 | tainted | serverSide.js:43:46:43:52 | tainted | provenance | | +| serverSide.js:14:9:14:52 | tainted | serverSide.js:45:50:45:56 | tainted | provenance | | +| serverSide.js:14:19:14:42 | url.par ... , true) | serverSide.js:14:9:14:52 | tainted | provenance | | +| serverSide.js:14:29:14:35 | req.url | serverSide.js:14:19:14:42 | url.par ... , true) | provenance | | +| serverSide.js:26:25:26:31 | tainted | serverSide.js:26:13:26:31 | "http://" + tainted | provenance | | +| serverSide.js:28:36:28:42 | tainted | serverSide.js:28:13:28:42 | "http:/ ... tainted | provenance | | +| serverSide.js:30:37:30:43 | tainted | serverSide.js:30:13:30:43 | "http:/ ... tainted | provenance | | +| serverSide.js:36:24:36:30 | tainted | serverSide.js:36:16:36:31 | new Uri(tainted) | provenance | | +| serverSide.js:37:30:37:36 | tainted | serverSide.js:37:22:37:37 | new Uri(tainted) | provenance | | +| serverSide.js:41:43:41:49 | tainted | serverSide.js:41:13:41:51 | `http:/ ... inted}` | provenance | | +| serverSide.js:43:46:43:52 | tainted | serverSide.js:43:13:43:54 | `http:/ ... inted}` | provenance | | +| serverSide.js:45:50:45:56 | tainted | serverSide.js:45:13:45:56 | 'http:/ ... tainted | provenance | | +| serverSide.js:58:9:58:52 | tainted | serverSide.js:61:29:61:35 | tainted | provenance | | +| serverSide.js:58:9:58:52 | tainted | serverSide.js:61:29:61:35 | tainted | provenance | | +| serverSide.js:58:19:58:42 | url.par ... , true) | serverSide.js:58:9:58:52 | tainted | provenance | | +| serverSide.js:58:29:58:35 | req.url | serverSide.js:58:19:58:42 | url.par ... , true) | provenance | | +| serverSide.js:61:29:61:35 | tainted | serverSide.js:64:30:64:36 | tainted | provenance | | +| serverSide.js:61:29:61:35 | tainted | serverSide.js:68:30:68:36 | tainted | provenance | | +| serverSide.js:74:9:74:52 | tainted | serverSide.js:76:19:76:25 | tainted | provenance | | +| serverSide.js:74:19:74:42 | url.par ... , true) | serverSide.js:74:9:74:52 | tainted | provenance | | +| serverSide.js:74:29:74:35 | req.url | serverSide.js:74:19:74:42 | url.par ... , true) | provenance | | +| serverSide.js:83:38:83:43 | param1 | serverSide.js:84:19:84:24 | param1 | provenance | | +| serverSide.js:90:19:90:28 | ctx.params | serverSide.js:90:19:90:32 | ctx.params.foo | provenance | | +| serverSide.js:92:19:92:28 | ctx.params | serverSide.js:92:19:92:32 | ctx.params.foo | provenance | | +| serverSide.js:98:9:98:52 | tainted | serverSide.js:100:19:100:25 | tainted | provenance | | +| serverSide.js:98:19:98:42 | url.par ... , true) | serverSide.js:98:9:98:52 | tainted | provenance | | +| serverSide.js:98:29:98:35 | req.url | serverSide.js:98:19:98:42 | url.par ... , true) | provenance | | +| serverSide.js:108:11:108:27 | url | serverSide.js:109:27:109:29 | url | provenance | | +| serverSide.js:108:17:108:27 | request.url | serverSide.js:108:11:108:27 | url | provenance | | +| serverSide.js:115:11:115:42 | url | serverSide.js:117:27:117:29 | url | provenance | | +| serverSide.js:115:17:115:42 | new URL ... , base) | serverSide.js:115:11:115:42 | url | provenance | | +| serverSide.js:115:25:115:35 | request.url | serverSide.js:115:17:115:42 | new URL ... , base) | provenance | Config | +| serverSide.js:123:9:123:52 | tainted | serverSide.js:127:14:127:20 | tainted | provenance | | +| serverSide.js:123:9:123:52 | tainted | serverSide.js:130:37:130:43 | tainted | provenance | | +| serverSide.js:123:19:123:42 | url.par ... , true) | serverSide.js:123:9:123:52 | tainted | provenance | | +| serverSide.js:123:29:123:35 | req.url | serverSide.js:123:19:123:42 | url.par ... , true) | provenance | | +| serverSide.js:130:9:130:45 | myUrl | serverSide.js:131:15:131:19 | myUrl | provenance | | +| serverSide.js:130:37:130:43 | tainted | serverSide.js:130:9:130:45 | myUrl | provenance | | +nodes +| serverSide.js:14:9:14:52 | tainted | semmle.label | tainted | +| serverSide.js:14:19:14:42 | url.par ... , true) | semmle.label | url.par ... , true) | +| serverSide.js:14:29:14:35 | req.url | semmle.label | req.url | +| serverSide.js:18:13:18:19 | tainted | semmle.label | tainted | +| serverSide.js:20:17:20:23 | tainted | semmle.label | tainted | +| serverSide.js:23:19:23:25 | tainted | semmle.label | tainted | +| serverSide.js:26:13:26:31 | "http://" + tainted | semmle.label | "http://" + tainted | +| serverSide.js:26:25:26:31 | tainted | semmle.label | tainted | +| serverSide.js:28:13:28:42 | "http:/ ... tainted | semmle.label | "http:/ ... tainted | +| serverSide.js:28:36:28:42 | tainted | semmle.label | tainted | +| serverSide.js:30:13:30:43 | "http:/ ... tainted | semmle.label | "http:/ ... tainted | +| serverSide.js:30:37:30:43 | tainted | semmle.label | tainted | +| serverSide.js:34:34:34:40 | tainted | semmle.label | tainted | +| serverSide.js:36:16:36:31 | new Uri(tainted) | semmle.label | new Uri(tainted) | +| serverSide.js:36:24:36:30 | tainted | semmle.label | tainted | +| serverSide.js:37:22:37:37 | new Uri(tainted) | semmle.label | new Uri(tainted) | +| serverSide.js:37:30:37:36 | tainted | semmle.label | tainted | +| serverSide.js:41:13:41:51 | `http:/ ... inted}` | semmle.label | `http:/ ... inted}` | +| serverSide.js:41:43:41:49 | tainted | semmle.label | tainted | +| serverSide.js:43:13:43:54 | `http:/ ... inted}` | semmle.label | `http:/ ... inted}` | +| serverSide.js:43:46:43:52 | tainted | semmle.label | tainted | +| serverSide.js:45:13:45:56 | 'http:/ ... tainted | semmle.label | 'http:/ ... tainted | +| serverSide.js:45:50:45:56 | tainted | semmle.label | tainted | +| serverSide.js:58:9:58:52 | tainted | semmle.label | tainted | +| serverSide.js:58:19:58:42 | url.par ... , true) | semmle.label | url.par ... , true) | +| serverSide.js:58:29:58:35 | req.url | semmle.label | req.url | +| serverSide.js:61:29:61:35 | tainted | semmle.label | tainted | +| serverSide.js:61:29:61:35 | tainted | semmle.label | tainted | +| serverSide.js:64:30:64:36 | tainted | semmle.label | tainted | +| serverSide.js:68:30:68:36 | tainted | semmle.label | tainted | +| serverSide.js:74:9:74:52 | tainted | semmle.label | tainted | +| serverSide.js:74:19:74:42 | url.par ... , true) | semmle.label | url.par ... , true) | +| serverSide.js:74:29:74:35 | req.url | semmle.label | req.url | +| serverSide.js:76:19:76:25 | tainted | semmle.label | tainted | +| serverSide.js:83:38:83:43 | param1 | semmle.label | param1 | +| serverSide.js:84:19:84:24 | param1 | semmle.label | param1 | +| serverSide.js:90:19:90:28 | ctx.params | semmle.label | ctx.params | +| serverSide.js:90:19:90:32 | ctx.params.foo | semmle.label | ctx.params.foo | +| serverSide.js:92:19:92:28 | ctx.params | semmle.label | ctx.params | +| serverSide.js:92:19:92:32 | ctx.params.foo | semmle.label | ctx.params.foo | +| serverSide.js:98:9:98:52 | tainted | semmle.label | tainted | +| serverSide.js:98:19:98:42 | url.par ... , true) | semmle.label | url.par ... , true) | +| serverSide.js:98:29:98:35 | req.url | semmle.label | req.url | +| serverSide.js:100:19:100:25 | tainted | semmle.label | tainted | +| serverSide.js:108:11:108:27 | url | semmle.label | url | +| serverSide.js:108:17:108:27 | request.url | semmle.label | request.url | +| serverSide.js:109:27:109:29 | url | semmle.label | url | +| serverSide.js:115:11:115:42 | url | semmle.label | url | +| serverSide.js:115:17:115:42 | new URL ... , base) | semmle.label | new URL ... , base) | +| serverSide.js:115:25:115:35 | request.url | semmle.label | request.url | +| serverSide.js:117:27:117:29 | url | semmle.label | url | +| serverSide.js:123:9:123:52 | tainted | semmle.label | tainted | +| serverSide.js:123:19:123:42 | url.par ... , true) | semmle.label | url.par ... , true) | +| serverSide.js:123:29:123:35 | req.url | semmle.label | req.url | +| serverSide.js:127:14:127:20 | tainted | semmle.label | tainted | +| serverSide.js:130:9:130:45 | myUrl | semmle.label | myUrl | +| serverSide.js:130:37:130:43 | tainted | semmle.label | tainted | +| serverSide.js:131:15:131:19 | myUrl | semmle.label | myUrl | +subpaths #select | serverSide.js:18:5:18:20 | request(tainted) | serverSide.js:14:29:14:35 | req.url | serverSide.js:18:13:18:19 | tainted | The $@ of this request depends on a $@. | serverSide.js:18:13:18:19 | tainted | URL | serverSide.js:14:29:14:35 | req.url | user-provided value | | serverSide.js:20:5:20:24 | request.get(tainted) | serverSide.js:14:29:14:35 | req.url | serverSide.js:20:17:20:23 | tainted | The $@ of this request depends on a $@. | serverSide.js:20:17:20:23 | tainted | URL | serverSide.js:14:29:14:35 | req.url | user-provided value | diff --git a/javascript/ql/test/testUtilities/ConsistencyChecking.qll b/javascript/ql/test/testUtilities/ConsistencyChecking.qll index 3c30f8accb2a..94979bcaab02 100644 --- a/javascript/ql/test/testUtilities/ConsistencyChecking.qll +++ b/javascript/ql/test/testUtilities/ConsistencyChecking.qll @@ -129,7 +129,7 @@ private predicate falseNegative(File file, int line, AssertionComment comment, C private File getATestFile(string conf) { not exists(any(ConsistencyConfiguration res).getAFile()) and result = any(LineComment comment).getFile() and - conf = "" + (conf = "" or conf instanceof ConsistencyConfiguration) or result = conf.(ConsistencyConfiguration).getAFile() } diff --git a/javascript/ql/test/testUtilities/LegacyDataFlowDiff.qll b/javascript/ql/test/testUtilities/LegacyDataFlowDiff.qll new file mode 100644 index 000000000000..00fd8217c211 --- /dev/null +++ b/javascript/ql/test/testUtilities/LegacyDataFlowDiff.qll @@ -0,0 +1,17 @@ +private import javascript + +private signature class LegacyConfigSig extends DataFlow::Configuration; + +module DataFlowDiff { + query predicate legacyDataFlowDifference( + DataFlow::Node source, DataFlow::Node sink, string message + ) { + NewFlow::flow(source, sink) and + not any(LegacyConfig cfg).hasFlow(source, sink) and + message = "only flow with NEW data flow library" + or + not NewFlow::flow(source, sink) and + any(LegacyConfig cfg).hasFlow(source, sink) and + message = "only flow with OLD data flow library" + } +} diff --git a/shared/dataflow/codeql/dataflow/DataFlow.qll b/shared/dataflow/codeql/dataflow/DataFlow.qll index 90cdf7de05cf..7aaf29d9b8d8 100644 --- a/shared/dataflow/codeql/dataflow/DataFlow.qll +++ b/shared/dataflow/codeql/dataflow/DataFlow.qll @@ -834,4 +834,228 @@ module DataFlowMake Lang> { } } } + + /** + * Generates a `PathGraph` in which equivalent path nodes are merged, in order to avoid duplicate paths. + */ + module DeduplicatePathGraph Graph> { + // NOTE: there is a known limitation in that this module cannot see which nodes are sources or sinks. + // This only matters in the rare case where a sink PathNode has a non-empty set of succesors, and there is a + // non-sink PathNode with the same `(node, toString)` value and the same successors, but is transitively + // reachable from a different set of PathNodes. (And conversely for sources). + // + pragma[nomagic] + private InputPathNode getAPathNode(Node node, string toString) { + result.getNode() = node and + Graph::nodes(result, _, toString) + } + + private signature predicate collapseCandidateSig(Node node, string toString); + + private signature predicate stepSig(InputPathNode node1, InputPathNode node2); + + private signature predicate subpathStepSig( + InputPathNode arg, InputPathNode param, InputPathNode ret, InputPathNode out + ); + + /** + * Performs a forward or backward pass computing which `(node, toString)` pairs can subsume their corresponding + * path nodes. + * + * This is similar to automaton minimization, but for an NFA. Since minimizing an NFA is NP-hard (and does not have + * a unique minimal NFA), we operate with the simpler model: for a given `(node, toString)` pair, either all + * corresponding path nodes are merged, or none are merged. + * + * Comments are written as if this checks for outgoing edges and propagates backward, though the module is also + * used to perform the opposite direction. + */ + private module MakeDiscriminatorPass< + collapseCandidateSig/2 collapseCandidate, stepSig/2 step, subpathStepSig/4 subpathStep> + { + /** + * Gets the number of `(node, toString)` pairs reachable in one step from `pathNode`. + */ + private int getOutDegreeFromPathNode(InputPathNode pathNode) { + result = count(Node node, string toString | step(pathNode, getAPathNode(node, toString))) + } + + /** + * Gets the number of `(node2, toString2)` pairs reachable in one step from path nodes corresponding to `(node, toString)`. + */ + private int getOutDegreeFromNode(Node node, string toString) { + result = + strictcount(Node node2, string toString2 | + step(getAPathNode(node, toString), getAPathNode(node2, toString2)) + ) + } + + /** + * Like `getOutDegreeFromPathNode` except counts `subpath` tuples. + */ + private int getSubpathOutDegreeFromPathNode(InputPathNode pathNode) { + result = + count(Node n1, string s1, Node n2, string s2, Node n3, string s3 | + subpathStep(pathNode, getAPathNode(n1, s1), getAPathNode(n2, s2), getAPathNode(n3, s3)) + ) + } + + /** + * Like `getOutDegreeFromNode` except counts `subpath` tuples. + */ + private int getSubpathOutDegreeFromNode(Node node, string toString) { + result = + strictcount(Node n1, string s1, Node n2, string s2, Node n3, string s3 | + subpathStep(getAPathNode(node, toString), getAPathNode(n1, s1), getAPathNode(n2, s2), + getAPathNode(n3, s3)) + ) + } + + /** Gets a successor of `node` including subpath flow-through. */ + InputPathNode stepEx(InputPathNode node) { + step(node, result) + or + subpathStep(node, _, _, result) // assuming the input is pruned properly, all subpaths have flow-through + } + + InputPathNode enterSubpathStep(InputPathNode node) { subpathStep(node, result, _, _) } + + InputPathNode exitSubpathStep(InputPathNode node) { subpathStep(_, _, node, result) } + + /** Holds if `(node, toString)` cannot be collapsed (but was a candidate for being collapsed). */ + predicate discriminatedPair(Node node, string toString, boolean hasEnter) { + collapseCandidate(node, toString) and + hasEnter = false and + ( + // Check if all corresponding PathNodes have the same successor sets when projected to `(node, toString)`. + // To do this, we check that each successor set has the same size as the union of the succesor sets. + // - If the successor sets are equal, then they are also equal to their union, and so have the correct size. + // - Conversely, if two successor sets are not equal, one of them must be missing an element that is present + // in the union, but must still be a subset of the union, and thus be strictly smaller than the union. + getOutDegreeFromPathNode(getAPathNode(node, toString)) < + getOutDegreeFromNode(node, toString) + or + // Same as above but counting associated subpath triples instead + getSubpathOutDegreeFromPathNode(getAPathNode(node, toString)) < + getSubpathOutDegreeFromNode(node, toString) + ) + or + collapseCandidate(node, toString) and + ( + // Retain flow state if one of the successors requires it to be retained + discriminatedPathNode(stepEx(getAPathNode(node, toString)), hasEnter) + or + // Enter a subpath + discriminatedPathNode(enterSubpathStep(getAPathNode(node, toString)), _) and + hasEnter = true + or + // Exit a subpath + discriminatedPathNode(exitSubpathStep(getAPathNode(node, toString)), false) and + hasEnter = false + ) + } + + /** Holds if `pathNode` cannot be collapsed. */ + private predicate discriminatedPathNode(InputPathNode pathNode, boolean hasEnter) { + exists(Node node, string toString | + discriminatedPair(node, toString, hasEnter) and + getAPathNode(node, toString) = pathNode + ) + } + + /** Holds if `(node, toString)` cannot be collapsed (but was a candidate for being collapsed). */ + predicate discriminatedPair(Node node, string toString) { + discriminatedPair(node, toString, _) + } + + /** Holds if `pathNode` cannot be collapsed. */ + predicate discriminatedPathNode(InputPathNode pathNode) { discriminatedPathNode(pathNode, _) } + } + + private predicate initialCandidate(Node node, string toString) { + exists(getAPathNode(node, toString)) + } + + private predicate edgesProj(InputPathNode node1, InputPathNode node2) { + Graph::edges(node1, node2, _, _) + } + + private module Pass1 = + MakeDiscriminatorPass; + + private predicate edgesRev(InputPathNode node1, InputPathNode node2) { + Graph::edges(node2, node1, _, _) + } + + private predicate subpathsRev( + InputPathNode n1, InputPathNode n2, InputPathNode n3, InputPathNode n4 + ) { + Graph::subpaths(n4, n3, n2, n1) + } + + private module Pass2 = + MakeDiscriminatorPass; + + private newtype TPathNode = + TPreservedPathNode(InputPathNode node) { Pass2::discriminatedPathNode(node) } or + TCollapsedPathNode(Node node, string toString) { + initialCandidate(node, toString) and + not Pass2::discriminatedPair(node, toString) + } + + /** A node in the path graph after equivalent nodes have been collapsed. */ + class PathNode extends TPathNode { + private Node asCollapsedNode() { this = TCollapsedPathNode(result, _) } + + private InputPathNode asPreservedNode() { this = TPreservedPathNode(result) } + + /** Gets a correspondng node in the original graph. */ + InputPathNode getAnOriginalPathNode() { + exists(Node node, string toString | + this = TCollapsedPathNode(node, toString) and + result = getAPathNode(node, toString) + ) + or + result = this.asPreservedNode() + } + + /** Gets a string representation of this node. */ + string toString() { + result = this.asPreservedNode().toString() or this = TCollapsedPathNode(_, result) + } + + /** Gets the location of this node. */ + Location getLocation() { result = this.getAnOriginalPathNode().getLocation() } + + /** Gets the corresponding data-flow node. */ + Node getNode() { + result = this.asCollapsedNode() + or + result = this.asPreservedNode().getNode() + } + } + + /** + * Provides the query predicates needed to include a graph in a path-problem query. + */ + module PathGraph implements PathGraphSig { + query predicate nodes(PathNode node, string key, string val) { + Graph::nodes(node.getAnOriginalPathNode(), key, val) + } + + query predicate edges(PathNode node1, PathNode node2, string key, string val) { + // TODO: ensure deduplication preserves key/val sequence? + Graph::edges(node1.getAnOriginalPathNode(), node2.getAnOriginalPathNode(), key, val) + } + + query predicate subpaths(PathNode arg, PathNode par, PathNode ret, PathNode out) { + // Note: this may look suspiciously simple, but it's not an oversight. Even if the caller needs to retain state, + // it is entirely possible to step through a subpath in which state has been projected away. + Graph::subpaths(arg.getAnOriginalPathNode(), par.getAnOriginalPathNode(), + ret.getAnOriginalPathNode(), out.getAnOriginalPathNode()) + } + } + + // Re-export the PathGraph so the user can import a single module and get both PathNode and the query predicates + import PathGraph + } } diff --git a/shared/dataflow/codeql/dataflow/VariableCapture.qll b/shared/dataflow/codeql/dataflow/VariableCapture.qll index 9fd385d44587..c48b46e8a7ba 100644 --- a/shared/dataflow/codeql/dataflow/VariableCapture.qll +++ b/shared/dataflow/codeql/dataflow/VariableCapture.qll @@ -645,6 +645,8 @@ module Flow Input> implements OutputSig Location getLocation() { exists(CapturedVariable v | this = TVariable(v) and result = v.getLocation()) + or + exists(Callable c | this = TThis(c) and result = c.getLocation()) } }