diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/Consistency.expected b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/Consistency.expected
deleted file mode 100644
index e69de29bb2d1..000000000000
diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/Consistency.ql b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/Consistency.ql
deleted file mode 100644
index 0183ac6ade66..000000000000
--- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/Consistency.ql
+++ /dev/null
@@ -1,9 +0,0 @@
-import javascript
-import semmle.javascript.security.dataflow.TaintedPathQuery
-deprecated import utils.test.ConsistencyChecking
-
-deprecated class TaintedPathConsistency extends ConsistencyConfiguration {
-  TaintedPathConsistency() { this = "TaintedPathConsistency" }
-
-  override DataFlow::Node getAnAlert() { TaintedPathFlow::flowTo(result) }
-}
diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath-es6.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath-es6.js
index f7c6d172ead2..573302c33cc5 100644
--- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath-es6.js
+++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath-es6.js
@@ -4,8 +4,7 @@ import { parse } from 'url';
 import { join } from 'path';
 
 var server = createServer(function(req, res) {
-  let path = parse(req.url, true).query.path;
+  let path = parse(req.url, true).query.path; // $ Source
 
-  // BAD: This could read any file on the file system
-  res.write(readFileSync(join("public", path)));
+  res.write(readFileSync(join("public", path))); // $ Alert - This could read any file on the file system
 });
diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected
index c1985970e3b0..922512ee7624 100644
--- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected
+++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected
@@ -1,655 +1,327 @@
-nodes
-| TaintedPath-es6.js:7:7:7:44 | path | semmle.label | path |
-| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | semmle.label | parse(req.url, true) |
-| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | semmle.label | parse(r ... ).query |
-| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | semmle.label | parse(r ... ry.path |
-| TaintedPath-es6.js:7:20:7:26 | req.url | semmle.label | req.url |
-| TaintedPath-es6.js:10:26:10:45 | join("public", path) | semmle.label | join("public", path) |
-| TaintedPath-es6.js:10:41:10:44 | path | semmle.label | path |
-| TaintedPath.js:9:7:9:48 | path | semmle.label | path |
-| TaintedPath.js:9:14:9:37 | url.par ... , true) | semmle.label | url.par ... , true) |
-| TaintedPath.js:9:14:9:43 | url.par ... ).query | semmle.label | url.par ... ).query |
-| TaintedPath.js:9:14:9:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
-| TaintedPath.js:9:24:9:30 | req.url | semmle.label | req.url |
-| TaintedPath.js:12:29:12:32 | path | semmle.label | path |
-| TaintedPath.js:15:29:15:48 | "/home/user/" + path | semmle.label | "/home/user/" + path |
-| TaintedPath.js:15:45:15:48 | path | semmle.label | path |
-| TaintedPath.js:18:33:18:36 | path | semmle.label | path |
-| TaintedPath.js:21:33:21:36 | path | semmle.label | path |
-| TaintedPath.js:24:33:24:36 | path | semmle.label | path |
-| TaintedPath.js:33:31:33:34 | path | semmle.label | path |
-| TaintedPath.js:38:3:38:44 | path | semmle.label | path |
-| TaintedPath.js:38:10:38:33 | url.par ... , true) | semmle.label | url.par ... , true) |
-| TaintedPath.js:38:10:38:39 | url.par ... ).query | semmle.label | url.par ... ).query |
-| TaintedPath.js:38:10:38:44 | url.par ... ry.path | semmle.label | url.par ... ry.path |
-| TaintedPath.js:38:20:38:26 | req.url | semmle.label | req.url |
-| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | semmle.label | pathMod ... e(path) |
-| TaintedPath.js:42:48:42:51 | path | semmle.label | path |
-| TaintedPath.js:46:29:46:49 | pathMod ... n(path) | semmle.label | pathMod ... n(path) |
-| TaintedPath.js:46:45:46:48 | path | semmle.label | path |
-| TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | semmle.label | pathMod ... ath, z) |
-| TaintedPath.js:48:51:48:54 | path | semmle.label | path |
-| TaintedPath.js:50:29:50:54 | pathMod ... e(path) | semmle.label | pathMod ... e(path) |
-| TaintedPath.js:50:50:50:53 | path | semmle.label | path |
-| TaintedPath.js:52:29:52:56 | pathMod ... , path) | semmle.label | pathMod ... , path) |
-| TaintedPath.js:52:52:52:55 | path | semmle.label | path |
-| TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | semmle.label | pathMod ... ath, x) |
-| TaintedPath.js:54:49:54:52 | path | semmle.label | path |
-| TaintedPath.js:56:29:56:52 | pathMod ... e(path) | semmle.label | pathMod ... e(path) |
-| TaintedPath.js:56:48:56:51 | path | semmle.label | path |
-| TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | semmle.label | pathMod ... ath, z) |
-| TaintedPath.js:58:54:58:57 | path | semmle.label | path |
-| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | semmle.label | pathMod ... h(path) |
-| TaintedPath.js:60:57:60:60 | path | semmle.label | path |
-| TaintedPath.js:65:31:65:70 | require ... eq.url) | semmle.label | require ... eq.url) |
-| TaintedPath.js:65:31:65:76 | require ... ).query | semmle.label | require ... ).query |
-| TaintedPath.js:65:63:65:69 | req.url | semmle.label | req.url |
-| TaintedPath.js:66:31:66:68 | require ... eq.url) | semmle.label | require ... eq.url) |
-| TaintedPath.js:66:31:66:74 | require ... ).query | semmle.label | require ... ).query |
-| TaintedPath.js:66:61:66:67 | req.url | semmle.label | req.url |
-| TaintedPath.js:67:31:67:67 | require ... eq.url) | semmle.label | require ... eq.url) |
-| TaintedPath.js:67:31:67:73 | require ... ).query | semmle.label | require ... ).query |
-| TaintedPath.js:67:60:67:66 | req.url | semmle.label | req.url |
-| TaintedPath.js:75:48:75:60 | req.params[0] | semmle.label | req.params[0] |
-| TaintedPath.js:84:6:84:47 | path | semmle.label | path |
-| TaintedPath.js:84:13:84:36 | url.par ... , true) | semmle.label | url.par ... , true) |
-| TaintedPath.js:84:13:84:42 | url.par ... ).query | semmle.label | url.par ... ).query |
-| TaintedPath.js:84:13:84:47 | url.par ... ry.path | semmle.label | url.par ... ry.path |
-| TaintedPath.js:84:23:84:29 | req.url | semmle.label | req.url |
-| TaintedPath.js:86:28:86:48 | fs.real ... c(path) | semmle.label | fs.real ... c(path) |
-| TaintedPath.js:86:44:86:47 | path | semmle.label | path |
-| TaintedPath.js:87:14:87:17 | path | semmle.label | path |
-| TaintedPath.js:88:32:88:39 | realpath | semmle.label | realpath |
-| TaintedPath.js:89:45:89:52 | realpath | semmle.label | realpath |
-| TaintedPath.js:120:6:120:47 | path | semmle.label | path |
-| TaintedPath.js:120:13:120:36 | url.par ... , true) | semmle.label | url.par ... , true) |
-| TaintedPath.js:120:13:120:42 | url.par ... ).query | semmle.label | url.par ... ).query |
-| TaintedPath.js:120:13:120:47 | url.par ... ry.path | semmle.label | url.par ... ry.path |
-| TaintedPath.js:120:23:120:29 | req.url | semmle.label | req.url |
-| TaintedPath.js:122:23:122:26 | path | semmle.label | path |
-| TaintedPath.js:126:7:126:48 | path | semmle.label | path |
-| TaintedPath.js:126:14:126:37 | url.par ... , true) | semmle.label | url.par ... , true) |
-| TaintedPath.js:126:14:126:43 | url.par ... ).query | semmle.label | url.par ... ).query |
-| TaintedPath.js:126:14:126:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
-| TaintedPath.js:126:24:126:30 | req.url | semmle.label | req.url |
-| TaintedPath.js:128:19:128:22 | path | semmle.label | path |
-| TaintedPath.js:130:7:130:29 | split | semmle.label | split |
-| TaintedPath.js:130:15:130:18 | path | semmle.label | path |
-| TaintedPath.js:130:15:130:29 | path.split("/") | semmle.label | path.split("/") |
-| TaintedPath.js:132:19:132:23 | split | semmle.label | split |
-| TaintedPath.js:132:19:132:33 | split.join("/") | semmle.label | split.join("/") |
-| TaintedPath.js:136:19:136:23 | split | semmle.label | split |
-| TaintedPath.js:136:19:136:26 | split[x] | semmle.label | split[x] |
-| TaintedPath.js:137:19:137:35 | prefix + split[x] | semmle.label | prefix + split[x] |
-| TaintedPath.js:137:28:137:32 | split | semmle.label | split |
-| TaintedPath.js:137:28:137:35 | split[x] | semmle.label | split[x] |
-| TaintedPath.js:139:7:139:38 | concatted | semmle.label | concatted |
-| TaintedPath.js:139:19:139:38 | prefix.concat(split) | semmle.label | prefix.concat(split) |
-| TaintedPath.js:139:33:139:37 | split | semmle.label | split |
-| TaintedPath.js:140:19:140:27 | concatted | semmle.label | concatted |
-| TaintedPath.js:140:19:140:37 | concatted.join("/") | semmle.label | concatted.join("/") |
-| TaintedPath.js:142:7:142:39 | concatted2 | semmle.label | concatted2 |
-| TaintedPath.js:142:20:142:24 | split | semmle.label | split |
-| TaintedPath.js:142:20:142:39 | split.concat(prefix) | semmle.label | split.concat(prefix) |
-| TaintedPath.js:143:19:143:28 | concatted2 | semmle.label | concatted2 |
-| TaintedPath.js:143:19:143:38 | concatted2.join("/") | semmle.label | concatted2.join("/") |
-| TaintedPath.js:145:19:145:23 | split | semmle.label | split |
-| TaintedPath.js:145:19:145:29 | split.pop() | semmle.label | split.pop() |
-| TaintedPath.js:150:7:150:48 | path | semmle.label | path |
-| TaintedPath.js:150:14:150:37 | url.par ... , true) | semmle.label | url.par ... , true) |
-| TaintedPath.js:150:14:150:43 | url.par ... ).query | semmle.label | url.par ... ).query |
-| TaintedPath.js:150:14:150:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
-| TaintedPath.js:150:24:150:30 | req.url | semmle.label | req.url |
-| TaintedPath.js:154:29:154:32 | path | semmle.label | path |
-| TaintedPath.js:154:29:154:55 | path.re ... /g, '') | semmle.label | path.re ... /g, '') |
-| TaintedPath.js:160:29:160:32 | path | semmle.label | path |
-| TaintedPath.js:160:29:160:52 | path.re ... /g, '') | semmle.label | path.re ... /g, '') |
-| TaintedPath.js:161:29:161:32 | path | semmle.label | path |
-| TaintedPath.js:161:29:161:53 | path.re ... /g, '') | semmle.label | path.re ... /g, '') |
-| TaintedPath.js:162:29:162:32 | path | semmle.label | path |
-| TaintedPath.js:162:29:162:51 | path.re ... /g, '') | semmle.label | path.re ... /g, '') |
-| TaintedPath.js:163:29:163:32 | path | semmle.label | path |
-| TaintedPath.js:163:29:163:57 | path.re ... /g, '') | semmle.label | path.re ... /g, '') |
-| TaintedPath.js:178:29:178:73 | "prefix ... +/, '') | semmle.label | "prefix ... +/, '') |
-| TaintedPath.js:178:40:178:43 | path | semmle.label | path |
-| TaintedPath.js:178:40:178:73 | path.re ... +/, '') | semmle.label | path.re ... +/, '') |
-| TaintedPath.js:179:29:179:54 | pathMod ... e(path) | semmle.label | pathMod ... e(path) |
-| TaintedPath.js:179:29:179:84 | pathMod ... +/, '') | semmle.label | pathMod ... +/, '') |
-| TaintedPath.js:179:50:179:53 | path | semmle.label | path |
-| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | semmle.label | qs.parse(req.url) |
-| TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | semmle.label | qs.pars ... rl).foo |
-| TaintedPath.js:187:38:187:44 | req.url | semmle.label | req.url |
-| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | semmle.label | qs.pars ... q.url)) |
-| TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | semmle.label | qs.pars ... l)).foo |
-| TaintedPath.js:188:38:188:58 | normali ... eq.url) | semmle.label | normali ... eq.url) |
-| TaintedPath.js:188:51:188:57 | req.url | semmle.label | req.url |
-| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | semmle.label | parseqs ... eq.url) |
-| TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | semmle.label | parseqs ... rl).foo |
-| TaintedPath.js:190:44:190:50 | req.url | semmle.label | req.url |
-| TaintedPath.js:195:7:195:48 | path | semmle.label | path |
-| TaintedPath.js:195:14:195:37 | url.par ... , true) | semmle.label | url.par ... , true) |
-| TaintedPath.js:195:14:195:43 | url.par ... ).query | semmle.label | url.par ... ).query |
-| TaintedPath.js:195:14:195:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
-| TaintedPath.js:195:24:195:30 | req.url | semmle.label | req.url |
-| TaintedPath.js:196:31:196:34 | path | semmle.label | path |
-| TaintedPath.js:197:45:197:48 | path | semmle.label | path |
-| TaintedPath.js:198:35:198:38 | path | semmle.label | path |
-| TaintedPath.js:202:7:202:48 | path | semmle.label | path |
-| TaintedPath.js:202:14:202:37 | url.par ... , true) | semmle.label | url.par ... , true) |
-| TaintedPath.js:202:14:202:43 | url.par ... ).query | semmle.label | url.par ... ).query |
-| TaintedPath.js:202:14:202:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
-| TaintedPath.js:202:24:202:30 | req.url | semmle.label | req.url |
-| TaintedPath.js:206:29:206:32 | path | semmle.label | path |
-| TaintedPath.js:206:29:206:85 | path.re ... '), '') | semmle.label | path.re ... '), '') |
-| TaintedPath.js:211:7:211:48 | path | semmle.label | path |
-| TaintedPath.js:211:14:211:37 | url.par ... , true) | semmle.label | url.par ... , true) |
-| TaintedPath.js:211:14:211:43 | url.par ... ).query | semmle.label | url.par ... ).query |
-| TaintedPath.js:211:14:211:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
-| TaintedPath.js:211:24:211:30 | req.url | semmle.label | req.url |
-| TaintedPath.js:213:29:213:32 | path | semmle.label | path |
-| TaintedPath.js:213:29:213:68 | path.re ... '), '') | semmle.label | path.re ... '), '') |
-| TaintedPath.js:216:31:216:34 | path | semmle.label | path |
-| TaintedPath.js:216:31:216:69 | path.re ... '), '') | semmle.label | path.re ... '), '') |
-| examples/TaintedPath.js:8:7:8:52 | filePath | semmle.label | filePath |
-| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | semmle.label | url.par ... , true) |
-| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | semmle.label | url.par ... ).query |
-| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | semmle.label | url.par ... ry.path |
-| examples/TaintedPath.js:8:28:8:34 | req.url | semmle.label | req.url |
-| examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | semmle.label | ROOT + filePath |
-| examples/TaintedPath.js:11:36:11:43 | filePath | semmle.label | filePath |
-| express.js:8:20:8:32 | req.query.bar | semmle.label | req.query.bar |
-| handlebars.js:10:51:10:58 | filePath | semmle.label | filePath |
-| handlebars.js:11:32:11:39 | filePath | semmle.label | filePath |
-| handlebars.js:13:73:13:80 | filePath | semmle.label | filePath |
-| handlebars.js:15:25:15:32 | filePath | semmle.label | filePath |
-| handlebars.js:29:46:29:60 | req.params.path | semmle.label | req.params.path |
-| handlebars.js:43:15:43:29 | req.params.path | semmle.label | req.params.path |
-| normalizedPaths.js:11:7:11:27 | path | semmle.label | path |
-| normalizedPaths.js:11:14:11:27 | req.query.path | semmle.label | req.query.path |
-| normalizedPaths.js:13:19:13:22 | path | semmle.label | path |
-| normalizedPaths.js:14:19:14:29 | './' + path | semmle.label | './' + path |
-| normalizedPaths.js:14:26:14:29 | path | semmle.label | path |
-| normalizedPaths.js:15:19:15:22 | path | semmle.label | path |
-| normalizedPaths.js:15:19:15:38 | path + '/index.html' | semmle.label | path + '/index.html' |
-| normalizedPaths.js:16:19:16:53 | pathMod ... .html') | semmle.label | pathMod ... .html') |
-| normalizedPaths.js:16:35:16:38 | path | semmle.label | path |
-| normalizedPaths.js:17:19:17:57 | pathMod ... , path) | semmle.label | pathMod ... , path) |
-| normalizedPaths.js:17:53:17:56 | path | semmle.label | path |
-| normalizedPaths.js:21:7:21:49 | path | semmle.label | path |
-| normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) |
-| normalizedPaths.js:21:35:21:48 | req.query.path | semmle.label | req.query.path |
-| normalizedPaths.js:23:19:23:22 | path | semmle.label | path |
-| normalizedPaths.js:24:19:24:29 | './' + path | semmle.label | './' + path |
-| normalizedPaths.js:24:26:24:29 | path | semmle.label | path |
-| normalizedPaths.js:25:19:25:22 | path | semmle.label | path |
-| normalizedPaths.js:25:19:25:38 | path + '/index.html' | semmle.label | path + '/index.html' |
-| normalizedPaths.js:26:19:26:53 | pathMod ... .html') | semmle.label | pathMod ... .html') |
-| normalizedPaths.js:26:35:26:38 | path | semmle.label | path |
-| normalizedPaths.js:27:19:27:57 | pathMod ... , path) | semmle.label | pathMod ... , path) |
-| normalizedPaths.js:27:53:27:56 | path | semmle.label | path |
-| normalizedPaths.js:31:7:31:49 | path | semmle.label | path |
-| normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) |
-| normalizedPaths.js:31:35:31:48 | req.query.path | semmle.label | req.query.path |
-| normalizedPaths.js:36:19:36:22 | path | semmle.label | path |
-| normalizedPaths.js:41:21:41:24 | path | semmle.label | path |
-| normalizedPaths.js:54:7:54:49 | path | semmle.label | path |
-| normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) |
-| normalizedPaths.js:54:35:54:48 | req.query.path | semmle.label | req.query.path |
-| normalizedPaths.js:59:19:59:22 | path | semmle.label | path |
-| normalizedPaths.js:63:19:63:22 | path | semmle.label | path |
-| normalizedPaths.js:63:19:63:38 | path + "/index.html" | semmle.label | path + "/index.html" |
-| normalizedPaths.js:68:21:68:24 | path | semmle.label | path |
-| normalizedPaths.js:73:7:73:56 | path | semmle.label | path |
-| normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | semmle.label | pathMod ... y.path) |
-| normalizedPaths.js:73:35:73:55 | './' +  ... ry.path | semmle.label | './' +  ... ry.path |
-| normalizedPaths.js:73:42:73:55 | req.query.path | semmle.label | req.query.path |
-| normalizedPaths.js:78:22:78:25 | path | semmle.label | path |
-| normalizedPaths.js:82:7:82:27 | path | semmle.label | path |
-| normalizedPaths.js:82:14:82:27 | req.query.path | semmle.label | req.query.path |
-| normalizedPaths.js:87:29:87:32 | path | semmle.label | path |
-| normalizedPaths.js:90:31:90:34 | path | semmle.label | path |
-| normalizedPaths.js:94:7:94:49 | path | semmle.label | path |
-| normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) |
-| normalizedPaths.js:94:35:94:48 | req.query.path | semmle.label | req.query.path |
-| normalizedPaths.js:99:29:99:32 | path | semmle.label | path |
-| normalizedPaths.js:117:7:117:44 | path | semmle.label | path |
-| normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | semmle.label | fs.real ... y.path) |
-| normalizedPaths.js:117:30:117:43 | req.query.path | semmle.label | req.query.path |
-| normalizedPaths.js:119:19:119:22 | path | semmle.label | path |
-| normalizedPaths.js:120:19:120:53 | pathMod ... .html') | semmle.label | pathMod ... .html') |
-| normalizedPaths.js:120:35:120:38 | path | semmle.label | path |
-| normalizedPaths.js:130:7:130:49 | path | semmle.label | path |
-| normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) |
-| normalizedPaths.js:130:35:130:48 | req.query.path | semmle.label | req.query.path |
-| normalizedPaths.js:135:21:135:24 | path | semmle.label | path |
-| normalizedPaths.js:139:7:139:62 | path | semmle.label | path |
-| normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | semmle.label | pathMod ... y.path) |
-| normalizedPaths.js:139:48:139:61 | req.query.path | semmle.label | req.query.path |
-| normalizedPaths.js:144:21:144:24 | path | semmle.label | path |
-| normalizedPaths.js:148:7:148:58 | path | semmle.label | path |
-| normalizedPaths.js:148:14:148:58 | 'foo/'  ... y.path) | semmle.label | 'foo/'  ... y.path) |
-| normalizedPaths.js:148:23:148:58 | pathMod ... y.path) | semmle.label | pathMod ... y.path) |
-| normalizedPaths.js:148:44:148:57 | req.query.path | semmle.label | req.query.path |
-| normalizedPaths.js:151:21:151:24 | path | semmle.label | path |
-| normalizedPaths.js:153:21:153:24 | path | semmle.label | path |
-| normalizedPaths.js:160:7:160:49 | path | semmle.label | path |
-| normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) |
-| normalizedPaths.js:160:35:160:48 | req.query.path | semmle.label | req.query.path |
-| normalizedPaths.js:165:19:165:22 | path | semmle.label | path |
-| normalizedPaths.js:170:21:170:24 | path | semmle.label | path |
-| normalizedPaths.js:174:7:174:27 | path | semmle.label | path |
-| normalizedPaths.js:174:14:174:27 | req.query.path | semmle.label | req.query.path |
-| normalizedPaths.js:184:19:184:22 | path | semmle.label | path |
-| normalizedPaths.js:187:21:187:24 | path | semmle.label | path |
-| normalizedPaths.js:189:21:189:24 | path | semmle.label | path |
-| normalizedPaths.js:192:21:192:24 | path | semmle.label | path |
-| normalizedPaths.js:194:21:194:24 | path | semmle.label | path |
-| normalizedPaths.js:199:21:199:24 | path | semmle.label | path |
-| normalizedPaths.js:201:7:201:49 | normalizedPath | semmle.label | normalizedPath |
-| normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | semmle.label | pathMod ... e(path) |
-| normalizedPaths.js:201:45:201:48 | path | semmle.label | path |
-| normalizedPaths.js:205:21:205:34 | normalizedPath | semmle.label | normalizedPath |
-| normalizedPaths.js:208:21:208:34 | normalizedPath | semmle.label | normalizedPath |
-| normalizedPaths.js:210:21:210:34 | normalizedPath | semmle.label | normalizedPath |
-| normalizedPaths.js:214:7:214:49 | path | semmle.label | path |
-| normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) |
-| normalizedPaths.js:214:35:214:48 | req.query.path | semmle.label | req.query.path |
-| normalizedPaths.js:219:3:219:33 | path | semmle.label | path |
-| normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | semmle.label | decodeU ... t(path) |
-| normalizedPaths.js:219:29:219:32 | path | semmle.label | path |
-| normalizedPaths.js:222:21:222:24 | path | semmle.label | path |
-| normalizedPaths.js:226:7:226:70 | path | semmle.label | path |
-| normalizedPaths.js:226:14:226:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) |
-| normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | semmle.label | pathMod ... g, ' ') |
-| normalizedPaths.js:226:35:226:48 | req.query.path | semmle.label | req.query.path |
-| normalizedPaths.js:228:21:228:24 | path | semmle.label | path |
-| normalizedPaths.js:236:7:236:47 | path | semmle.label | path |
-| normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | semmle.label | pathMod ... y.path) |
-| normalizedPaths.js:236:33:236:46 | req.query.path | semmle.label | req.query.path |
-| normalizedPaths.js:238:19:238:22 | path | semmle.label | path |
-| normalizedPaths.js:245:21:245:24 | path | semmle.label | path |
-| normalizedPaths.js:250:21:250:24 | path | semmle.label | path |
-| normalizedPaths.js:254:7:254:47 | path | semmle.label | path |
-| normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | semmle.label | pathMod ... y.path) |
-| normalizedPaths.js:254:33:254:46 | req.query.path | semmle.label | req.query.path |
-| normalizedPaths.js:256:19:256:22 | path | semmle.label | path |
-| normalizedPaths.js:262:21:262:24 | path | semmle.label | path |
-| normalizedPaths.js:267:7:267:42 | newpath | semmle.label | newpath |
-| normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | semmle.label | pathMod ... e(path) |
-| normalizedPaths.js:267:38:267:41 | path | semmle.label | path |
-| normalizedPaths.js:270:21:270:27 | newpath | semmle.label | newpath |
-| normalizedPaths.js:275:7:275:42 | newpath | semmle.label | newpath |
-| normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | semmle.label | pathMod ... e(path) |
-| normalizedPaths.js:275:38:275:41 | path | semmle.label | path |
-| normalizedPaths.js:278:21:278:27 | newpath | semmle.label | newpath |
-| normalizedPaths.js:283:7:283:42 | newpath | semmle.label | newpath |
-| normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | semmle.label | pathMod ... e(path) |
-| normalizedPaths.js:283:38:283:41 | path | semmle.label | path |
-| normalizedPaths.js:286:21:286:27 | newpath | semmle.label | newpath |
-| normalizedPaths.js:291:7:291:42 | newpath | semmle.label | newpath |
-| normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | semmle.label | pathMod ... e(path) |
-| normalizedPaths.js:291:38:291:41 | path | semmle.label | path |
-| normalizedPaths.js:296:21:296:27 | newpath | semmle.label | newpath |
-| normalizedPaths.js:303:6:303:26 | path | semmle.label | path |
-| normalizedPaths.js:303:13:303:26 | req.query.path | semmle.label | req.query.path |
-| normalizedPaths.js:304:18:304:21 | path | semmle.label | path |
-| normalizedPaths.js:309:19:309:22 | path | semmle.label | path |
-| normalizedPaths.js:313:19:313:22 | path | semmle.label | path |
-| normalizedPaths.js:316:19:316:22 | path | semmle.label | path |
-| normalizedPaths.js:320:6:320:49 | normalizedPath | semmle.label | normalizedPath |
-| normalizedPaths.js:320:23:320:49 | pathMod ... , path) | semmle.label | pathMod ... , path) |
-| normalizedPaths.js:320:45:320:48 | path | semmle.label | path |
-| normalizedPaths.js:325:19:325:32 | normalizedPath | semmle.label | normalizedPath |
-| normalizedPaths.js:332:19:332:32 | normalizedPath | semmle.label | normalizedPath |
-| normalizedPaths.js:339:6:339:46 | path | semmle.label | path |
-| normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | semmle.label | pathMod ... y.path) |
-| normalizedPaths.js:339:32:339:45 | req.query.path | semmle.label | req.query.path |
-| normalizedPaths.js:341:18:341:21 | path | semmle.label | path |
-| normalizedPaths.js:346:19:346:22 | path | semmle.label | path |
-| normalizedPaths.js:354:7:354:27 | path | semmle.label | path |
-| normalizedPaths.js:354:14:354:27 | req.query.path | semmle.label | req.query.path |
-| normalizedPaths.js:356:19:356:22 | path | semmle.label | path |
-| normalizedPaths.js:358:7:358:51 | requestPath | semmle.label | requestPath |
-| normalizedPaths.js:358:21:358:51 | pathMod ... , path) | semmle.label | pathMod ... , path) |
-| normalizedPaths.js:358:47:358:50 | path | semmle.label | path |
-| normalizedPaths.js:363:21:363:31 | requestPath | semmle.label | requestPath |
-| normalizedPaths.js:377:7:377:27 | path | semmle.label | path |
-| normalizedPaths.js:377:14:377:27 | req.query.path | semmle.label | req.query.path |
-| normalizedPaths.js:379:19:379:22 | path | semmle.label | path |
-| normalizedPaths.js:381:19:381:29 | slash(path) | semmle.label | slash(path) |
-| normalizedPaths.js:381:25:381:28 | path | semmle.label | path |
-| normalizedPaths.js:385:7:385:46 | path | semmle.label | path |
-| normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | semmle.label | pathMod ... uery.x) |
-| normalizedPaths.js:385:35:385:45 | req.query.x | semmle.label | req.query.x |
-| normalizedPaths.js:388:19:388:22 | path | semmle.label | path |
-| normalizedPaths.js:399:21:399:24 | path | semmle.label | path |
-| normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | semmle.label | pathMod ... t('/')) |
-| normalizedPaths.js:407:45:407:55 | req.query.x | semmle.label | req.query.x |
-| normalizedPaths.js:407:45:407:66 | req.que ... it('/') | semmle.label | req.que ... it('/') |
-| normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | semmle.label | pathMod ... t('/')) |
-| normalizedPaths.js:408:38:408:48 | req.query.x | semmle.label | req.query.x |
-| normalizedPaths.js:408:38:408:59 | req.que ... it('/') | semmle.label | req.que ... it('/') |
-| normalizedPaths.js:412:7:412:46 | path | semmle.label | path |
-| normalizedPaths.js:412:14:412:46 | pathMod ... uery.x) | semmle.label | pathMod ... uery.x) |
-| normalizedPaths.js:412:35:412:45 | req.query.x | semmle.label | req.query.x |
-| normalizedPaths.js:415:19:415:22 | path | semmle.label | path |
-| normalizedPaths.js:426:21:426:24 | path | semmle.label | path |
-| other-fs-libraries.js:9:7:9:48 | path | semmle.label | path |
-| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | semmle.label | url.par ... , true) |
-| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | semmle.label | url.par ... ).query |
-| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
-| other-fs-libraries.js:9:24:9:30 | req.url | semmle.label | req.url |
-| other-fs-libraries.js:11:19:11:22 | path | semmle.label | path |
-| other-fs-libraries.js:12:27:12:30 | path | semmle.label | path |
-| other-fs-libraries.js:13:24:13:27 | path | semmle.label | path |
-| other-fs-libraries.js:14:27:14:30 | path | semmle.label | path |
-| other-fs-libraries.js:16:34:16:37 | path | semmle.label | path |
-| other-fs-libraries.js:17:35:17:38 | path | semmle.label | path |
-| other-fs-libraries.js:19:56:19:59 | path | semmle.label | path |
-| other-fs-libraries.js:24:35:24:38 | path | semmle.label | path |
-| other-fs-libraries.js:38:7:38:48 | path | semmle.label | path |
-| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | semmle.label | url.par ... , true) |
-| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | semmle.label | url.par ... ).query |
-| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
-| other-fs-libraries.js:38:24:38:30 | req.url | semmle.label | req.url |
-| other-fs-libraries.js:40:35:40:38 | path | semmle.label | path |
-| other-fs-libraries.js:41:50:41:53 | path | semmle.label | path |
-| other-fs-libraries.js:42:53:42:56 | path | semmle.label | path |
-| other-fs-libraries.js:49:7:49:48 | path | semmle.label | path |
-| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | semmle.label | url.par ... , true) |
-| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | semmle.label | url.par ... ).query |
-| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
-| other-fs-libraries.js:49:24:49:30 | req.url | semmle.label | req.url |
-| other-fs-libraries.js:51:19:51:22 | path | semmle.label | path |
-| other-fs-libraries.js:52:24:52:27 | path | semmle.label | path |
-| other-fs-libraries.js:54:36:54:39 | path | semmle.label | path |
-| other-fs-libraries.js:55:36:55:39 | path | semmle.label | path |
-| other-fs-libraries.js:57:46:57:49 | path | semmle.label | path |
-| other-fs-libraries.js:59:39:59:42 | path | semmle.label | path |
-| other-fs-libraries.js:62:43:62:46 | path | semmle.label | path |
-| other-fs-libraries.js:63:51:63:54 | path | semmle.label | path |
-| other-fs-libraries.js:68:7:68:48 | path | semmle.label | path |
-| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | semmle.label | url.par ... , true) |
-| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | semmle.label | url.par ... ).query |
-| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
-| other-fs-libraries.js:68:24:68:30 | req.url | semmle.label | req.url |
-| other-fs-libraries.js:70:19:70:22 | path | semmle.label | path |
-| other-fs-libraries.js:71:10:71:13 | path | semmle.label | path |
-| other-fs-libraries.js:72:15:72:18 | path | semmle.label | path |
-| other-fs-libraries.js:73:8:73:11 | path | semmle.label | path |
-| other-fs-libraries.js:75:15:75:15 | x | semmle.label | x |
-| other-fs-libraries.js:76:19:76:19 | x | semmle.label | x |
-| other-fs-libraries.js:81:7:81:48 | path | semmle.label | path |
-| other-fs-libraries.js:81:14:81:37 | url.par ... , true) | semmle.label | url.par ... , true) |
-| other-fs-libraries.js:81:14:81:43 | url.par ... ).query | semmle.label | url.par ... ).query |
-| other-fs-libraries.js:81:14:81:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
-| other-fs-libraries.js:81:24:81:30 | req.url | semmle.label | req.url |
-| other-fs-libraries.js:83:16:83:19 | path | semmle.label | path |
-| prettier.js:6:11:6:28 | p | semmle.label | p |
-| prettier.js:6:13:6:13 | p | semmle.label | p |
-| prettier.js:7:28:7:28 | p | semmle.label | p |
-| prettier.js:11:44:11:44 | p | semmle.label | p |
-| pupeteer.js:5:9:5:71 | tainted | semmle.label | tainted |
-| pupeteer.js:5:19:5:71 | "dir/"  ... t.data" | semmle.label | "dir/"  ... t.data" |
-| pupeteer.js:5:28:5:53 | parseTo ... t).name | semmle.label | parseTo ... t).name |
-| pupeteer.js:9:28:9:34 | tainted | semmle.label | tainted |
-| pupeteer.js:13:37:13:43 | tainted | semmle.label | tainted |
-| sharedlib-repro.js:13:22:13:43 | req.par ... spaceId | semmle.label | req.par ... spaceId |
-| sharedlib-repro.js:21:27:21:34 | filepath | semmle.label | filepath |
-| sharedlib-repro.js:22:18:22:25 | filepath | semmle.label | filepath |
-| tainted-access-paths.js:6:7:6:48 | path | semmle.label | path |
-| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | semmle.label | url.par ... , true) |
-| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | semmle.label | url.par ... ).query |
-| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
-| tainted-access-paths.js:6:24:6:30 | req.url | semmle.label | req.url |
-| tainted-access-paths.js:8:19:8:22 | path | semmle.label | path |
-| tainted-access-paths.js:10:7:10:36 | obj | semmle.label | obj |
-| tainted-access-paths.js:10:33:10:36 | path | semmle.label | path |
-| tainted-access-paths.js:12:19:12:21 | obj | semmle.label | obj |
-| tainted-access-paths.js:12:19:12:25 | obj.sub | semmle.label | obj.sub |
-| tainted-access-paths.js:26:19:26:21 | obj | semmle.label | obj |
-| tainted-access-paths.js:26:19:26:26 | obj.sub3 | semmle.label | obj.sub3 |
-| tainted-access-paths.js:29:21:29:23 | obj | semmle.label | obj |
-| tainted-access-paths.js:29:21:29:28 | obj.sub4 | semmle.label | obj.sub4 |
-| tainted-access-paths.js:30:23:30:25 | obj | semmle.label | obj |
-| tainted-access-paths.js:30:23:30:30 | obj.sub4 | semmle.label | obj.sub4 |
-| tainted-access-paths.js:31:23:31:25 | obj | semmle.label | obj |
-| tainted-access-paths.js:31:23:31:30 | obj.sub4 | semmle.label | obj.sub4 |
-| tainted-access-paths.js:39:7:39:48 | path | semmle.label | path |
-| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | semmle.label | url.par ... , true) |
-| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | semmle.label | url.par ... ).query |
-| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
-| tainted-access-paths.js:39:24:39:30 | req.url | semmle.label | req.url |
-| tainted-access-paths.js:40:23:40:26 | path | semmle.label | path |
-| tainted-access-paths.js:48:7:48:48 | path | semmle.label | path |
-| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | semmle.label | url.par ... , true) |
-| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | semmle.label | url.par ... ).query |
-| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
-| tainted-access-paths.js:48:24:48:30 | req.url | semmle.label | req.url |
-| tainted-access-paths.js:49:10:49:13 | path | semmle.label | path |
-| tainted-promise-steps.js:6:7:6:48 | path | semmle.label | path |
-| tainted-promise-steps.js:6:14:6:37 | url.par ... , true) | semmle.label | url.par ... , true) |
-| tainted-promise-steps.js:6:14:6:43 | url.par ... ).query | semmle.label | url.par ... ).query |
-| tainted-promise-steps.js:6:14:6:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
-| tainted-promise-steps.js:6:24:6:30 | req.url | semmle.label | req.url |
-| tainted-promise-steps.js:7:10:7:30 | Promise ... e(path) [PromiseValue] | semmle.label | Promise ... e(path) [PromiseValue] |
-| tainted-promise-steps.js:7:26:7:29 | path | semmle.label | path |
-| tainted-promise-steps.js:10:23:10:33 | pathPromise [PromiseValue] | semmle.label | pathPromise [PromiseValue] |
-| tainted-promise-steps.js:11:19:11:35 | await pathPromise | semmle.label | await pathPromise |
-| tainted-promise-steps.js:11:25:11:35 | pathPromise [PromiseValue] | semmle.label | pathPromise [PromiseValue] |
-| tainted-promise-steps.js:12:3:12:13 | pathPromise [PromiseValue] | semmle.label | pathPromise [PromiseValue] |
-| tainted-promise-steps.js:12:20:12:23 | path | semmle.label | path |
-| tainted-promise-steps.js:12:44:12:47 | path | semmle.label | path |
-| tainted-require.js:7:19:7:37 | req.param("module") | semmle.label | req.param("module") |
-| tainted-require.js:12:29:12:47 | req.param("module") | semmle.label | req.param("module") |
-| tainted-require.js:14:11:14:29 | req.param("module") | semmle.label | req.param("module") |
-| tainted-sendFile.js:8:16:8:33 | req.param("gimme") | semmle.label | req.param("gimme") |
-| tainted-sendFile.js:10:16:10:33 | req.param("gimme") | semmle.label | req.param("gimme") |
-| tainted-sendFile.js:18:43:18:58 | req.param("dir") | semmle.label | req.param("dir") |
-| tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | semmle.label | path.re ... rams.x) |
-| tainted-sendFile.js:24:37:24:48 | req.params.x | semmle.label | req.params.x |
-| tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | semmle.label | path.jo ... rams.x) |
-| tainted-sendFile.js:25:34:25:45 | req.params.x | semmle.label | req.params.x |
-| tainted-string-steps.js:6:7:6:48 | path | semmle.label | path |
-| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | semmle.label | url.par ... , true) |
-| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | semmle.label | url.par ... ).query |
-| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
-| tainted-string-steps.js:6:24:6:30 | req.url | semmle.label | req.url |
-| tainted-string-steps.js:8:18:8:21 | path | semmle.label | path |
-| tainted-string-steps.js:8:18:8:34 | path.substring(4) | semmle.label | path.substring(4) |
-| tainted-string-steps.js:9:18:9:21 | path | semmle.label | path |
-| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | semmle.label | path.substring(0, i) |
-| tainted-string-steps.js:10:18:10:21 | path | semmle.label | path |
-| tainted-string-steps.js:10:18:10:31 | path.substr(4) | semmle.label | path.substr(4) |
-| tainted-string-steps.js:11:18:11:21 | path | semmle.label | path |
-| tainted-string-steps.js:11:18:11:30 | path.slice(4) | semmle.label | path.slice(4) |
-| tainted-string-steps.js:13:18:13:21 | path | semmle.label | path |
-| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | semmle.label | path.concat(unknown) |
-| tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | semmle.label | unknown.concat(path) |
-| tainted-string-steps.js:14:33:14:36 | path | semmle.label | path |
-| tainted-string-steps.js:15:18:15:46 | unknown ... , path) | semmle.label | unknown ... , path) |
-| tainted-string-steps.js:15:42:15:45 | path | semmle.label | path |
-| tainted-string-steps.js:17:18:17:21 | path | semmle.label | path |
-| tainted-string-steps.js:17:18:17:28 | path.trim() | semmle.label | path.trim() |
-| tainted-string-steps.js:18:18:18:21 | path | semmle.label | path |
-| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | semmle.label | path.toLowerCase() |
-| tainted-string-steps.js:22:18:22:21 | path | semmle.label | path |
-| tainted-string-steps.js:22:18:22:32 | path.split('/') | semmle.label | path.split('/') |
-| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | semmle.label | path.split('/')[i] |
-| tainted-string-steps.js:23:18:23:21 | path | semmle.label | path |
-| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | semmle.label | path.split(/\\//) |
-| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | semmle.label | path.split(/\\//)[i] |
-| tainted-string-steps.js:24:18:24:21 | path | semmle.label | path |
-| tainted-string-steps.js:24:18:24:32 | path.split("?") | semmle.label | path.split("?") |
-| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | semmle.label | path.split("?")[0] |
-| tainted-string-steps.js:26:18:26:21 | path | semmle.label | path |
-| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | semmle.label | path.split(unknown) |
-| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | semmle.label | path.sp ... hatever |
-| tainted-string-steps.js:27:18:27:21 | path | semmle.label | path |
-| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | semmle.label | path.split(unknown) |
-| torrents.js:5:6:5:38 | name | semmle.label | name |
-| torrents.js:5:13:5:38 | parseTo ... t).name | semmle.label | parseTo ... t).name |
-| torrents.js:6:6:6:45 | loc | semmle.label | loc |
-| torrents.js:6:12:6:45 | dir + " ... t.data" | semmle.label | dir + " ... t.data" |
-| torrents.js:6:24:6:27 | name | semmle.label | name |
-| torrents.js:7:25:7:27 | loc | semmle.label | loc |
-| typescript.ts:9:7:9:48 | path | semmle.label | path |
-| typescript.ts:9:14:9:37 | url.par ... , true) | semmle.label | url.par ... , true) |
-| typescript.ts:9:14:9:43 | url.par ... ).query | semmle.label | url.par ... ).query |
-| typescript.ts:9:14:9:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
-| typescript.ts:9:24:9:30 | req.url | semmle.label | req.url |
-| typescript.ts:12:29:12:32 | path | semmle.label | path |
-| typescript.ts:20:7:20:18 | path3 | semmle.label | path3 |
-| typescript.ts:20:15:20:18 | path | semmle.label | path |
-| typescript.ts:21:39:21:43 | path3 | semmle.label | path3 |
-| typescript.ts:23:7:23:18 | path4 | semmle.label | path4 |
-| typescript.ts:23:15:23:18 | path | semmle.label | path |
-| typescript.ts:24:39:24:43 | path4 | semmle.label | path4 |
-| typescript.ts:30:7:30:18 | path6 | semmle.label | path6 |
-| typescript.ts:30:15:30:18 | path | semmle.label | path |
-| typescript.ts:32:29:32:33 | path6 | semmle.label | path6 |
-| views.js:1:43:1:55 | req.params[0] | semmle.label | req.params[0] |
+#select
+| TaintedPath-es6.js:9:26:9:45 | join("public", path) | TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:9:26:9:45 | join("public", path) | This path depends on a $@. | TaintedPath-es6.js:7:20:7:26 | req.url | user-provided value |
+| TaintedPath.js:11:29:11:32 | path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:11:29:11:32 | path | This path depends on a $@. | TaintedPath.js:9:24:9:30 | req.url | user-provided value |
+| TaintedPath.js:13:29:13:48 | "/home/user/" + path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:13:29:13:48 | "/home/user/" + path | This path depends on a $@. | TaintedPath.js:9:24:9:30 | req.url | user-provided value |
+| TaintedPath.js:16:33:16:36 | path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:16:33:16:36 | path | This path depends on a $@. | TaintedPath.js:9:24:9:30 | req.url | user-provided value |
+| TaintedPath.js:19:33:19:36 | path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:19:33:19:36 | path | This path depends on a $@. | TaintedPath.js:9:24:9:30 | req.url | user-provided value |
+| TaintedPath.js:22:33:22:36 | path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:22:33:22:36 | path | This path depends on a $@. | TaintedPath.js:9:24:9:30 | req.url | user-provided value |
+| TaintedPath.js:31:31:31:34 | path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:31:31:31:34 | path | This path depends on a $@. | TaintedPath.js:9:24:9:30 | req.url | user-provided value |
+| TaintedPath.js:39:29:39:52 | pathMod ... e(path) | TaintedPath.js:36:20:36:26 | req.url | TaintedPath.js:39:29:39:52 | pathMod ... e(path) | This path depends on a $@. | TaintedPath.js:36:20:36:26 | req.url | user-provided value |
+| TaintedPath.js:42:29:42:49 | pathMod ... n(path) | TaintedPath.js:36:20:36:26 | req.url | TaintedPath.js:42:29:42:49 | pathMod ... n(path) | This path depends on a $@. | TaintedPath.js:36:20:36:26 | req.url | user-provided value |
+| TaintedPath.js:43:29:43:58 | pathMod ... ath, z) | TaintedPath.js:36:20:36:26 | req.url | TaintedPath.js:43:29:43:58 | pathMod ... ath, z) | This path depends on a $@. | TaintedPath.js:36:20:36:26 | req.url | user-provided value |
+| TaintedPath.js:44:29:44:54 | pathMod ... e(path) | TaintedPath.js:36:20:36:26 | req.url | TaintedPath.js:44:29:44:54 | pathMod ... e(path) | This path depends on a $@. | TaintedPath.js:36:20:36:26 | req.url | user-provided value |
+| TaintedPath.js:45:29:45:56 | pathMod ... , path) | TaintedPath.js:36:20:36:26 | req.url | TaintedPath.js:45:29:45:56 | pathMod ... , path) | This path depends on a $@. | TaintedPath.js:36:20:36:26 | req.url | user-provided value |
+| TaintedPath.js:46:29:46:56 | pathMod ... ath, x) | TaintedPath.js:36:20:36:26 | req.url | TaintedPath.js:46:29:46:56 | pathMod ... ath, x) | This path depends on a $@. | TaintedPath.js:36:20:36:26 | req.url | user-provided value |
+| TaintedPath.js:47:29:47:52 | pathMod ... e(path) | TaintedPath.js:36:20:36:26 | req.url | TaintedPath.js:47:29:47:52 | pathMod ... e(path) | This path depends on a $@. | TaintedPath.js:36:20:36:26 | req.url | user-provided value |
+| TaintedPath.js:48:29:48:61 | pathMod ... ath, z) | TaintedPath.js:36:20:36:26 | req.url | TaintedPath.js:48:29:48:61 | pathMod ... ath, z) | This path depends on a $@. | TaintedPath.js:36:20:36:26 | req.url | user-provided value |
+| TaintedPath.js:49:29:49:61 | pathMod ... h(path) | TaintedPath.js:36:20:36:26 | req.url | TaintedPath.js:49:29:49:61 | pathMod ... h(path) | This path depends on a $@. | TaintedPath.js:36:20:36:26 | req.url | user-provided value |
+| TaintedPath.js:54:31:54:76 | require ... ).query | TaintedPath.js:54:63:54:69 | req.url | TaintedPath.js:54:31:54:76 | require ... ).query | This path depends on a $@. | TaintedPath.js:54:63:54:69 | req.url | user-provided value |
+| TaintedPath.js:55:31:55:74 | require ... ).query | TaintedPath.js:55:61:55:67 | req.url | TaintedPath.js:55:31:55:74 | require ... ).query | This path depends on a $@. | TaintedPath.js:55:61:55:67 | req.url | user-provided value |
+| TaintedPath.js:56:31:56:73 | require ... ).query | TaintedPath.js:56:60:56:66 | req.url | TaintedPath.js:56:31:56:73 | require ... ).query | This path depends on a $@. | TaintedPath.js:56:60:56:66 | req.url | user-provided value |
+| TaintedPath.js:64:48:64:60 | req.params[0] | TaintedPath.js:64:48:64:60 | req.params[0] | TaintedPath.js:64:48:64:60 | req.params[0] | This path depends on a $@. | TaintedPath.js:64:48:64:60 | req.params[0] | user-provided value |
+| TaintedPath.js:75:28:75:48 | fs.real ... c(path) | TaintedPath.js:73:23:73:29 | req.url | TaintedPath.js:75:28:75:48 | fs.real ... c(path) | This path depends on a $@. | TaintedPath.js:73:23:73:29 | req.url | user-provided value |
+| TaintedPath.js:78:45:78:52 | realpath | TaintedPath.js:73:23:73:29 | req.url | TaintedPath.js:78:45:78:52 | realpath | This path depends on a $@. | TaintedPath.js:73:23:73:29 | req.url | user-provided value |
+| TaintedPath.js:111:23:111:26 | path | TaintedPath.js:109:23:109:29 | req.url | TaintedPath.js:111:23:111:26 | path | This path depends on a $@. | TaintedPath.js:109:23:109:29 | req.url | user-provided value |
+| TaintedPath.js:117:19:117:22 | path | TaintedPath.js:115:24:115:30 | req.url | TaintedPath.js:117:19:117:22 | path | This path depends on a $@. | TaintedPath.js:115:24:115:30 | req.url | user-provided value |
+| TaintedPath.js:121:19:121:33 | split.join("/") | TaintedPath.js:115:24:115:30 | req.url | TaintedPath.js:121:19:121:33 | split.join("/") | This path depends on a $@. | TaintedPath.js:115:24:115:30 | req.url | user-provided value |
+| TaintedPath.js:125:19:125:26 | split[x] | TaintedPath.js:115:24:115:30 | req.url | TaintedPath.js:125:19:125:26 | split[x] | This path depends on a $@. | TaintedPath.js:115:24:115:30 | req.url | user-provided value |
+| TaintedPath.js:126:19:126:35 | prefix + split[x] | TaintedPath.js:115:24:115:30 | req.url | TaintedPath.js:126:19:126:35 | prefix + split[x] | This path depends on a $@. | TaintedPath.js:115:24:115:30 | req.url | user-provided value |
+| TaintedPath.js:129:19:129:37 | concatted.join("/") | TaintedPath.js:115:24:115:30 | req.url | TaintedPath.js:129:19:129:37 | concatted.join("/") | This path depends on a $@. | TaintedPath.js:115:24:115:30 | req.url | user-provided value |
+| TaintedPath.js:132:19:132:38 | concatted2.join("/") | TaintedPath.js:115:24:115:30 | req.url | TaintedPath.js:132:19:132:38 | concatted2.join("/") | This path depends on a $@. | TaintedPath.js:115:24:115:30 | req.url | user-provided value |
+| TaintedPath.js:134:19:134:29 | split.pop() | TaintedPath.js:115:24:115:30 | req.url | TaintedPath.js:134:19:134:29 | split.pop() | This path depends on a $@. | TaintedPath.js:115:24:115:30 | req.url | user-provided value |
+| TaintedPath.js:143:29:143:55 | path.re ... /g, '') | TaintedPath.js:139:24:139:30 | req.url | TaintedPath.js:143:29:143:55 | path.re ... /g, '') | This path depends on a $@. | TaintedPath.js:139:24:139:30 | req.url | user-provided value |
+| TaintedPath.js:149:29:149:52 | path.re ... /g, '') | TaintedPath.js:139:24:139:30 | req.url | TaintedPath.js:149:29:149:52 | path.re ... /g, '') | This path depends on a $@. | TaintedPath.js:139:24:139:30 | req.url | user-provided value |
+| TaintedPath.js:150:29:150:53 | path.re ... /g, '') | TaintedPath.js:139:24:139:30 | req.url | TaintedPath.js:150:29:150:53 | path.re ... /g, '') | This path depends on a $@. | TaintedPath.js:139:24:139:30 | req.url | user-provided value |
+| TaintedPath.js:151:29:151:51 | path.re ... /g, '') | TaintedPath.js:139:24:139:30 | req.url | TaintedPath.js:151:29:151:51 | path.re ... /g, '') | This path depends on a $@. | TaintedPath.js:139:24:139:30 | req.url | user-provided value |
+| TaintedPath.js:152:29:152:57 | path.re ... /g, '') | TaintedPath.js:139:24:139:30 | req.url | TaintedPath.js:152:29:152:57 | path.re ... /g, '') | This path depends on a $@. | TaintedPath.js:139:24:139:30 | req.url | user-provided value |
+| TaintedPath.js:167:29:167:73 | "prefix ... +/, '') | TaintedPath.js:139:24:139:30 | req.url | TaintedPath.js:167:29:167:73 | "prefix ... +/, '') | This path depends on a $@. | TaintedPath.js:139:24:139:30 | req.url | user-provided value |
+| TaintedPath.js:168:29:168:84 | pathMod ... +/, '') | TaintedPath.js:139:24:139:30 | req.url | TaintedPath.js:168:29:168:84 | pathMod ... +/, '') | This path depends on a $@. | TaintedPath.js:139:24:139:30 | req.url | user-provided value |
+| TaintedPath.js:176:29:176:49 | qs.pars ... rl).foo | TaintedPath.js:176:38:176:44 | req.url | TaintedPath.js:176:29:176:49 | qs.pars ... rl).foo | This path depends on a $@. | TaintedPath.js:176:38:176:44 | req.url | user-provided value |
+| TaintedPath.js:177:29:177:63 | qs.pars ... l)).foo | TaintedPath.js:177:51:177:57 | req.url | TaintedPath.js:177:29:177:63 | qs.pars ... l)).foo | This path depends on a $@. | TaintedPath.js:177:51:177:57 | req.url | user-provided value |
+| TaintedPath.js:179:29:179:55 | parseqs ... rl).foo | TaintedPath.js:179:44:179:50 | req.url | TaintedPath.js:179:29:179:55 | parseqs ... rl).foo | This path depends on a $@. | TaintedPath.js:179:44:179:50 | req.url | user-provided value |
+| TaintedPath.js:185:31:185:34 | path | TaintedPath.js:184:24:184:30 | req.url | TaintedPath.js:185:31:185:34 | path | This path depends on a $@. | TaintedPath.js:184:24:184:30 | req.url | user-provided value |
+| TaintedPath.js:186:45:186:48 | path | TaintedPath.js:184:24:184:30 | req.url | TaintedPath.js:186:45:186:48 | path | This path depends on a $@. | TaintedPath.js:184:24:184:30 | req.url | user-provided value |
+| TaintedPath.js:187:35:187:38 | path | TaintedPath.js:184:24:184:30 | req.url | TaintedPath.js:187:35:187:38 | path | This path depends on a $@. | TaintedPath.js:184:24:184:30 | req.url | user-provided value |
+| TaintedPath.js:195:29:195:85 | path.re ... '), '') | TaintedPath.js:191:24:191:30 | req.url | TaintedPath.js:195:29:195:85 | path.re ... '), '') | This path depends on a $@. | TaintedPath.js:191:24:191:30 | req.url | user-provided value |
+| TaintedPath.js:202:29:202:68 | path.re ... '), '') | TaintedPath.js:200:24:200:30 | req.url | TaintedPath.js:202:29:202:68 | path.re ... '), '') | This path depends on a $@. | TaintedPath.js:200:24:200:30 | req.url | user-provided value |
+| TaintedPath.js:205:31:205:69 | path.re ... '), '') | TaintedPath.js:200:24:200:30 | req.url | TaintedPath.js:205:31:205:69 | path.re ... '), '') | This path depends on a $@. | TaintedPath.js:200:24:200:30 | req.url | user-provided value |
+| examples/TaintedPath.js:10:29:10:43 | ROOT + filePath | examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:10:29:10:43 | ROOT + filePath | This path depends on a $@. | examples/TaintedPath.js:8:28:8:34 | req.url | user-provided value |
+| express.js:8:20:8:32 | req.query.bar | express.js:8:20:8:32 | req.query.bar | express.js:8:20:8:32 | req.query.bar | This path depends on a $@. | express.js:8:20:8:32 | req.query.bar | user-provided value |
+| handlebars.js:11:32:11:39 | filePath | handlebars.js:29:46:29:60 | req.params.path | handlebars.js:11:32:11:39 | filePath | This path depends on a $@. | handlebars.js:29:46:29:60 | req.params.path | user-provided value |
+| handlebars.js:15:25:15:32 | filePath | handlebars.js:43:15:43:29 | req.params.path | handlebars.js:15:25:15:32 | filePath | This path depends on a $@. | handlebars.js:43:15:43:29 | req.params.path | user-provided value |
+| normalizedPaths.js:13:19:13:22 | path | normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:13:19:13:22 | path | This path depends on a $@. | normalizedPaths.js:11:14:11:27 | req.query.path | user-provided value |
+| normalizedPaths.js:14:19:14:29 | './' + path | normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:14:19:14:29 | './' + path | This path depends on a $@. | normalizedPaths.js:11:14:11:27 | req.query.path | user-provided value |
+| normalizedPaths.js:15:19:15:38 | path + '/index.html' | normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:15:19:15:38 | path + '/index.html' | This path depends on a $@. | normalizedPaths.js:11:14:11:27 | req.query.path | user-provided value |
+| normalizedPaths.js:16:19:16:53 | pathMod ... .html') | normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:16:19:16:53 | pathMod ... .html') | This path depends on a $@. | normalizedPaths.js:11:14:11:27 | req.query.path | user-provided value |
+| normalizedPaths.js:17:19:17:57 | pathMod ... , path) | normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:17:19:17:57 | pathMod ... , path) | This path depends on a $@. | normalizedPaths.js:11:14:11:27 | req.query.path | user-provided value |
+| normalizedPaths.js:23:19:23:22 | path | normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:23:19:23:22 | path | This path depends on a $@. | normalizedPaths.js:21:35:21:48 | req.query.path | user-provided value |
+| normalizedPaths.js:24:19:24:29 | './' + path | normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:24:19:24:29 | './' + path | This path depends on a $@. | normalizedPaths.js:21:35:21:48 | req.query.path | user-provided value |
+| normalizedPaths.js:25:19:25:38 | path + '/index.html' | normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:25:19:25:38 | path + '/index.html' | This path depends on a $@. | normalizedPaths.js:21:35:21:48 | req.query.path | user-provided value |
+| normalizedPaths.js:26:19:26:53 | pathMod ... .html') | normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:26:19:26:53 | pathMod ... .html') | This path depends on a $@. | normalizedPaths.js:21:35:21:48 | req.query.path | user-provided value |
+| normalizedPaths.js:27:19:27:57 | pathMod ... , path) | normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:27:19:27:57 | pathMod ... , path) | This path depends on a $@. | normalizedPaths.js:21:35:21:48 | req.query.path | user-provided value |
+| normalizedPaths.js:36:19:36:22 | path | normalizedPaths.js:31:35:31:48 | req.query.path | normalizedPaths.js:36:19:36:22 | path | This path depends on a $@. | normalizedPaths.js:31:35:31:48 | req.query.path | user-provided value |
+| normalizedPaths.js:41:21:41:24 | path | normalizedPaths.js:31:35:31:48 | req.query.path | normalizedPaths.js:41:21:41:24 | path | This path depends on a $@. | normalizedPaths.js:31:35:31:48 | req.query.path | user-provided value |
+| normalizedPaths.js:59:19:59:22 | path | normalizedPaths.js:54:35:54:48 | req.query.path | normalizedPaths.js:59:19:59:22 | path | This path depends on a $@. | normalizedPaths.js:54:35:54:48 | req.query.path | user-provided value |
+| normalizedPaths.js:63:19:63:38 | path + "/index.html" | normalizedPaths.js:54:35:54:48 | req.query.path | normalizedPaths.js:63:19:63:38 | path + "/index.html" | This path depends on a $@. | normalizedPaths.js:54:35:54:48 | req.query.path | user-provided value |
+| normalizedPaths.js:68:21:68:24 | path | normalizedPaths.js:54:35:54:48 | req.query.path | normalizedPaths.js:68:21:68:24 | path | This path depends on a $@. | normalizedPaths.js:54:35:54:48 | req.query.path | user-provided value |
+| normalizedPaths.js:78:22:78:25 | path | normalizedPaths.js:73:42:73:55 | req.query.path | normalizedPaths.js:78:22:78:25 | path | This path depends on a $@. | normalizedPaths.js:73:42:73:55 | req.query.path | user-provided value |
+| normalizedPaths.js:87:29:87:32 | path | normalizedPaths.js:82:14:82:27 | req.query.path | normalizedPaths.js:87:29:87:32 | path | This path depends on a $@. | normalizedPaths.js:82:14:82:27 | req.query.path | user-provided value |
+| normalizedPaths.js:90:31:90:34 | path | normalizedPaths.js:82:14:82:27 | req.query.path | normalizedPaths.js:90:31:90:34 | path | This path depends on a $@. | normalizedPaths.js:82:14:82:27 | req.query.path | user-provided value |
+| normalizedPaths.js:99:29:99:32 | path | normalizedPaths.js:94:35:94:48 | req.query.path | normalizedPaths.js:99:29:99:32 | path | This path depends on a $@. | normalizedPaths.js:94:35:94:48 | req.query.path | user-provided value |
+| normalizedPaths.js:119:19:119:22 | path | normalizedPaths.js:117:30:117:43 | req.query.path | normalizedPaths.js:119:19:119:22 | path | This path depends on a $@. | normalizedPaths.js:117:30:117:43 | req.query.path | user-provided value |
+| normalizedPaths.js:120:19:120:53 | pathMod ... .html') | normalizedPaths.js:117:30:117:43 | req.query.path | normalizedPaths.js:120:19:120:53 | pathMod ... .html') | This path depends on a $@. | normalizedPaths.js:117:30:117:43 | req.query.path | user-provided value |
+| normalizedPaths.js:135:21:135:24 | path | normalizedPaths.js:130:35:130:48 | req.query.path | normalizedPaths.js:135:21:135:24 | path | This path depends on a $@. | normalizedPaths.js:130:35:130:48 | req.query.path | user-provided value |
+| normalizedPaths.js:144:21:144:24 | path | normalizedPaths.js:139:48:139:61 | req.query.path | normalizedPaths.js:144:21:144:24 | path | This path depends on a $@. | normalizedPaths.js:139:48:139:61 | req.query.path | user-provided value |
+| normalizedPaths.js:151:21:151:24 | path | normalizedPaths.js:148:44:148:57 | req.query.path | normalizedPaths.js:151:21:151:24 | path | This path depends on a $@. | normalizedPaths.js:148:44:148:57 | req.query.path | user-provided value |
+| normalizedPaths.js:153:21:153:24 | path | normalizedPaths.js:148:44:148:57 | req.query.path | normalizedPaths.js:153:21:153:24 | path | This path depends on a $@. | normalizedPaths.js:148:44:148:57 | req.query.path | user-provided value |
+| normalizedPaths.js:165:19:165:22 | path | normalizedPaths.js:160:35:160:48 | req.query.path | normalizedPaths.js:165:19:165:22 | path | This path depends on a $@. | normalizedPaths.js:160:35:160:48 | req.query.path | user-provided value |
+| normalizedPaths.js:170:21:170:24 | path | normalizedPaths.js:160:35:160:48 | req.query.path | normalizedPaths.js:170:21:170:24 | path | This path depends on a $@. | normalizedPaths.js:160:35:160:48 | req.query.path | user-provided value |
+| normalizedPaths.js:184:19:184:22 | path | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:184:19:184:22 | path | This path depends on a $@. | normalizedPaths.js:174:14:174:27 | req.query.path | user-provided value |
+| normalizedPaths.js:187:21:187:24 | path | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:187:21:187:24 | path | This path depends on a $@. | normalizedPaths.js:174:14:174:27 | req.query.path | user-provided value |
+| normalizedPaths.js:189:21:189:24 | path | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:189:21:189:24 | path | This path depends on a $@. | normalizedPaths.js:174:14:174:27 | req.query.path | user-provided value |
+| normalizedPaths.js:192:21:192:24 | path | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:192:21:192:24 | path | This path depends on a $@. | normalizedPaths.js:174:14:174:27 | req.query.path | user-provided value |
+| normalizedPaths.js:194:21:194:24 | path | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:194:21:194:24 | path | This path depends on a $@. | normalizedPaths.js:174:14:174:27 | req.query.path | user-provided value |
+| normalizedPaths.js:199:21:199:24 | path | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:199:21:199:24 | path | This path depends on a $@. | normalizedPaths.js:174:14:174:27 | req.query.path | user-provided value |
+| normalizedPaths.js:205:21:205:34 | normalizedPath | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:205:21:205:34 | normalizedPath | This path depends on a $@. | normalizedPaths.js:174:14:174:27 | req.query.path | user-provided value |
+| normalizedPaths.js:208:21:208:34 | normalizedPath | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:208:21:208:34 | normalizedPath | This path depends on a $@. | normalizedPaths.js:174:14:174:27 | req.query.path | user-provided value |
+| normalizedPaths.js:210:21:210:34 | normalizedPath | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:210:21:210:34 | normalizedPath | This path depends on a $@. | normalizedPaths.js:174:14:174:27 | req.query.path | user-provided value |
+| normalizedPaths.js:222:21:222:24 | path | normalizedPaths.js:214:35:214:48 | req.query.path | normalizedPaths.js:222:21:222:24 | path | This path depends on a $@. | normalizedPaths.js:214:35:214:48 | req.query.path | user-provided value |
+| normalizedPaths.js:228:21:228:24 | path | normalizedPaths.js:226:35:226:48 | req.query.path | normalizedPaths.js:228:21:228:24 | path | This path depends on a $@. | normalizedPaths.js:226:35:226:48 | req.query.path | user-provided value |
+| normalizedPaths.js:238:19:238:22 | path | normalizedPaths.js:236:33:236:46 | req.query.path | normalizedPaths.js:238:19:238:22 | path | This path depends on a $@. | normalizedPaths.js:236:33:236:46 | req.query.path | user-provided value |
+| normalizedPaths.js:245:21:245:24 | path | normalizedPaths.js:236:33:236:46 | req.query.path | normalizedPaths.js:245:21:245:24 | path | This path depends on a $@. | normalizedPaths.js:236:33:236:46 | req.query.path | user-provided value |
+| normalizedPaths.js:250:21:250:24 | path | normalizedPaths.js:236:33:236:46 | req.query.path | normalizedPaths.js:250:21:250:24 | path | This path depends on a $@. | normalizedPaths.js:236:33:236:46 | req.query.path | user-provided value |
+| normalizedPaths.js:256:19:256:22 | path | normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:256:19:256:22 | path | This path depends on a $@. | normalizedPaths.js:254:33:254:46 | req.query.path | user-provided value |
+| normalizedPaths.js:262:21:262:24 | path | normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:262:21:262:24 | path | This path depends on a $@. | normalizedPaths.js:254:33:254:46 | req.query.path | user-provided value |
+| normalizedPaths.js:270:21:270:27 | newpath | normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:270:21:270:27 | newpath | This path depends on a $@. | normalizedPaths.js:254:33:254:46 | req.query.path | user-provided value |
+| normalizedPaths.js:278:21:278:27 | newpath | normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:278:21:278:27 | newpath | This path depends on a $@. | normalizedPaths.js:254:33:254:46 | req.query.path | user-provided value |
+| normalizedPaths.js:286:21:286:27 | newpath | normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:286:21:286:27 | newpath | This path depends on a $@. | normalizedPaths.js:254:33:254:46 | req.query.path | user-provided value |
+| normalizedPaths.js:296:21:296:27 | newpath | normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:296:21:296:27 | newpath | This path depends on a $@. | normalizedPaths.js:254:33:254:46 | req.query.path | user-provided value |
+| normalizedPaths.js:304:18:304:21 | path | normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:304:18:304:21 | path | This path depends on a $@. | normalizedPaths.js:303:13:303:26 | req.query.path | user-provided value |
+| normalizedPaths.js:309:19:309:22 | path | normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:309:19:309:22 | path | This path depends on a $@. | normalizedPaths.js:303:13:303:26 | req.query.path | user-provided value |
+| normalizedPaths.js:313:19:313:22 | path | normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:313:19:313:22 | path | This path depends on a $@. | normalizedPaths.js:303:13:303:26 | req.query.path | user-provided value |
+| normalizedPaths.js:316:19:316:22 | path | normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:316:19:316:22 | path | This path depends on a $@. | normalizedPaths.js:303:13:303:26 | req.query.path | user-provided value |
+| normalizedPaths.js:325:19:325:32 | normalizedPath | normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:325:19:325:32 | normalizedPath | This path depends on a $@. | normalizedPaths.js:303:13:303:26 | req.query.path | user-provided value |
+| normalizedPaths.js:332:19:332:32 | normalizedPath | normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:332:19:332:32 | normalizedPath | This path depends on a $@. | normalizedPaths.js:303:13:303:26 | req.query.path | user-provided value |
+| normalizedPaths.js:341:18:341:21 | path | normalizedPaths.js:339:32:339:45 | req.query.path | normalizedPaths.js:341:18:341:21 | path | This path depends on a $@. | normalizedPaths.js:339:32:339:45 | req.query.path | user-provided value |
+| normalizedPaths.js:346:19:346:22 | path | normalizedPaths.js:339:32:339:45 | req.query.path | normalizedPaths.js:346:19:346:22 | path | This path depends on a $@. | normalizedPaths.js:339:32:339:45 | req.query.path | user-provided value |
+| normalizedPaths.js:356:19:356:22 | path | normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:356:19:356:22 | path | This path depends on a $@. | normalizedPaths.js:354:14:354:27 | req.query.path | user-provided value |
+| normalizedPaths.js:363:21:363:31 | requestPath | normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:363:21:363:31 | requestPath | This path depends on a $@. | normalizedPaths.js:354:14:354:27 | req.query.path | user-provided value |
+| normalizedPaths.js:379:19:379:22 | path | normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:379:19:379:22 | path | This path depends on a $@. | normalizedPaths.js:377:14:377:27 | req.query.path | user-provided value |
+| normalizedPaths.js:381:19:381:29 | slash(path) | normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:381:19:381:29 | slash(path) | This path depends on a $@. | normalizedPaths.js:377:14:377:27 | req.query.path | user-provided value |
+| normalizedPaths.js:388:19:388:22 | path | normalizedPaths.js:385:35:385:45 | req.query.x | normalizedPaths.js:388:19:388:22 | path | This path depends on a $@. | normalizedPaths.js:385:35:385:45 | req.query.x | user-provided value |
+| normalizedPaths.js:399:21:399:24 | path | normalizedPaths.js:385:35:385:45 | req.query.x | normalizedPaths.js:399:21:399:24 | path | This path depends on a $@. | normalizedPaths.js:385:35:385:45 | req.query.x | user-provided value |
+| normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | normalizedPaths.js:407:45:407:55 | req.query.x | normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | This path depends on a $@. | normalizedPaths.js:407:45:407:55 | req.query.x | user-provided value |
+| normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | normalizedPaths.js:408:38:408:48 | req.query.x | normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | This path depends on a $@. | normalizedPaths.js:408:38:408:48 | req.query.x | user-provided value |
+| normalizedPaths.js:415:19:415:22 | path | normalizedPaths.js:412:35:412:45 | req.query.x | normalizedPaths.js:415:19:415:22 | path | This path depends on a $@. | normalizedPaths.js:412:35:412:45 | req.query.x | user-provided value |
+| normalizedPaths.js:426:21:426:24 | path | normalizedPaths.js:412:35:412:45 | req.query.x | normalizedPaths.js:426:21:426:24 | path | This path depends on a $@. | normalizedPaths.js:412:35:412:45 | req.query.x | user-provided value |
+| other-fs-libraries.js:11:19:11:22 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:11:19:11:22 | path | This path depends on a $@. | other-fs-libraries.js:9:24:9:30 | req.url | user-provided value |
+| other-fs-libraries.js:12:27:12:30 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:12:27:12:30 | path | This path depends on a $@. | other-fs-libraries.js:9:24:9:30 | req.url | user-provided value |
+| other-fs-libraries.js:13:24:13:27 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:13:24:13:27 | path | This path depends on a $@. | other-fs-libraries.js:9:24:9:30 | req.url | user-provided value |
+| other-fs-libraries.js:14:27:14:30 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:14:27:14:30 | path | This path depends on a $@. | other-fs-libraries.js:9:24:9:30 | req.url | user-provided value |
+| other-fs-libraries.js:16:34:16:37 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:16:34:16:37 | path | This path depends on a $@. | other-fs-libraries.js:9:24:9:30 | req.url | user-provided value |
+| other-fs-libraries.js:17:35:17:38 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:17:35:17:38 | path | This path depends on a $@. | other-fs-libraries.js:9:24:9:30 | req.url | user-provided value |
+| other-fs-libraries.js:19:56:19:59 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:19:56:19:59 | path | This path depends on a $@. | other-fs-libraries.js:9:24:9:30 | req.url | user-provided value |
+| other-fs-libraries.js:24:35:24:38 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:24:35:24:38 | path | This path depends on a $@. | other-fs-libraries.js:9:24:9:30 | req.url | user-provided value |
+| other-fs-libraries.js:40:35:40:38 | path | other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:40:35:40:38 | path | This path depends on a $@. | other-fs-libraries.js:38:24:38:30 | req.url | user-provided value |
+| other-fs-libraries.js:41:50:41:53 | path | other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:41:50:41:53 | path | This path depends on a $@. | other-fs-libraries.js:38:24:38:30 | req.url | user-provided value |
+| other-fs-libraries.js:42:53:42:56 | path | other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:42:53:42:56 | path | This path depends on a $@. | other-fs-libraries.js:38:24:38:30 | req.url | user-provided value |
+| other-fs-libraries.js:51:19:51:22 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:51:19:51:22 | path | This path depends on a $@. | other-fs-libraries.js:49:24:49:30 | req.url | user-provided value |
+| other-fs-libraries.js:52:24:52:27 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:52:24:52:27 | path | This path depends on a $@. | other-fs-libraries.js:49:24:49:30 | req.url | user-provided value |
+| other-fs-libraries.js:54:36:54:39 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:54:36:54:39 | path | This path depends on a $@. | other-fs-libraries.js:49:24:49:30 | req.url | user-provided value |
+| other-fs-libraries.js:55:36:55:39 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:55:36:55:39 | path | This path depends on a $@. | other-fs-libraries.js:49:24:49:30 | req.url | user-provided value |
+| other-fs-libraries.js:57:46:57:49 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:57:46:57:49 | path | This path depends on a $@. | other-fs-libraries.js:49:24:49:30 | req.url | user-provided value |
+| other-fs-libraries.js:59:39:59:42 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:59:39:59:42 | path | This path depends on a $@. | other-fs-libraries.js:49:24:49:30 | req.url | user-provided value |
+| other-fs-libraries.js:62:43:62:46 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:62:43:62:46 | path | This path depends on a $@. | other-fs-libraries.js:49:24:49:30 | req.url | user-provided value |
+| other-fs-libraries.js:63:51:63:54 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:63:51:63:54 | path | This path depends on a $@. | other-fs-libraries.js:49:24:49:30 | req.url | user-provided value |
+| other-fs-libraries.js:70:19:70:22 | path | other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:70:19:70:22 | path | This path depends on a $@. | other-fs-libraries.js:68:24:68:30 | req.url | user-provided value |
+| other-fs-libraries.js:71:10:71:13 | path | other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:71:10:71:13 | path | This path depends on a $@. | other-fs-libraries.js:68:24:68:30 | req.url | user-provided value |
+| other-fs-libraries.js:72:15:72:18 | path | other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:72:15:72:18 | path | This path depends on a $@. | other-fs-libraries.js:68:24:68:30 | req.url | user-provided value |
+| other-fs-libraries.js:76:19:76:19 | x | other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:76:19:76:19 | x | This path depends on a $@. | other-fs-libraries.js:68:24:68:30 | req.url | user-provided value |
+| other-fs-libraries.js:83:16:83:19 | path | other-fs-libraries.js:81:24:81:30 | req.url | other-fs-libraries.js:83:16:83:19 | path | This path depends on a $@. | other-fs-libraries.js:81:24:81:30 | req.url | user-provided value |
+| prettier.js:7:28:7:28 | p | prettier.js:6:13:6:13 | p | prettier.js:7:28:7:28 | p | This path depends on a $@. | prettier.js:6:13:6:13 | p | user-provided value |
+| prettier.js:11:44:11:44 | p | prettier.js:6:13:6:13 | p | prettier.js:11:44:11:44 | p | This path depends on a $@. | prettier.js:6:13:6:13 | p | user-provided value |
+| pupeteer.js:9:28:9:34 | tainted | pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:9:28:9:34 | tainted | This path depends on a $@. | pupeteer.js:5:28:5:53 | parseTo ... t).name | user-provided value |
+| pupeteer.js:13:37:13:43 | tainted | pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:13:37:13:43 | tainted | This path depends on a $@. | pupeteer.js:5:28:5:53 | parseTo ... t).name | user-provided value |
+| sharedlib-repro.js:22:18:22:25 | filepath | sharedlib-repro.js:13:22:13:43 | req.par ... spaceId | sharedlib-repro.js:22:18:22:25 | filepath | This path depends on a $@. | sharedlib-repro.js:13:22:13:43 | req.par ... spaceId | user-provided value |
+| tainted-access-paths.js:8:19:8:22 | path | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:8:19:8:22 | path | This path depends on a $@. | tainted-access-paths.js:6:24:6:30 | req.url | user-provided value |
+| tainted-access-paths.js:12:19:12:25 | obj.sub | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:12:19:12:25 | obj.sub | This path depends on a $@. | tainted-access-paths.js:6:24:6:30 | req.url | user-provided value |
+| tainted-access-paths.js:26:19:26:26 | obj.sub3 | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:26:19:26:26 | obj.sub3 | This path depends on a $@. | tainted-access-paths.js:6:24:6:30 | req.url | user-provided value |
+| tainted-access-paths.js:29:21:29:28 | obj.sub4 | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:29:21:29:28 | obj.sub4 | This path depends on a $@. | tainted-access-paths.js:6:24:6:30 | req.url | user-provided value |
+| tainted-access-paths.js:30:23:30:30 | obj.sub4 | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:30:23:30:30 | obj.sub4 | This path depends on a $@. | tainted-access-paths.js:6:24:6:30 | req.url | user-provided value |
+| tainted-access-paths.js:31:23:31:30 | obj.sub4 | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:31:23:31:30 | obj.sub4 | This path depends on a $@. | tainted-access-paths.js:6:24:6:30 | req.url | user-provided value |
+| tainted-access-paths.js:40:23:40:26 | path | tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:40:23:40:26 | path | This path depends on a $@. | tainted-access-paths.js:39:24:39:30 | req.url | user-provided value |
+| tainted-access-paths.js:49:10:49:13 | path | tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:49:10:49:13 | path | This path depends on a $@. | tainted-access-paths.js:48:24:48:30 | req.url | user-provided value |
+| tainted-promise-steps.js:11:19:11:35 | await pathPromise | tainted-promise-steps.js:6:24:6:30 | req.url | tainted-promise-steps.js:11:19:11:35 | await pathPromise | This path depends on a $@. | tainted-promise-steps.js:6:24:6:30 | req.url | user-provided value |
+| tainted-promise-steps.js:12:44:12:47 | path | tainted-promise-steps.js:6:24:6:30 | req.url | tainted-promise-steps.js:12:44:12:47 | path | This path depends on a $@. | tainted-promise-steps.js:6:24:6:30 | req.url | user-provided value |
+| tainted-require.js:6:19:6:37 | req.param("module") | tainted-require.js:6:19:6:37 | req.param("module") | tainted-require.js:6:19:6:37 | req.param("module") | This path depends on a $@. | tainted-require.js:6:19:6:37 | req.param("module") | user-provided value |
+| tainted-require.js:11:29:11:47 | req.param("module") | tainted-require.js:11:29:11:47 | req.param("module") | tainted-require.js:11:29:11:47 | req.param("module") | This path depends on a $@. | tainted-require.js:11:29:11:47 | req.param("module") | user-provided value |
+| tainted-require.js:13:11:13:29 | req.param("module") | tainted-require.js:13:11:13:29 | req.param("module") | tainted-require.js:13:11:13:29 | req.param("module") | This path depends on a $@. | tainted-require.js:13:11:13:29 | req.param("module") | user-provided value |
+| tainted-sendFile.js:7:16:7:33 | req.param("gimme") | tainted-sendFile.js:7:16:7:33 | req.param("gimme") | tainted-sendFile.js:7:16:7:33 | req.param("gimme") | This path depends on a $@. | tainted-sendFile.js:7:16:7:33 | req.param("gimme") | user-provided value |
+| tainted-sendFile.js:8:16:8:33 | req.param("gimme") | tainted-sendFile.js:8:16:8:33 | req.param("gimme") | tainted-sendFile.js:8:16:8:33 | req.param("gimme") | This path depends on a $@. | tainted-sendFile.js:8:16:8:33 | req.param("gimme") | user-provided value |
+| tainted-sendFile.js:15:43:15:58 | req.param("dir") | tainted-sendFile.js:15:43:15:58 | req.param("dir") | tainted-sendFile.js:15:43:15:58 | req.param("dir") | This path depends on a $@. | tainted-sendFile.js:15:43:15:58 | req.param("dir") | user-provided value |
+| tainted-sendFile.js:21:16:21:49 | path.re ... rams.x) | tainted-sendFile.js:21:37:21:48 | req.params.x | tainted-sendFile.js:21:16:21:49 | path.re ... rams.x) | This path depends on a $@. | tainted-sendFile.js:21:37:21:48 | req.params.x | user-provided value |
+| tainted-sendFile.js:22:16:22:46 | path.jo ... rams.x) | tainted-sendFile.js:22:34:22:45 | req.params.x | tainted-sendFile.js:22:16:22:46 | path.jo ... rams.x) | This path depends on a $@. | tainted-sendFile.js:22:34:22:45 | req.params.x | user-provided value |
+| tainted-string-steps.js:8:18:8:34 | path.substring(4) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:8:18:8:34 | path.substring(4) | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value |
+| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value |
+| tainted-string-steps.js:10:18:10:31 | path.substr(4) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:10:18:10:31 | path.substr(4) | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value |
+| tainted-string-steps.js:11:18:11:30 | path.slice(4) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:11:18:11:30 | path.slice(4) | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value |
+| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value |
+| tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value |
+| tainted-string-steps.js:15:18:15:46 | unknown ... , path) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value |
+| tainted-string-steps.js:17:18:17:28 | path.trim() | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:17:18:17:28 | path.trim() | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value |
+| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value |
+| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value |
+| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value |
+| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value |
+| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value |
+| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value |
+| torrents.js:7:25:7:27 | loc | torrents.js:5:13:5:38 | parseTo ... t).name | torrents.js:7:25:7:27 | loc | This path depends on a $@. | torrents.js:5:13:5:38 | parseTo ... t).name | user-provided value |
+| typescript.ts:11:29:11:32 | path | typescript.ts:9:24:9:30 | req.url | typescript.ts:11:29:11:32 | path | This path depends on a $@. | typescript.ts:9:24:9:30 | req.url | user-provided value |
+| typescript.ts:20:39:20:43 | path3 | typescript.ts:9:24:9:30 | req.url | typescript.ts:20:39:20:43 | path3 | This path depends on a $@. | typescript.ts:9:24:9:30 | req.url | user-provided value |
+| typescript.ts:23:39:23:43 | path4 | typescript.ts:9:24:9:30 | req.url | typescript.ts:23:39:23:43 | path4 | This path depends on a $@. | typescript.ts:9:24:9:30 | req.url | user-provided value |
+| typescript.ts:31:29:31:33 | path6 | typescript.ts:9:24:9:30 | req.url | typescript.ts:31:29:31:33 | path6 | This path depends on a $@. | typescript.ts:9:24:9:30 | req.url | user-provided value |
+| views.js:1:43:1:55 | req.params[0] | views.js:1:43:1:55 | req.params[0] | views.js:1:43:1:55 | req.params[0] | This path depends on a $@. | views.js:1:43:1:55 | req.params[0] | user-provided value |
 edges
-| TaintedPath-es6.js:7:7:7:44 | path | TaintedPath-es6.js:10:41:10:44 | path | provenance |  |
+| TaintedPath-es6.js:7:7:7:44 | path | TaintedPath-es6.js:9:41:9:44 | path | provenance |  |
 | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | provenance | Config |
 | TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | provenance | Config |
 | TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | TaintedPath-es6.js:7:7:7:44 | path | provenance |  |
 | TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | provenance | Config |
-| TaintedPath-es6.js:10:41:10:44 | path | TaintedPath-es6.js:10:26:10:45 | join("public", path) | provenance | Config |
-| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:12:29:12:32 | path | provenance |  |
-| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:15:45:15:48 | path | provenance |  |
-| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:18:33:18:36 | path | provenance |  |
-| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:21:33:21:36 | path | provenance |  |
-| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:24:33:24:36 | path | provenance |  |
-| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:33:31:33:34 | path | provenance |  |
+| TaintedPath-es6.js:9:41:9:44 | path | TaintedPath-es6.js:9:26:9:45 | join("public", path) | provenance | Config |
+| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:11:29:11:32 | path | provenance |  |
+| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:13:45:13:48 | path | provenance |  |
+| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:16:33:16:36 | path | provenance |  |
+| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:19:33:19:36 | path | provenance |  |
+| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:22:33:22:36 | path | provenance |  |
+| TaintedPath.js:9:7:9:48 | path | TaintedPath.js:31:31:31:34 | path | provenance |  |
 | TaintedPath.js:9:14:9:37 | url.par ... , true) | TaintedPath.js:9:14:9:43 | url.par ... ).query | provenance | Config |
 | TaintedPath.js:9:14:9:43 | url.par ... ).query | TaintedPath.js:9:14:9:48 | url.par ... ry.path | provenance | Config |
 | TaintedPath.js:9:14:9:48 | url.par ... ry.path | TaintedPath.js:9:7:9:48 | path | provenance |  |
 | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:9:14:9:37 | url.par ... , true) | provenance | Config |
-| TaintedPath.js:15:45:15:48 | path | TaintedPath.js:15:29:15:48 | "/home/user/" + path | provenance | Config |
-| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:42:48:42:51 | path | provenance |  |
-| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:46:45:46:48 | path | provenance |  |
-| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:48:51:48:54 | path | provenance |  |
-| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:50:50:50:53 | path | provenance |  |
-| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:52:52:52:55 | path | provenance |  |
-| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:54:49:54:52 | path | provenance |  |
-| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:56:48:56:51 | path | provenance |  |
-| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:58:54:58:57 | path | provenance |  |
-| TaintedPath.js:38:3:38:44 | path | TaintedPath.js:60:57:60:60 | path | provenance |  |
-| TaintedPath.js:38:10:38:33 | url.par ... , true) | TaintedPath.js:38:10:38:39 | url.par ... ).query | provenance | Config |
-| TaintedPath.js:38:10:38:39 | url.par ... ).query | TaintedPath.js:38:10:38:44 | url.par ... ry.path | provenance | Config |
-| TaintedPath.js:38:10:38:44 | url.par ... ry.path | TaintedPath.js:38:3:38:44 | path | provenance |  |
-| TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:38:10:38:33 | url.par ... , true) | provenance | Config |
-| TaintedPath.js:42:48:42:51 | path | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | provenance | Config |
-| TaintedPath.js:46:45:46:48 | path | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | provenance | Config |
-| TaintedPath.js:48:51:48:54 | path | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | provenance | Config |
-| TaintedPath.js:50:50:50:53 | path | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | provenance | Config |
-| TaintedPath.js:52:52:52:55 | path | TaintedPath.js:52:29:52:56 | pathMod ... , path) | provenance | Config |
-| TaintedPath.js:54:49:54:52 | path | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | provenance | Config |
-| TaintedPath.js:56:48:56:51 | path | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | provenance | Config |
-| TaintedPath.js:58:54:58:57 | path | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | provenance | Config |
-| TaintedPath.js:60:57:60:60 | path | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | provenance | Config |
-| TaintedPath.js:65:31:65:70 | require ... eq.url) | TaintedPath.js:65:31:65:76 | require ... ).query | provenance | Config |
-| TaintedPath.js:65:63:65:69 | req.url | TaintedPath.js:65:31:65:70 | require ... eq.url) | provenance | Config |
-| TaintedPath.js:66:31:66:68 | require ... eq.url) | TaintedPath.js:66:31:66:74 | require ... ).query | provenance | Config |
-| TaintedPath.js:66:61:66:67 | req.url | TaintedPath.js:66:31:66:68 | require ... eq.url) | provenance | Config |
-| TaintedPath.js:67:31:67:67 | require ... eq.url) | TaintedPath.js:67:31:67:73 | require ... ).query | provenance | Config |
-| TaintedPath.js:67:60:67:66 | req.url | TaintedPath.js:67:31:67:67 | require ... eq.url) | provenance | Config |
-| TaintedPath.js:84:6:84:47 | path | TaintedPath.js:86:44:86:47 | path | provenance |  |
-| TaintedPath.js:84:6:84:47 | path | TaintedPath.js:87:14:87:17 | path | provenance |  |
-| TaintedPath.js:84:13:84:36 | url.par ... , true) | TaintedPath.js:84:13:84:42 | url.par ... ).query | provenance | Config |
-| TaintedPath.js:84:13:84:42 | url.par ... ).query | TaintedPath.js:84:13:84:47 | url.par ... ry.path | provenance | Config |
-| TaintedPath.js:84:13:84:47 | url.par ... ry.path | TaintedPath.js:84:6:84:47 | path | provenance |  |
-| TaintedPath.js:84:23:84:29 | req.url | TaintedPath.js:84:13:84:36 | url.par ... , true) | provenance | Config |
-| TaintedPath.js:86:44:86:47 | path | TaintedPath.js:86:28:86:48 | fs.real ... c(path) | provenance | Config |
-| TaintedPath.js:87:14:87:17 | path | TaintedPath.js:88:32:88:39 | realpath | provenance | Config |
-| TaintedPath.js:88:32:88:39 | realpath | TaintedPath.js:89:45:89:52 | realpath | provenance |  |
-| TaintedPath.js:120:6:120:47 | path | TaintedPath.js:122:23:122:26 | path | provenance |  |
-| TaintedPath.js:120:13:120:36 | url.par ... , true) | TaintedPath.js:120:13:120:42 | url.par ... ).query | provenance | Config |
-| TaintedPath.js:120:13:120:42 | url.par ... ).query | TaintedPath.js:120:13:120:47 | url.par ... ry.path | provenance | Config |
-| TaintedPath.js:120:13:120:47 | url.par ... ry.path | TaintedPath.js:120:6:120:47 | path | provenance |  |
-| TaintedPath.js:120:23:120:29 | req.url | TaintedPath.js:120:13:120:36 | url.par ... , true) | provenance | Config |
-| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:128:19:128:22 | path | provenance |  |
-| TaintedPath.js:126:7:126:48 | path | TaintedPath.js:130:15:130:18 | path | provenance |  |
-| TaintedPath.js:126:14:126:37 | url.par ... , true) | TaintedPath.js:126:14:126:43 | url.par ... ).query | provenance | Config |
-| TaintedPath.js:126:14:126:43 | url.par ... ).query | TaintedPath.js:126:14:126:48 | url.par ... ry.path | provenance | Config |
-| TaintedPath.js:126:14:126:48 | url.par ... ry.path | TaintedPath.js:126:7:126:48 | path | provenance |  |
-| TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:126:14:126:37 | url.par ... , true) | provenance | Config |
-| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:132:19:132:23 | split | provenance |  |
-| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:136:19:136:23 | split | provenance |  |
-| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:137:28:137:32 | split | provenance |  |
-| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:139:33:139:37 | split | provenance |  |
-| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:142:20:142:24 | split | provenance |  |
-| TaintedPath.js:130:7:130:29 | split | TaintedPath.js:145:19:145:23 | split | provenance |  |
-| TaintedPath.js:130:15:130:18 | path | TaintedPath.js:130:15:130:29 | path.split("/") | provenance | Config |
-| TaintedPath.js:130:15:130:29 | path.split("/") | TaintedPath.js:130:7:130:29 | split | provenance |  |
-| TaintedPath.js:132:19:132:23 | split | TaintedPath.js:132:19:132:33 | split.join("/") | provenance | Config |
-| TaintedPath.js:136:19:136:23 | split | TaintedPath.js:136:19:136:26 | split[x] | provenance | Config |
-| TaintedPath.js:137:28:137:32 | split | TaintedPath.js:137:28:137:35 | split[x] | provenance | Config |
-| TaintedPath.js:137:28:137:35 | split[x] | TaintedPath.js:137:19:137:35 | prefix + split[x] | provenance | Config |
-| TaintedPath.js:139:7:139:38 | concatted | TaintedPath.js:140:19:140:27 | concatted | provenance |  |
-| TaintedPath.js:139:19:139:38 | prefix.concat(split) | TaintedPath.js:139:7:139:38 | concatted | provenance |  |
-| TaintedPath.js:139:33:139:37 | split | TaintedPath.js:139:19:139:38 | prefix.concat(split) | provenance | Config |
-| TaintedPath.js:140:19:140:27 | concatted | TaintedPath.js:140:19:140:37 | concatted.join("/") | provenance | Config |
-| TaintedPath.js:142:7:142:39 | concatted2 | TaintedPath.js:143:19:143:28 | concatted2 | provenance |  |
-| TaintedPath.js:142:20:142:24 | split | TaintedPath.js:142:20:142:39 | split.concat(prefix) | provenance | Config |
-| TaintedPath.js:142:20:142:39 | split.concat(prefix) | TaintedPath.js:142:7:142:39 | concatted2 | provenance |  |
-| TaintedPath.js:143:19:143:28 | concatted2 | TaintedPath.js:143:19:143:38 | concatted2.join("/") | provenance | Config |
-| TaintedPath.js:145:19:145:23 | split | TaintedPath.js:145:19:145:29 | split.pop() | provenance | Config |
-| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:154:29:154:32 | path | provenance |  |
-| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:160:29:160:32 | path | provenance |  |
-| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:161:29:161:32 | path | provenance |  |
-| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:162:29:162:32 | path | provenance |  |
-| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:163:29:163:32 | path | provenance |  |
-| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:178:40:178:43 | path | provenance |  |
-| TaintedPath.js:150:7:150:48 | path | TaintedPath.js:179:50:179:53 | path | provenance |  |
-| TaintedPath.js:150:14:150:37 | url.par ... , true) | TaintedPath.js:150:14:150:43 | url.par ... ).query | provenance | Config |
-| TaintedPath.js:150:14:150:43 | url.par ... ).query | TaintedPath.js:150:14:150:48 | url.par ... ry.path | provenance | Config |
-| TaintedPath.js:150:14:150:48 | url.par ... ry.path | TaintedPath.js:150:7:150:48 | path | provenance |  |
-| TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:150:14:150:37 | url.par ... , true) | provenance | Config |
-| TaintedPath.js:154:29:154:32 | path | TaintedPath.js:154:29:154:55 | path.re ... /g, '') | provenance | Config |
-| TaintedPath.js:160:29:160:32 | path | TaintedPath.js:160:29:160:52 | path.re ... /g, '') | provenance | Config |
-| TaintedPath.js:161:29:161:32 | path | TaintedPath.js:161:29:161:53 | path.re ... /g, '') | provenance | Config |
-| TaintedPath.js:162:29:162:32 | path | TaintedPath.js:162:29:162:51 | path.re ... /g, '') | provenance | Config |
-| TaintedPath.js:163:29:163:32 | path | TaintedPath.js:163:29:163:57 | path.re ... /g, '') | provenance | Config |
-| TaintedPath.js:178:40:178:43 | path | TaintedPath.js:178:40:178:73 | path.re ... +/, '') | provenance | Config |
-| TaintedPath.js:178:40:178:73 | path.re ... +/, '') | TaintedPath.js:178:29:178:73 | "prefix ... +/, '') | provenance | Config |
-| TaintedPath.js:179:29:179:54 | pathMod ... e(path) | TaintedPath.js:179:29:179:84 | pathMod ... +/, '') | provenance | Config |
-| TaintedPath.js:179:50:179:53 | path | TaintedPath.js:179:29:179:54 | pathMod ... e(path) | provenance | Config |
-| TaintedPath.js:187:29:187:45 | qs.parse(req.url) | TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | provenance | Config |
-| TaintedPath.js:187:38:187:44 | req.url | TaintedPath.js:187:29:187:45 | qs.parse(req.url) | provenance | Config |
-| TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | provenance | Config |
-| TaintedPath.js:188:38:188:58 | normali ... eq.url) | TaintedPath.js:188:29:188:59 | qs.pars ... q.url)) | provenance | Config |
-| TaintedPath.js:188:51:188:57 | req.url | TaintedPath.js:188:38:188:58 | normali ... eq.url) | provenance | Config |
-| TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | provenance | Config |
-| TaintedPath.js:190:44:190:50 | req.url | TaintedPath.js:190:29:190:51 | parseqs ... eq.url) | provenance | Config |
-| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:196:31:196:34 | path | provenance |  |
-| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:197:45:197:48 | path | provenance |  |
-| TaintedPath.js:195:7:195:48 | path | TaintedPath.js:198:35:198:38 | path | provenance |  |
-| TaintedPath.js:195:14:195:37 | url.par ... , true) | TaintedPath.js:195:14:195:43 | url.par ... ).query | provenance | Config |
-| TaintedPath.js:195:14:195:43 | url.par ... ).query | TaintedPath.js:195:14:195:48 | url.par ... ry.path | provenance | Config |
-| TaintedPath.js:195:14:195:48 | url.par ... ry.path | TaintedPath.js:195:7:195:48 | path | provenance |  |
-| TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:195:14:195:37 | url.par ... , true) | provenance | Config |
-| TaintedPath.js:202:7:202:48 | path | TaintedPath.js:206:29:206:32 | path | provenance |  |
-| TaintedPath.js:202:14:202:37 | url.par ... , true) | TaintedPath.js:202:14:202:43 | url.par ... ).query | provenance | Config |
-| TaintedPath.js:202:14:202:43 | url.par ... ).query | TaintedPath.js:202:14:202:48 | url.par ... ry.path | provenance | Config |
-| TaintedPath.js:202:14:202:48 | url.par ... ry.path | TaintedPath.js:202:7:202:48 | path | provenance |  |
-| TaintedPath.js:202:24:202:30 | req.url | TaintedPath.js:202:14:202:37 | url.par ... , true) | provenance | Config |
-| TaintedPath.js:206:29:206:32 | path | TaintedPath.js:206:29:206:85 | path.re ... '), '') | provenance | Config |
-| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:213:29:213:32 | path | provenance |  |
-| TaintedPath.js:211:7:211:48 | path | TaintedPath.js:216:31:216:34 | path | provenance |  |
-| TaintedPath.js:211:14:211:37 | url.par ... , true) | TaintedPath.js:211:14:211:43 | url.par ... ).query | provenance | Config |
-| TaintedPath.js:211:14:211:43 | url.par ... ).query | TaintedPath.js:211:14:211:48 | url.par ... ry.path | provenance | Config |
-| TaintedPath.js:211:14:211:48 | url.par ... ry.path | TaintedPath.js:211:7:211:48 | path | provenance |  |
-| TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:211:14:211:37 | url.par ... , true) | provenance | Config |
-| TaintedPath.js:213:29:213:32 | path | TaintedPath.js:213:29:213:68 | path.re ... '), '') | provenance | Config |
-| TaintedPath.js:216:31:216:34 | path | TaintedPath.js:216:31:216:69 | path.re ... '), '') | provenance | Config |
-| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:11:36:11:43 | filePath | provenance |  |
+| TaintedPath.js:13:45:13:48 | path | TaintedPath.js:13:29:13:48 | "/home/user/" + path | provenance | Config |
+| TaintedPath.js:36:3:36:44 | path | TaintedPath.js:39:48:39:51 | path | provenance |  |
+| TaintedPath.js:36:3:36:44 | path | TaintedPath.js:42:45:42:48 | path | provenance |  |
+| TaintedPath.js:36:3:36:44 | path | TaintedPath.js:43:51:43:54 | path | provenance |  |
+| TaintedPath.js:36:3:36:44 | path | TaintedPath.js:44:50:44:53 | path | provenance |  |
+| TaintedPath.js:36:3:36:44 | path | TaintedPath.js:45:52:45:55 | path | provenance |  |
+| TaintedPath.js:36:3:36:44 | path | TaintedPath.js:46:49:46:52 | path | provenance |  |
+| TaintedPath.js:36:3:36:44 | path | TaintedPath.js:47:48:47:51 | path | provenance |  |
+| TaintedPath.js:36:3:36:44 | path | TaintedPath.js:48:54:48:57 | path | provenance |  |
+| TaintedPath.js:36:3:36:44 | path | TaintedPath.js:49:57:49:60 | path | provenance |  |
+| TaintedPath.js:36:10:36:33 | url.par ... , true) | TaintedPath.js:36:10:36:39 | url.par ... ).query | provenance | Config |
+| TaintedPath.js:36:10:36:39 | url.par ... ).query | TaintedPath.js:36:10:36:44 | url.par ... ry.path | provenance | Config |
+| TaintedPath.js:36:10:36:44 | url.par ... ry.path | TaintedPath.js:36:3:36:44 | path | provenance |  |
+| TaintedPath.js:36:20:36:26 | req.url | TaintedPath.js:36:10:36:33 | url.par ... , true) | provenance | Config |
+| TaintedPath.js:39:48:39:51 | path | TaintedPath.js:39:29:39:52 | pathMod ... e(path) | provenance | Config |
+| TaintedPath.js:42:45:42:48 | path | TaintedPath.js:42:29:42:49 | pathMod ... n(path) | provenance | Config |
+| TaintedPath.js:43:51:43:54 | path | TaintedPath.js:43:29:43:58 | pathMod ... ath, z) | provenance | Config |
+| TaintedPath.js:44:50:44:53 | path | TaintedPath.js:44:29:44:54 | pathMod ... e(path) | provenance | Config |
+| TaintedPath.js:45:52:45:55 | path | TaintedPath.js:45:29:45:56 | pathMod ... , path) | provenance | Config |
+| TaintedPath.js:46:49:46:52 | path | TaintedPath.js:46:29:46:56 | pathMod ... ath, x) | provenance | Config |
+| TaintedPath.js:47:48:47:51 | path | TaintedPath.js:47:29:47:52 | pathMod ... e(path) | provenance | Config |
+| TaintedPath.js:48:54:48:57 | path | TaintedPath.js:48:29:48:61 | pathMod ... ath, z) | provenance | Config |
+| TaintedPath.js:49:57:49:60 | path | TaintedPath.js:49:29:49:61 | pathMod ... h(path) | provenance | Config |
+| TaintedPath.js:54:31:54:70 | require ... eq.url) | TaintedPath.js:54:31:54:76 | require ... ).query | provenance | Config |
+| TaintedPath.js:54:63:54:69 | req.url | TaintedPath.js:54:31:54:70 | require ... eq.url) | provenance | Config |
+| TaintedPath.js:55:31:55:68 | require ... eq.url) | TaintedPath.js:55:31:55:74 | require ... ).query | provenance | Config |
+| TaintedPath.js:55:61:55:67 | req.url | TaintedPath.js:55:31:55:68 | require ... eq.url) | provenance | Config |
+| TaintedPath.js:56:31:56:67 | require ... eq.url) | TaintedPath.js:56:31:56:73 | require ... ).query | provenance | Config |
+| TaintedPath.js:56:60:56:66 | req.url | TaintedPath.js:56:31:56:67 | require ... eq.url) | provenance | Config |
+| TaintedPath.js:73:6:73:47 | path | TaintedPath.js:75:44:75:47 | path | provenance |  |
+| TaintedPath.js:73:6:73:47 | path | TaintedPath.js:76:14:76:17 | path | provenance |  |
+| TaintedPath.js:73:13:73:36 | url.par ... , true) | TaintedPath.js:73:13:73:42 | url.par ... ).query | provenance | Config |
+| TaintedPath.js:73:13:73:42 | url.par ... ).query | TaintedPath.js:73:13:73:47 | url.par ... ry.path | provenance | Config |
+| TaintedPath.js:73:13:73:47 | url.par ... ry.path | TaintedPath.js:73:6:73:47 | path | provenance |  |
+| TaintedPath.js:73:23:73:29 | req.url | TaintedPath.js:73:13:73:36 | url.par ... , true) | provenance | Config |
+| TaintedPath.js:75:44:75:47 | path | TaintedPath.js:75:28:75:48 | fs.real ... c(path) | provenance | Config |
+| TaintedPath.js:76:14:76:17 | path | TaintedPath.js:77:32:77:39 | realpath | provenance | Config |
+| TaintedPath.js:77:32:77:39 | realpath | TaintedPath.js:78:45:78:52 | realpath | provenance |  |
+| TaintedPath.js:109:6:109:47 | path | TaintedPath.js:111:23:111:26 | path | provenance |  |
+| TaintedPath.js:109:13:109:36 | url.par ... , true) | TaintedPath.js:109:13:109:42 | url.par ... ).query | provenance | Config |
+| TaintedPath.js:109:13:109:42 | url.par ... ).query | TaintedPath.js:109:13:109:47 | url.par ... ry.path | provenance | Config |
+| TaintedPath.js:109:13:109:47 | url.par ... ry.path | TaintedPath.js:109:6:109:47 | path | provenance |  |
+| TaintedPath.js:109:23:109:29 | req.url | TaintedPath.js:109:13:109:36 | url.par ... , true) | provenance | Config |
+| TaintedPath.js:115:7:115:48 | path | TaintedPath.js:117:19:117:22 | path | provenance |  |
+| TaintedPath.js:115:7:115:48 | path | TaintedPath.js:119:15:119:18 | path | provenance |  |
+| TaintedPath.js:115:14:115:37 | url.par ... , true) | TaintedPath.js:115:14:115:43 | url.par ... ).query | provenance | Config |
+| TaintedPath.js:115:14:115:43 | url.par ... ).query | TaintedPath.js:115:14:115:48 | url.par ... ry.path | provenance | Config |
+| TaintedPath.js:115:14:115:48 | url.par ... ry.path | TaintedPath.js:115:7:115:48 | path | provenance |  |
+| TaintedPath.js:115:24:115:30 | req.url | TaintedPath.js:115:14:115:37 | url.par ... , true) | provenance | Config |
+| TaintedPath.js:119:7:119:29 | split | TaintedPath.js:121:19:121:23 | split | provenance |  |
+| TaintedPath.js:119:7:119:29 | split | TaintedPath.js:125:19:125:23 | split | provenance |  |
+| TaintedPath.js:119:7:119:29 | split | TaintedPath.js:126:28:126:32 | split | provenance |  |
+| TaintedPath.js:119:7:119:29 | split | TaintedPath.js:128:33:128:37 | split | provenance |  |
+| TaintedPath.js:119:7:119:29 | split | TaintedPath.js:131:20:131:24 | split | provenance |  |
+| TaintedPath.js:119:7:119:29 | split | TaintedPath.js:134:19:134:23 | split | provenance |  |
+| TaintedPath.js:119:15:119:18 | path | TaintedPath.js:119:15:119:29 | path.split("/") | provenance | Config |
+| TaintedPath.js:119:15:119:29 | path.split("/") | TaintedPath.js:119:7:119:29 | split | provenance |  |
+| TaintedPath.js:121:19:121:23 | split | TaintedPath.js:121:19:121:33 | split.join("/") | provenance | Config |
+| TaintedPath.js:125:19:125:23 | split | TaintedPath.js:125:19:125:26 | split[x] | provenance | Config |
+| TaintedPath.js:126:28:126:32 | split | TaintedPath.js:126:28:126:35 | split[x] | provenance | Config |
+| TaintedPath.js:126:28:126:35 | split[x] | TaintedPath.js:126:19:126:35 | prefix + split[x] | provenance | Config |
+| TaintedPath.js:128:7:128:38 | concatted | TaintedPath.js:129:19:129:27 | concatted | provenance |  |
+| TaintedPath.js:128:19:128:38 | prefix.concat(split) | TaintedPath.js:128:7:128:38 | concatted | provenance |  |
+| TaintedPath.js:128:33:128:37 | split | TaintedPath.js:128:19:128:38 | prefix.concat(split) | provenance | Config |
+| TaintedPath.js:129:19:129:27 | concatted | TaintedPath.js:129:19:129:37 | concatted.join("/") | provenance | Config |
+| TaintedPath.js:131:7:131:39 | concatted2 | TaintedPath.js:132:19:132:28 | concatted2 | provenance |  |
+| TaintedPath.js:131:20:131:24 | split | TaintedPath.js:131:20:131:39 | split.concat(prefix) | provenance | Config |
+| TaintedPath.js:131:20:131:39 | split.concat(prefix) | TaintedPath.js:131:7:131:39 | concatted2 | provenance |  |
+| TaintedPath.js:132:19:132:28 | concatted2 | TaintedPath.js:132:19:132:38 | concatted2.join("/") | provenance | Config |
+| TaintedPath.js:134:19:134:23 | split | TaintedPath.js:134:19:134:29 | split.pop() | provenance | Config |
+| TaintedPath.js:139:7:139:48 | path | TaintedPath.js:143:29:143:32 | path | provenance |  |
+| TaintedPath.js:139:7:139:48 | path | TaintedPath.js:149:29:149:32 | path | provenance |  |
+| TaintedPath.js:139:7:139:48 | path | TaintedPath.js:150:29:150:32 | path | provenance |  |
+| TaintedPath.js:139:7:139:48 | path | TaintedPath.js:151:29:151:32 | path | provenance |  |
+| TaintedPath.js:139:7:139:48 | path | TaintedPath.js:152:29:152:32 | path | provenance |  |
+| TaintedPath.js:139:7:139:48 | path | TaintedPath.js:167:40:167:43 | path | provenance |  |
+| TaintedPath.js:139:7:139:48 | path | TaintedPath.js:168:50:168:53 | path | provenance |  |
+| TaintedPath.js:139:14:139:37 | url.par ... , true) | TaintedPath.js:139:14:139:43 | url.par ... ).query | provenance | Config |
+| TaintedPath.js:139:14:139:43 | url.par ... ).query | TaintedPath.js:139:14:139:48 | url.par ... ry.path | provenance | Config |
+| TaintedPath.js:139:14:139:48 | url.par ... ry.path | TaintedPath.js:139:7:139:48 | path | provenance |  |
+| TaintedPath.js:139:24:139:30 | req.url | TaintedPath.js:139:14:139:37 | url.par ... , true) | provenance | Config |
+| TaintedPath.js:143:29:143:32 | path | TaintedPath.js:143:29:143:55 | path.re ... /g, '') | provenance | Config |
+| TaintedPath.js:149:29:149:32 | path | TaintedPath.js:149:29:149:52 | path.re ... /g, '') | provenance | Config |
+| TaintedPath.js:150:29:150:32 | path | TaintedPath.js:150:29:150:53 | path.re ... /g, '') | provenance | Config |
+| TaintedPath.js:151:29:151:32 | path | TaintedPath.js:151:29:151:51 | path.re ... /g, '') | provenance | Config |
+| TaintedPath.js:152:29:152:32 | path | TaintedPath.js:152:29:152:57 | path.re ... /g, '') | provenance | Config |
+| TaintedPath.js:167:40:167:43 | path | TaintedPath.js:167:40:167:73 | path.re ... +/, '') | provenance | Config |
+| TaintedPath.js:167:40:167:73 | path.re ... +/, '') | TaintedPath.js:167:29:167:73 | "prefix ... +/, '') | provenance | Config |
+| TaintedPath.js:168:29:168:54 | pathMod ... e(path) | TaintedPath.js:168:29:168:84 | pathMod ... +/, '') | provenance | Config |
+| TaintedPath.js:168:50:168:53 | path | TaintedPath.js:168:29:168:54 | pathMod ... e(path) | provenance | Config |
+| TaintedPath.js:176:29:176:45 | qs.parse(req.url) | TaintedPath.js:176:29:176:49 | qs.pars ... rl).foo | provenance | Config |
+| TaintedPath.js:176:38:176:44 | req.url | TaintedPath.js:176:29:176:45 | qs.parse(req.url) | provenance | Config |
+| TaintedPath.js:177:29:177:59 | qs.pars ... q.url)) | TaintedPath.js:177:29:177:63 | qs.pars ... l)).foo | provenance | Config |
+| TaintedPath.js:177:38:177:58 | normali ... eq.url) | TaintedPath.js:177:29:177:59 | qs.pars ... q.url)) | provenance | Config |
+| TaintedPath.js:177:51:177:57 | req.url | TaintedPath.js:177:38:177:58 | normali ... eq.url) | provenance | Config |
+| TaintedPath.js:179:29:179:51 | parseqs ... eq.url) | TaintedPath.js:179:29:179:55 | parseqs ... rl).foo | provenance | Config |
+| TaintedPath.js:179:44:179:50 | req.url | TaintedPath.js:179:29:179:51 | parseqs ... eq.url) | provenance | Config |
+| TaintedPath.js:184:7:184:48 | path | TaintedPath.js:185:31:185:34 | path | provenance |  |
+| TaintedPath.js:184:7:184:48 | path | TaintedPath.js:186:45:186:48 | path | provenance |  |
+| TaintedPath.js:184:7:184:48 | path | TaintedPath.js:187:35:187:38 | path | provenance |  |
+| TaintedPath.js:184:14:184:37 | url.par ... , true) | TaintedPath.js:184:14:184:43 | url.par ... ).query | provenance | Config |
+| TaintedPath.js:184:14:184:43 | url.par ... ).query | TaintedPath.js:184:14:184:48 | url.par ... ry.path | provenance | Config |
+| TaintedPath.js:184:14:184:48 | url.par ... ry.path | TaintedPath.js:184:7:184:48 | path | provenance |  |
+| TaintedPath.js:184:24:184:30 | req.url | TaintedPath.js:184:14:184:37 | url.par ... , true) | provenance | Config |
+| TaintedPath.js:191:7:191:48 | path | TaintedPath.js:195:29:195:32 | path | provenance |  |
+| TaintedPath.js:191:14:191:37 | url.par ... , true) | TaintedPath.js:191:14:191:43 | url.par ... ).query | provenance | Config |
+| TaintedPath.js:191:14:191:43 | url.par ... ).query | TaintedPath.js:191:14:191:48 | url.par ... ry.path | provenance | Config |
+| TaintedPath.js:191:14:191:48 | url.par ... ry.path | TaintedPath.js:191:7:191:48 | path | provenance |  |
+| TaintedPath.js:191:24:191:30 | req.url | TaintedPath.js:191:14:191:37 | url.par ... , true) | provenance | Config |
+| TaintedPath.js:195:29:195:32 | path | TaintedPath.js:195:29:195:85 | path.re ... '), '') | provenance | Config |
+| TaintedPath.js:200:7:200:48 | path | TaintedPath.js:202:29:202:32 | path | provenance |  |
+| TaintedPath.js:200:7:200:48 | path | TaintedPath.js:205:31:205:34 | path | provenance |  |
+| TaintedPath.js:200:14:200:37 | url.par ... , true) | TaintedPath.js:200:14:200:43 | url.par ... ).query | provenance | Config |
+| TaintedPath.js:200:14:200:43 | url.par ... ).query | TaintedPath.js:200:14:200:48 | url.par ... ry.path | provenance | Config |
+| TaintedPath.js:200:14:200:48 | url.par ... ry.path | TaintedPath.js:200:7:200:48 | path | provenance |  |
+| TaintedPath.js:200:24:200:30 | req.url | TaintedPath.js:200:14:200:37 | url.par ... , true) | provenance | Config |
+| TaintedPath.js:202:29:202:32 | path | TaintedPath.js:202:29:202:68 | path.re ... '), '') | provenance | Config |
+| TaintedPath.js:205:31:205:34 | path | TaintedPath.js:205:31:205:69 | path.re ... '), '') | provenance | Config |
+| examples/TaintedPath.js:8:7:8:52 | filePath | examples/TaintedPath.js:10:36:10:43 | filePath | provenance |  |
 | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | provenance | Config |
 | examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | provenance | Config |
 | examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | examples/TaintedPath.js:8:7:8:52 | filePath | provenance |  |
 | examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | provenance | Config |
-| examples/TaintedPath.js:11:36:11:43 | filePath | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | provenance | Config |
+| examples/TaintedPath.js:10:36:10:43 | filePath | examples/TaintedPath.js:10:29:10:43 | ROOT + filePath | provenance | Config |
 | handlebars.js:10:51:10:58 | filePath | handlebars.js:11:32:11:39 | filePath | provenance |  |
 | handlebars.js:13:73:13:80 | filePath | handlebars.js:15:25:15:32 | filePath | provenance |  |
 | handlebars.js:29:46:29:60 | req.params.path | handlebars.js:10:51:10:58 | filePath | provenance |  |
@@ -893,8 +565,8 @@ edges
 | tainted-promise-steps.js:11:25:11:35 | pathPromise [PromiseValue] | tainted-promise-steps.js:11:19:11:35 | await pathPromise | provenance |  |
 | tainted-promise-steps.js:12:3:12:13 | pathPromise [PromiseValue] | tainted-promise-steps.js:12:20:12:23 | path | provenance |  |
 | tainted-promise-steps.js:12:20:12:23 | path | tainted-promise-steps.js:12:44:12:47 | path | provenance |  |
-| tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | provenance | Config |
-| tainted-sendFile.js:25:34:25:45 | req.params.x | tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | provenance | Config |
+| tainted-sendFile.js:21:37:21:48 | req.params.x | tainted-sendFile.js:21:16:21:49 | path.re ... rams.x) | provenance | Config |
+| tainted-sendFile.js:22:34:22:45 | req.params.x | tainted-sendFile.js:22:16:22:46 | path.jo ... rams.x) | provenance | Config |
 | tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:8:18:8:21 | path | provenance |  |
 | tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:9:18:9:21 | path | provenance |  |
 | tainted-string-steps.js:6:7:6:48 | path | tainted-string-steps.js:10:18:10:21 | path | provenance |  |
@@ -936,201 +608,529 @@ edges
 | torrents.js:6:6:6:45 | loc | torrents.js:7:25:7:27 | loc | provenance |  |
 | torrents.js:6:12:6:45 | dir + " ... t.data" | torrents.js:6:6:6:45 | loc | provenance |  |
 | torrents.js:6:24:6:27 | name | torrents.js:6:12:6:45 | dir + " ... t.data" | provenance | Config |
-| typescript.ts:9:7:9:48 | path | typescript.ts:12:29:12:32 | path | provenance |  |
-| typescript.ts:9:7:9:48 | path | typescript.ts:20:15:20:18 | path | provenance |  |
-| typescript.ts:9:7:9:48 | path | typescript.ts:23:15:23:18 | path | provenance |  |
-| typescript.ts:9:7:9:48 | path | typescript.ts:30:15:30:18 | path | provenance |  |
+| typescript.ts:9:7:9:48 | path | typescript.ts:11:29:11:32 | path | provenance |  |
+| typescript.ts:9:7:9:48 | path | typescript.ts:19:15:19:18 | path | provenance |  |
+| typescript.ts:9:7:9:48 | path | typescript.ts:22:15:22:18 | path | provenance |  |
+| typescript.ts:9:7:9:48 | path | typescript.ts:29:15:29:18 | path | provenance |  |
 | typescript.ts:9:14:9:37 | url.par ... , true) | typescript.ts:9:14:9:43 | url.par ... ).query | provenance | Config |
 | typescript.ts:9:14:9:43 | url.par ... ).query | typescript.ts:9:14:9:48 | url.par ... ry.path | provenance | Config |
 | typescript.ts:9:14:9:48 | url.par ... ry.path | typescript.ts:9:7:9:48 | path | provenance |  |
 | typescript.ts:9:24:9:30 | req.url | typescript.ts:9:14:9:37 | url.par ... , true) | provenance | Config |
-| typescript.ts:20:7:20:18 | path3 | typescript.ts:21:39:21:43 | path3 | provenance |  |
-| typescript.ts:20:15:20:18 | path | typescript.ts:20:7:20:18 | path3 | provenance |  |
-| typescript.ts:23:7:23:18 | path4 | typescript.ts:24:39:24:43 | path4 | provenance |  |
-| typescript.ts:23:15:23:18 | path | typescript.ts:23:7:23:18 | path4 | provenance |  |
-| typescript.ts:30:7:30:18 | path6 | typescript.ts:32:29:32:33 | path6 | provenance |  |
-| typescript.ts:30:15:30:18 | path | typescript.ts:30:7:30:18 | path6 | provenance |  |
+| typescript.ts:19:7:19:18 | path3 | typescript.ts:20:39:20:43 | path3 | provenance |  |
+| typescript.ts:19:15:19:18 | path | typescript.ts:19:7:19:18 | path3 | provenance |  |
+| typescript.ts:22:7:22:18 | path4 | typescript.ts:23:39:23:43 | path4 | provenance |  |
+| typescript.ts:22:15:22:18 | path | typescript.ts:22:7:22:18 | path4 | provenance |  |
+| typescript.ts:29:7:29:18 | path6 | typescript.ts:31:29:31:33 | path6 | provenance |  |
+| typescript.ts:29:15:29:18 | path | typescript.ts:29:7:29:18 | path6 | provenance |  |
+nodes
+| TaintedPath-es6.js:7:7:7:44 | path | semmle.label | path |
+| TaintedPath-es6.js:7:14:7:33 | parse(req.url, true) | semmle.label | parse(req.url, true) |
+| TaintedPath-es6.js:7:14:7:39 | parse(r ... ).query | semmle.label | parse(r ... ).query |
+| TaintedPath-es6.js:7:14:7:44 | parse(r ... ry.path | semmle.label | parse(r ... ry.path |
+| TaintedPath-es6.js:7:20:7:26 | req.url | semmle.label | req.url |
+| TaintedPath-es6.js:9:26:9:45 | join("public", path) | semmle.label | join("public", path) |
+| TaintedPath-es6.js:9:41:9:44 | path | semmle.label | path |
+| TaintedPath.js:9:7:9:48 | path | semmle.label | path |
+| TaintedPath.js:9:14:9:37 | url.par ... , true) | semmle.label | url.par ... , true) |
+| TaintedPath.js:9:14:9:43 | url.par ... ).query | semmle.label | url.par ... ).query |
+| TaintedPath.js:9:14:9:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
+| TaintedPath.js:9:24:9:30 | req.url | semmle.label | req.url |
+| TaintedPath.js:11:29:11:32 | path | semmle.label | path |
+| TaintedPath.js:13:29:13:48 | "/home/user/" + path | semmle.label | "/home/user/" + path |
+| TaintedPath.js:13:45:13:48 | path | semmle.label | path |
+| TaintedPath.js:16:33:16:36 | path | semmle.label | path |
+| TaintedPath.js:19:33:19:36 | path | semmle.label | path |
+| TaintedPath.js:22:33:22:36 | path | semmle.label | path |
+| TaintedPath.js:31:31:31:34 | path | semmle.label | path |
+| TaintedPath.js:36:3:36:44 | path | semmle.label | path |
+| TaintedPath.js:36:10:36:33 | url.par ... , true) | semmle.label | url.par ... , true) |
+| TaintedPath.js:36:10:36:39 | url.par ... ).query | semmle.label | url.par ... ).query |
+| TaintedPath.js:36:10:36:44 | url.par ... ry.path | semmle.label | url.par ... ry.path |
+| TaintedPath.js:36:20:36:26 | req.url | semmle.label | req.url |
+| TaintedPath.js:39:29:39:52 | pathMod ... e(path) | semmle.label | pathMod ... e(path) |
+| TaintedPath.js:39:48:39:51 | path | semmle.label | path |
+| TaintedPath.js:42:29:42:49 | pathMod ... n(path) | semmle.label | pathMod ... n(path) |
+| TaintedPath.js:42:45:42:48 | path | semmle.label | path |
+| TaintedPath.js:43:29:43:58 | pathMod ... ath, z) | semmle.label | pathMod ... ath, z) |
+| TaintedPath.js:43:51:43:54 | path | semmle.label | path |
+| TaintedPath.js:44:29:44:54 | pathMod ... e(path) | semmle.label | pathMod ... e(path) |
+| TaintedPath.js:44:50:44:53 | path | semmle.label | path |
+| TaintedPath.js:45:29:45:56 | pathMod ... , path) | semmle.label | pathMod ... , path) |
+| TaintedPath.js:45:52:45:55 | path | semmle.label | path |
+| TaintedPath.js:46:29:46:56 | pathMod ... ath, x) | semmle.label | pathMod ... ath, x) |
+| TaintedPath.js:46:49:46:52 | path | semmle.label | path |
+| TaintedPath.js:47:29:47:52 | pathMod ... e(path) | semmle.label | pathMod ... e(path) |
+| TaintedPath.js:47:48:47:51 | path | semmle.label | path |
+| TaintedPath.js:48:29:48:61 | pathMod ... ath, z) | semmle.label | pathMod ... ath, z) |
+| TaintedPath.js:48:54:48:57 | path | semmle.label | path |
+| TaintedPath.js:49:29:49:61 | pathMod ... h(path) | semmle.label | pathMod ... h(path) |
+| TaintedPath.js:49:57:49:60 | path | semmle.label | path |
+| TaintedPath.js:54:31:54:70 | require ... eq.url) | semmle.label | require ... eq.url) |
+| TaintedPath.js:54:31:54:76 | require ... ).query | semmle.label | require ... ).query |
+| TaintedPath.js:54:63:54:69 | req.url | semmle.label | req.url |
+| TaintedPath.js:55:31:55:68 | require ... eq.url) | semmle.label | require ... eq.url) |
+| TaintedPath.js:55:31:55:74 | require ... ).query | semmle.label | require ... ).query |
+| TaintedPath.js:55:61:55:67 | req.url | semmle.label | req.url |
+| TaintedPath.js:56:31:56:67 | require ... eq.url) | semmle.label | require ... eq.url) |
+| TaintedPath.js:56:31:56:73 | require ... ).query | semmle.label | require ... ).query |
+| TaintedPath.js:56:60:56:66 | req.url | semmle.label | req.url |
+| TaintedPath.js:64:48:64:60 | req.params[0] | semmle.label | req.params[0] |
+| TaintedPath.js:73:6:73:47 | path | semmle.label | path |
+| TaintedPath.js:73:13:73:36 | url.par ... , true) | semmle.label | url.par ... , true) |
+| TaintedPath.js:73:13:73:42 | url.par ... ).query | semmle.label | url.par ... ).query |
+| TaintedPath.js:73:13:73:47 | url.par ... ry.path | semmle.label | url.par ... ry.path |
+| TaintedPath.js:73:23:73:29 | req.url | semmle.label | req.url |
+| TaintedPath.js:75:28:75:48 | fs.real ... c(path) | semmle.label | fs.real ... c(path) |
+| TaintedPath.js:75:44:75:47 | path | semmle.label | path |
+| TaintedPath.js:76:14:76:17 | path | semmle.label | path |
+| TaintedPath.js:77:32:77:39 | realpath | semmle.label | realpath |
+| TaintedPath.js:78:45:78:52 | realpath | semmle.label | realpath |
+| TaintedPath.js:109:6:109:47 | path | semmle.label | path |
+| TaintedPath.js:109:13:109:36 | url.par ... , true) | semmle.label | url.par ... , true) |
+| TaintedPath.js:109:13:109:42 | url.par ... ).query | semmle.label | url.par ... ).query |
+| TaintedPath.js:109:13:109:47 | url.par ... ry.path | semmle.label | url.par ... ry.path |
+| TaintedPath.js:109:23:109:29 | req.url | semmle.label | req.url |
+| TaintedPath.js:111:23:111:26 | path | semmle.label | path |
+| TaintedPath.js:115:7:115:48 | path | semmle.label | path |
+| TaintedPath.js:115:14:115:37 | url.par ... , true) | semmle.label | url.par ... , true) |
+| TaintedPath.js:115:14:115:43 | url.par ... ).query | semmle.label | url.par ... ).query |
+| TaintedPath.js:115:14:115:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
+| TaintedPath.js:115:24:115:30 | req.url | semmle.label | req.url |
+| TaintedPath.js:117:19:117:22 | path | semmle.label | path |
+| TaintedPath.js:119:7:119:29 | split | semmle.label | split |
+| TaintedPath.js:119:15:119:18 | path | semmle.label | path |
+| TaintedPath.js:119:15:119:29 | path.split("/") | semmle.label | path.split("/") |
+| TaintedPath.js:121:19:121:23 | split | semmle.label | split |
+| TaintedPath.js:121:19:121:33 | split.join("/") | semmle.label | split.join("/") |
+| TaintedPath.js:125:19:125:23 | split | semmle.label | split |
+| TaintedPath.js:125:19:125:26 | split[x] | semmle.label | split[x] |
+| TaintedPath.js:126:19:126:35 | prefix + split[x] | semmle.label | prefix + split[x] |
+| TaintedPath.js:126:28:126:32 | split | semmle.label | split |
+| TaintedPath.js:126:28:126:35 | split[x] | semmle.label | split[x] |
+| TaintedPath.js:128:7:128:38 | concatted | semmle.label | concatted |
+| TaintedPath.js:128:19:128:38 | prefix.concat(split) | semmle.label | prefix.concat(split) |
+| TaintedPath.js:128:33:128:37 | split | semmle.label | split |
+| TaintedPath.js:129:19:129:27 | concatted | semmle.label | concatted |
+| TaintedPath.js:129:19:129:37 | concatted.join("/") | semmle.label | concatted.join("/") |
+| TaintedPath.js:131:7:131:39 | concatted2 | semmle.label | concatted2 |
+| TaintedPath.js:131:20:131:24 | split | semmle.label | split |
+| TaintedPath.js:131:20:131:39 | split.concat(prefix) | semmle.label | split.concat(prefix) |
+| TaintedPath.js:132:19:132:28 | concatted2 | semmle.label | concatted2 |
+| TaintedPath.js:132:19:132:38 | concatted2.join("/") | semmle.label | concatted2.join("/") |
+| TaintedPath.js:134:19:134:23 | split | semmle.label | split |
+| TaintedPath.js:134:19:134:29 | split.pop() | semmle.label | split.pop() |
+| TaintedPath.js:139:7:139:48 | path | semmle.label | path |
+| TaintedPath.js:139:14:139:37 | url.par ... , true) | semmle.label | url.par ... , true) |
+| TaintedPath.js:139:14:139:43 | url.par ... ).query | semmle.label | url.par ... ).query |
+| TaintedPath.js:139:14:139:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
+| TaintedPath.js:139:24:139:30 | req.url | semmle.label | req.url |
+| TaintedPath.js:143:29:143:32 | path | semmle.label | path |
+| TaintedPath.js:143:29:143:55 | path.re ... /g, '') | semmle.label | path.re ... /g, '') |
+| TaintedPath.js:149:29:149:32 | path | semmle.label | path |
+| TaintedPath.js:149:29:149:52 | path.re ... /g, '') | semmle.label | path.re ... /g, '') |
+| TaintedPath.js:150:29:150:32 | path | semmle.label | path |
+| TaintedPath.js:150:29:150:53 | path.re ... /g, '') | semmle.label | path.re ... /g, '') |
+| TaintedPath.js:151:29:151:32 | path | semmle.label | path |
+| TaintedPath.js:151:29:151:51 | path.re ... /g, '') | semmle.label | path.re ... /g, '') |
+| TaintedPath.js:152:29:152:32 | path | semmle.label | path |
+| TaintedPath.js:152:29:152:57 | path.re ... /g, '') | semmle.label | path.re ... /g, '') |
+| TaintedPath.js:167:29:167:73 | "prefix ... +/, '') | semmle.label | "prefix ... +/, '') |
+| TaintedPath.js:167:40:167:43 | path | semmle.label | path |
+| TaintedPath.js:167:40:167:73 | path.re ... +/, '') | semmle.label | path.re ... +/, '') |
+| TaintedPath.js:168:29:168:54 | pathMod ... e(path) | semmle.label | pathMod ... e(path) |
+| TaintedPath.js:168:29:168:84 | pathMod ... +/, '') | semmle.label | pathMod ... +/, '') |
+| TaintedPath.js:168:50:168:53 | path | semmle.label | path |
+| TaintedPath.js:176:29:176:45 | qs.parse(req.url) | semmle.label | qs.parse(req.url) |
+| TaintedPath.js:176:29:176:49 | qs.pars ... rl).foo | semmle.label | qs.pars ... rl).foo |
+| TaintedPath.js:176:38:176:44 | req.url | semmle.label | req.url |
+| TaintedPath.js:177:29:177:59 | qs.pars ... q.url)) | semmle.label | qs.pars ... q.url)) |
+| TaintedPath.js:177:29:177:63 | qs.pars ... l)).foo | semmle.label | qs.pars ... l)).foo |
+| TaintedPath.js:177:38:177:58 | normali ... eq.url) | semmle.label | normali ... eq.url) |
+| TaintedPath.js:177:51:177:57 | req.url | semmle.label | req.url |
+| TaintedPath.js:179:29:179:51 | parseqs ... eq.url) | semmle.label | parseqs ... eq.url) |
+| TaintedPath.js:179:29:179:55 | parseqs ... rl).foo | semmle.label | parseqs ... rl).foo |
+| TaintedPath.js:179:44:179:50 | req.url | semmle.label | req.url |
+| TaintedPath.js:184:7:184:48 | path | semmle.label | path |
+| TaintedPath.js:184:14:184:37 | url.par ... , true) | semmle.label | url.par ... , true) |
+| TaintedPath.js:184:14:184:43 | url.par ... ).query | semmle.label | url.par ... ).query |
+| TaintedPath.js:184:14:184:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
+| TaintedPath.js:184:24:184:30 | req.url | semmle.label | req.url |
+| TaintedPath.js:185:31:185:34 | path | semmle.label | path |
+| TaintedPath.js:186:45:186:48 | path | semmle.label | path |
+| TaintedPath.js:187:35:187:38 | path | semmle.label | path |
+| TaintedPath.js:191:7:191:48 | path | semmle.label | path |
+| TaintedPath.js:191:14:191:37 | url.par ... , true) | semmle.label | url.par ... , true) |
+| TaintedPath.js:191:14:191:43 | url.par ... ).query | semmle.label | url.par ... ).query |
+| TaintedPath.js:191:14:191:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
+| TaintedPath.js:191:24:191:30 | req.url | semmle.label | req.url |
+| TaintedPath.js:195:29:195:32 | path | semmle.label | path |
+| TaintedPath.js:195:29:195:85 | path.re ... '), '') | semmle.label | path.re ... '), '') |
+| TaintedPath.js:200:7:200:48 | path | semmle.label | path |
+| TaintedPath.js:200:14:200:37 | url.par ... , true) | semmle.label | url.par ... , true) |
+| TaintedPath.js:200:14:200:43 | url.par ... ).query | semmle.label | url.par ... ).query |
+| TaintedPath.js:200:14:200:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
+| TaintedPath.js:200:24:200:30 | req.url | semmle.label | req.url |
+| TaintedPath.js:202:29:202:32 | path | semmle.label | path |
+| TaintedPath.js:202:29:202:68 | path.re ... '), '') | semmle.label | path.re ... '), '') |
+| TaintedPath.js:205:31:205:34 | path | semmle.label | path |
+| TaintedPath.js:205:31:205:69 | path.re ... '), '') | semmle.label | path.re ... '), '') |
+| examples/TaintedPath.js:8:7:8:52 | filePath | semmle.label | filePath |
+| examples/TaintedPath.js:8:18:8:41 | url.par ... , true) | semmle.label | url.par ... , true) |
+| examples/TaintedPath.js:8:18:8:47 | url.par ... ).query | semmle.label | url.par ... ).query |
+| examples/TaintedPath.js:8:18:8:52 | url.par ... ry.path | semmle.label | url.par ... ry.path |
+| examples/TaintedPath.js:8:28:8:34 | req.url | semmle.label | req.url |
+| examples/TaintedPath.js:10:29:10:43 | ROOT + filePath | semmle.label | ROOT + filePath |
+| examples/TaintedPath.js:10:36:10:43 | filePath | semmle.label | filePath |
+| express.js:8:20:8:32 | req.query.bar | semmle.label | req.query.bar |
+| handlebars.js:10:51:10:58 | filePath | semmle.label | filePath |
+| handlebars.js:11:32:11:39 | filePath | semmle.label | filePath |
+| handlebars.js:13:73:13:80 | filePath | semmle.label | filePath |
+| handlebars.js:15:25:15:32 | filePath | semmle.label | filePath |
+| handlebars.js:29:46:29:60 | req.params.path | semmle.label | req.params.path |
+| handlebars.js:43:15:43:29 | req.params.path | semmle.label | req.params.path |
+| normalizedPaths.js:11:7:11:27 | path | semmle.label | path |
+| normalizedPaths.js:11:14:11:27 | req.query.path | semmle.label | req.query.path |
+| normalizedPaths.js:13:19:13:22 | path | semmle.label | path |
+| normalizedPaths.js:14:19:14:29 | './' + path | semmle.label | './' + path |
+| normalizedPaths.js:14:26:14:29 | path | semmle.label | path |
+| normalizedPaths.js:15:19:15:22 | path | semmle.label | path |
+| normalizedPaths.js:15:19:15:38 | path + '/index.html' | semmle.label | path + '/index.html' |
+| normalizedPaths.js:16:19:16:53 | pathMod ... .html') | semmle.label | pathMod ... .html') |
+| normalizedPaths.js:16:35:16:38 | path | semmle.label | path |
+| normalizedPaths.js:17:19:17:57 | pathMod ... , path) | semmle.label | pathMod ... , path) |
+| normalizedPaths.js:17:53:17:56 | path | semmle.label | path |
+| normalizedPaths.js:21:7:21:49 | path | semmle.label | path |
+| normalizedPaths.js:21:14:21:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) |
+| normalizedPaths.js:21:35:21:48 | req.query.path | semmle.label | req.query.path |
+| normalizedPaths.js:23:19:23:22 | path | semmle.label | path |
+| normalizedPaths.js:24:19:24:29 | './' + path | semmle.label | './' + path |
+| normalizedPaths.js:24:26:24:29 | path | semmle.label | path |
+| normalizedPaths.js:25:19:25:22 | path | semmle.label | path |
+| normalizedPaths.js:25:19:25:38 | path + '/index.html' | semmle.label | path + '/index.html' |
+| normalizedPaths.js:26:19:26:53 | pathMod ... .html') | semmle.label | pathMod ... .html') |
+| normalizedPaths.js:26:35:26:38 | path | semmle.label | path |
+| normalizedPaths.js:27:19:27:57 | pathMod ... , path) | semmle.label | pathMod ... , path) |
+| normalizedPaths.js:27:53:27:56 | path | semmle.label | path |
+| normalizedPaths.js:31:7:31:49 | path | semmle.label | path |
+| normalizedPaths.js:31:14:31:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) |
+| normalizedPaths.js:31:35:31:48 | req.query.path | semmle.label | req.query.path |
+| normalizedPaths.js:36:19:36:22 | path | semmle.label | path |
+| normalizedPaths.js:41:21:41:24 | path | semmle.label | path |
+| normalizedPaths.js:54:7:54:49 | path | semmle.label | path |
+| normalizedPaths.js:54:14:54:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) |
+| normalizedPaths.js:54:35:54:48 | req.query.path | semmle.label | req.query.path |
+| normalizedPaths.js:59:19:59:22 | path | semmle.label | path |
+| normalizedPaths.js:63:19:63:22 | path | semmle.label | path |
+| normalizedPaths.js:63:19:63:38 | path + "/index.html" | semmle.label | path + "/index.html" |
+| normalizedPaths.js:68:21:68:24 | path | semmle.label | path |
+| normalizedPaths.js:73:7:73:56 | path | semmle.label | path |
+| normalizedPaths.js:73:14:73:56 | pathMod ... y.path) | semmle.label | pathMod ... y.path) |
+| normalizedPaths.js:73:35:73:55 | './' +  ... ry.path | semmle.label | './' +  ... ry.path |
+| normalizedPaths.js:73:42:73:55 | req.query.path | semmle.label | req.query.path |
+| normalizedPaths.js:78:22:78:25 | path | semmle.label | path |
+| normalizedPaths.js:82:7:82:27 | path | semmle.label | path |
+| normalizedPaths.js:82:14:82:27 | req.query.path | semmle.label | req.query.path |
+| normalizedPaths.js:87:29:87:32 | path | semmle.label | path |
+| normalizedPaths.js:90:31:90:34 | path | semmle.label | path |
+| normalizedPaths.js:94:7:94:49 | path | semmle.label | path |
+| normalizedPaths.js:94:14:94:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) |
+| normalizedPaths.js:94:35:94:48 | req.query.path | semmle.label | req.query.path |
+| normalizedPaths.js:99:29:99:32 | path | semmle.label | path |
+| normalizedPaths.js:117:7:117:44 | path | semmle.label | path |
+| normalizedPaths.js:117:14:117:44 | fs.real ... y.path) | semmle.label | fs.real ... y.path) |
+| normalizedPaths.js:117:30:117:43 | req.query.path | semmle.label | req.query.path |
+| normalizedPaths.js:119:19:119:22 | path | semmle.label | path |
+| normalizedPaths.js:120:19:120:53 | pathMod ... .html') | semmle.label | pathMod ... .html') |
+| normalizedPaths.js:120:35:120:38 | path | semmle.label | path |
+| normalizedPaths.js:130:7:130:49 | path | semmle.label | path |
+| normalizedPaths.js:130:14:130:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) |
+| normalizedPaths.js:130:35:130:48 | req.query.path | semmle.label | req.query.path |
+| normalizedPaths.js:135:21:135:24 | path | semmle.label | path |
+| normalizedPaths.js:139:7:139:62 | path | semmle.label | path |
+| normalizedPaths.js:139:14:139:62 | pathMod ... y.path) | semmle.label | pathMod ... y.path) |
+| normalizedPaths.js:139:48:139:61 | req.query.path | semmle.label | req.query.path |
+| normalizedPaths.js:144:21:144:24 | path | semmle.label | path |
+| normalizedPaths.js:148:7:148:58 | path | semmle.label | path |
+| normalizedPaths.js:148:14:148:58 | 'foo/'  ... y.path) | semmle.label | 'foo/'  ... y.path) |
+| normalizedPaths.js:148:23:148:58 | pathMod ... y.path) | semmle.label | pathMod ... y.path) |
+| normalizedPaths.js:148:44:148:57 | req.query.path | semmle.label | req.query.path |
+| normalizedPaths.js:151:21:151:24 | path | semmle.label | path |
+| normalizedPaths.js:153:21:153:24 | path | semmle.label | path |
+| normalizedPaths.js:160:7:160:49 | path | semmle.label | path |
+| normalizedPaths.js:160:14:160:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) |
+| normalizedPaths.js:160:35:160:48 | req.query.path | semmle.label | req.query.path |
+| normalizedPaths.js:165:19:165:22 | path | semmle.label | path |
+| normalizedPaths.js:170:21:170:24 | path | semmle.label | path |
+| normalizedPaths.js:174:7:174:27 | path | semmle.label | path |
+| normalizedPaths.js:174:14:174:27 | req.query.path | semmle.label | req.query.path |
+| normalizedPaths.js:184:19:184:22 | path | semmle.label | path |
+| normalizedPaths.js:187:21:187:24 | path | semmle.label | path |
+| normalizedPaths.js:189:21:189:24 | path | semmle.label | path |
+| normalizedPaths.js:192:21:192:24 | path | semmle.label | path |
+| normalizedPaths.js:194:21:194:24 | path | semmle.label | path |
+| normalizedPaths.js:199:21:199:24 | path | semmle.label | path |
+| normalizedPaths.js:201:7:201:49 | normalizedPath | semmle.label | normalizedPath |
+| normalizedPaths.js:201:24:201:49 | pathMod ... e(path) | semmle.label | pathMod ... e(path) |
+| normalizedPaths.js:201:45:201:48 | path | semmle.label | path |
+| normalizedPaths.js:205:21:205:34 | normalizedPath | semmle.label | normalizedPath |
+| normalizedPaths.js:208:21:208:34 | normalizedPath | semmle.label | normalizedPath |
+| normalizedPaths.js:210:21:210:34 | normalizedPath | semmle.label | normalizedPath |
+| normalizedPaths.js:214:7:214:49 | path | semmle.label | path |
+| normalizedPaths.js:214:14:214:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) |
+| normalizedPaths.js:214:35:214:48 | req.query.path | semmle.label | req.query.path |
+| normalizedPaths.js:219:3:219:33 | path | semmle.label | path |
+| normalizedPaths.js:219:10:219:33 | decodeU ... t(path) | semmle.label | decodeU ... t(path) |
+| normalizedPaths.js:219:29:219:32 | path | semmle.label | path |
+| normalizedPaths.js:222:21:222:24 | path | semmle.label | path |
+| normalizedPaths.js:226:7:226:70 | path | semmle.label | path |
+| normalizedPaths.js:226:14:226:49 | pathMod ... y.path) | semmle.label | pathMod ... y.path) |
+| normalizedPaths.js:226:14:226:70 | pathMod ... g, ' ') | semmle.label | pathMod ... g, ' ') |
+| normalizedPaths.js:226:35:226:48 | req.query.path | semmle.label | req.query.path |
+| normalizedPaths.js:228:21:228:24 | path | semmle.label | path |
+| normalizedPaths.js:236:7:236:47 | path | semmle.label | path |
+| normalizedPaths.js:236:14:236:47 | pathMod ... y.path) | semmle.label | pathMod ... y.path) |
+| normalizedPaths.js:236:33:236:46 | req.query.path | semmle.label | req.query.path |
+| normalizedPaths.js:238:19:238:22 | path | semmle.label | path |
+| normalizedPaths.js:245:21:245:24 | path | semmle.label | path |
+| normalizedPaths.js:250:21:250:24 | path | semmle.label | path |
+| normalizedPaths.js:254:7:254:47 | path | semmle.label | path |
+| normalizedPaths.js:254:14:254:47 | pathMod ... y.path) | semmle.label | pathMod ... y.path) |
+| normalizedPaths.js:254:33:254:46 | req.query.path | semmle.label | req.query.path |
+| normalizedPaths.js:256:19:256:22 | path | semmle.label | path |
+| normalizedPaths.js:262:21:262:24 | path | semmle.label | path |
+| normalizedPaths.js:267:7:267:42 | newpath | semmle.label | newpath |
+| normalizedPaths.js:267:17:267:42 | pathMod ... e(path) | semmle.label | pathMod ... e(path) |
+| normalizedPaths.js:267:38:267:41 | path | semmle.label | path |
+| normalizedPaths.js:270:21:270:27 | newpath | semmle.label | newpath |
+| normalizedPaths.js:275:7:275:42 | newpath | semmle.label | newpath |
+| normalizedPaths.js:275:17:275:42 | pathMod ... e(path) | semmle.label | pathMod ... e(path) |
+| normalizedPaths.js:275:38:275:41 | path | semmle.label | path |
+| normalizedPaths.js:278:21:278:27 | newpath | semmle.label | newpath |
+| normalizedPaths.js:283:7:283:42 | newpath | semmle.label | newpath |
+| normalizedPaths.js:283:17:283:42 | pathMod ... e(path) | semmle.label | pathMod ... e(path) |
+| normalizedPaths.js:283:38:283:41 | path | semmle.label | path |
+| normalizedPaths.js:286:21:286:27 | newpath | semmle.label | newpath |
+| normalizedPaths.js:291:7:291:42 | newpath | semmle.label | newpath |
+| normalizedPaths.js:291:17:291:42 | pathMod ... e(path) | semmle.label | pathMod ... e(path) |
+| normalizedPaths.js:291:38:291:41 | path | semmle.label | path |
+| normalizedPaths.js:296:21:296:27 | newpath | semmle.label | newpath |
+| normalizedPaths.js:303:6:303:26 | path | semmle.label | path |
+| normalizedPaths.js:303:13:303:26 | req.query.path | semmle.label | req.query.path |
+| normalizedPaths.js:304:18:304:21 | path | semmle.label | path |
+| normalizedPaths.js:309:19:309:22 | path | semmle.label | path |
+| normalizedPaths.js:313:19:313:22 | path | semmle.label | path |
+| normalizedPaths.js:316:19:316:22 | path | semmle.label | path |
+| normalizedPaths.js:320:6:320:49 | normalizedPath | semmle.label | normalizedPath |
+| normalizedPaths.js:320:23:320:49 | pathMod ... , path) | semmle.label | pathMod ... , path) |
+| normalizedPaths.js:320:45:320:48 | path | semmle.label | path |
+| normalizedPaths.js:325:19:325:32 | normalizedPath | semmle.label | normalizedPath |
+| normalizedPaths.js:332:19:332:32 | normalizedPath | semmle.label | normalizedPath |
+| normalizedPaths.js:339:6:339:46 | path | semmle.label | path |
+| normalizedPaths.js:339:13:339:46 | pathMod ... y.path) | semmle.label | pathMod ... y.path) |
+| normalizedPaths.js:339:32:339:45 | req.query.path | semmle.label | req.query.path |
+| normalizedPaths.js:341:18:341:21 | path | semmle.label | path |
+| normalizedPaths.js:346:19:346:22 | path | semmle.label | path |
+| normalizedPaths.js:354:7:354:27 | path | semmle.label | path |
+| normalizedPaths.js:354:14:354:27 | req.query.path | semmle.label | req.query.path |
+| normalizedPaths.js:356:19:356:22 | path | semmle.label | path |
+| normalizedPaths.js:358:7:358:51 | requestPath | semmle.label | requestPath |
+| normalizedPaths.js:358:21:358:51 | pathMod ... , path) | semmle.label | pathMod ... , path) |
+| normalizedPaths.js:358:47:358:50 | path | semmle.label | path |
+| normalizedPaths.js:363:21:363:31 | requestPath | semmle.label | requestPath |
+| normalizedPaths.js:377:7:377:27 | path | semmle.label | path |
+| normalizedPaths.js:377:14:377:27 | req.query.path | semmle.label | req.query.path |
+| normalizedPaths.js:379:19:379:22 | path | semmle.label | path |
+| normalizedPaths.js:381:19:381:29 | slash(path) | semmle.label | slash(path) |
+| normalizedPaths.js:381:25:381:28 | path | semmle.label | path |
+| normalizedPaths.js:385:7:385:46 | path | semmle.label | path |
+| normalizedPaths.js:385:14:385:46 | pathMod ... uery.x) | semmle.label | pathMod ... uery.x) |
+| normalizedPaths.js:385:35:385:45 | req.query.x | semmle.label | req.query.x |
+| normalizedPaths.js:388:19:388:22 | path | semmle.label | path |
+| normalizedPaths.js:399:21:399:24 | path | semmle.label | path |
+| normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | semmle.label | pathMod ... t('/')) |
+| normalizedPaths.js:407:45:407:55 | req.query.x | semmle.label | req.query.x |
+| normalizedPaths.js:407:45:407:66 | req.que ... it('/') | semmle.label | req.que ... it('/') |
+| normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | semmle.label | pathMod ... t('/')) |
+| normalizedPaths.js:408:38:408:48 | req.query.x | semmle.label | req.query.x |
+| normalizedPaths.js:408:38:408:59 | req.que ... it('/') | semmle.label | req.que ... it('/') |
+| normalizedPaths.js:412:7:412:46 | path | semmle.label | path |
+| normalizedPaths.js:412:14:412:46 | pathMod ... uery.x) | semmle.label | pathMod ... uery.x) |
+| normalizedPaths.js:412:35:412:45 | req.query.x | semmle.label | req.query.x |
+| normalizedPaths.js:415:19:415:22 | path | semmle.label | path |
+| normalizedPaths.js:426:21:426:24 | path | semmle.label | path |
+| other-fs-libraries.js:9:7:9:48 | path | semmle.label | path |
+| other-fs-libraries.js:9:14:9:37 | url.par ... , true) | semmle.label | url.par ... , true) |
+| other-fs-libraries.js:9:14:9:43 | url.par ... ).query | semmle.label | url.par ... ).query |
+| other-fs-libraries.js:9:14:9:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
+| other-fs-libraries.js:9:24:9:30 | req.url | semmle.label | req.url |
+| other-fs-libraries.js:11:19:11:22 | path | semmle.label | path |
+| other-fs-libraries.js:12:27:12:30 | path | semmle.label | path |
+| other-fs-libraries.js:13:24:13:27 | path | semmle.label | path |
+| other-fs-libraries.js:14:27:14:30 | path | semmle.label | path |
+| other-fs-libraries.js:16:34:16:37 | path | semmle.label | path |
+| other-fs-libraries.js:17:35:17:38 | path | semmle.label | path |
+| other-fs-libraries.js:19:56:19:59 | path | semmle.label | path |
+| other-fs-libraries.js:24:35:24:38 | path | semmle.label | path |
+| other-fs-libraries.js:38:7:38:48 | path | semmle.label | path |
+| other-fs-libraries.js:38:14:38:37 | url.par ... , true) | semmle.label | url.par ... , true) |
+| other-fs-libraries.js:38:14:38:43 | url.par ... ).query | semmle.label | url.par ... ).query |
+| other-fs-libraries.js:38:14:38:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
+| other-fs-libraries.js:38:24:38:30 | req.url | semmle.label | req.url |
+| other-fs-libraries.js:40:35:40:38 | path | semmle.label | path |
+| other-fs-libraries.js:41:50:41:53 | path | semmle.label | path |
+| other-fs-libraries.js:42:53:42:56 | path | semmle.label | path |
+| other-fs-libraries.js:49:7:49:48 | path | semmle.label | path |
+| other-fs-libraries.js:49:14:49:37 | url.par ... , true) | semmle.label | url.par ... , true) |
+| other-fs-libraries.js:49:14:49:43 | url.par ... ).query | semmle.label | url.par ... ).query |
+| other-fs-libraries.js:49:14:49:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
+| other-fs-libraries.js:49:24:49:30 | req.url | semmle.label | req.url |
+| other-fs-libraries.js:51:19:51:22 | path | semmle.label | path |
+| other-fs-libraries.js:52:24:52:27 | path | semmle.label | path |
+| other-fs-libraries.js:54:36:54:39 | path | semmle.label | path |
+| other-fs-libraries.js:55:36:55:39 | path | semmle.label | path |
+| other-fs-libraries.js:57:46:57:49 | path | semmle.label | path |
+| other-fs-libraries.js:59:39:59:42 | path | semmle.label | path |
+| other-fs-libraries.js:62:43:62:46 | path | semmle.label | path |
+| other-fs-libraries.js:63:51:63:54 | path | semmle.label | path |
+| other-fs-libraries.js:68:7:68:48 | path | semmle.label | path |
+| other-fs-libraries.js:68:14:68:37 | url.par ... , true) | semmle.label | url.par ... , true) |
+| other-fs-libraries.js:68:14:68:43 | url.par ... ).query | semmle.label | url.par ... ).query |
+| other-fs-libraries.js:68:14:68:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
+| other-fs-libraries.js:68:24:68:30 | req.url | semmle.label | req.url |
+| other-fs-libraries.js:70:19:70:22 | path | semmle.label | path |
+| other-fs-libraries.js:71:10:71:13 | path | semmle.label | path |
+| other-fs-libraries.js:72:15:72:18 | path | semmle.label | path |
+| other-fs-libraries.js:73:8:73:11 | path | semmle.label | path |
+| other-fs-libraries.js:75:15:75:15 | x | semmle.label | x |
+| other-fs-libraries.js:76:19:76:19 | x | semmle.label | x |
+| other-fs-libraries.js:81:7:81:48 | path | semmle.label | path |
+| other-fs-libraries.js:81:14:81:37 | url.par ... , true) | semmle.label | url.par ... , true) |
+| other-fs-libraries.js:81:14:81:43 | url.par ... ).query | semmle.label | url.par ... ).query |
+| other-fs-libraries.js:81:14:81:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
+| other-fs-libraries.js:81:24:81:30 | req.url | semmle.label | req.url |
+| other-fs-libraries.js:83:16:83:19 | path | semmle.label | path |
+| prettier.js:6:11:6:28 | p | semmle.label | p |
+| prettier.js:6:13:6:13 | p | semmle.label | p |
+| prettier.js:7:28:7:28 | p | semmle.label | p |
+| prettier.js:11:44:11:44 | p | semmle.label | p |
+| pupeteer.js:5:9:5:71 | tainted | semmle.label | tainted |
+| pupeteer.js:5:19:5:71 | "dir/"  ... t.data" | semmle.label | "dir/"  ... t.data" |
+| pupeteer.js:5:28:5:53 | parseTo ... t).name | semmle.label | parseTo ... t).name |
+| pupeteer.js:9:28:9:34 | tainted | semmle.label | tainted |
+| pupeteer.js:13:37:13:43 | tainted | semmle.label | tainted |
+| sharedlib-repro.js:13:22:13:43 | req.par ... spaceId | semmle.label | req.par ... spaceId |
+| sharedlib-repro.js:21:27:21:34 | filepath | semmle.label | filepath |
+| sharedlib-repro.js:22:18:22:25 | filepath | semmle.label | filepath |
+| tainted-access-paths.js:6:7:6:48 | path | semmle.label | path |
+| tainted-access-paths.js:6:14:6:37 | url.par ... , true) | semmle.label | url.par ... , true) |
+| tainted-access-paths.js:6:14:6:43 | url.par ... ).query | semmle.label | url.par ... ).query |
+| tainted-access-paths.js:6:14:6:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
+| tainted-access-paths.js:6:24:6:30 | req.url | semmle.label | req.url |
+| tainted-access-paths.js:8:19:8:22 | path | semmle.label | path |
+| tainted-access-paths.js:10:7:10:36 | obj | semmle.label | obj |
+| tainted-access-paths.js:10:33:10:36 | path | semmle.label | path |
+| tainted-access-paths.js:12:19:12:21 | obj | semmle.label | obj |
+| tainted-access-paths.js:12:19:12:25 | obj.sub | semmle.label | obj.sub |
+| tainted-access-paths.js:26:19:26:21 | obj | semmle.label | obj |
+| tainted-access-paths.js:26:19:26:26 | obj.sub3 | semmle.label | obj.sub3 |
+| tainted-access-paths.js:29:21:29:23 | obj | semmle.label | obj |
+| tainted-access-paths.js:29:21:29:28 | obj.sub4 | semmle.label | obj.sub4 |
+| tainted-access-paths.js:30:23:30:25 | obj | semmle.label | obj |
+| tainted-access-paths.js:30:23:30:30 | obj.sub4 | semmle.label | obj.sub4 |
+| tainted-access-paths.js:31:23:31:25 | obj | semmle.label | obj |
+| tainted-access-paths.js:31:23:31:30 | obj.sub4 | semmle.label | obj.sub4 |
+| tainted-access-paths.js:39:7:39:48 | path | semmle.label | path |
+| tainted-access-paths.js:39:14:39:37 | url.par ... , true) | semmle.label | url.par ... , true) |
+| tainted-access-paths.js:39:14:39:43 | url.par ... ).query | semmle.label | url.par ... ).query |
+| tainted-access-paths.js:39:14:39:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
+| tainted-access-paths.js:39:24:39:30 | req.url | semmle.label | req.url |
+| tainted-access-paths.js:40:23:40:26 | path | semmle.label | path |
+| tainted-access-paths.js:48:7:48:48 | path | semmle.label | path |
+| tainted-access-paths.js:48:14:48:37 | url.par ... , true) | semmle.label | url.par ... , true) |
+| tainted-access-paths.js:48:14:48:43 | url.par ... ).query | semmle.label | url.par ... ).query |
+| tainted-access-paths.js:48:14:48:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
+| tainted-access-paths.js:48:24:48:30 | req.url | semmle.label | req.url |
+| tainted-access-paths.js:49:10:49:13 | path | semmle.label | path |
+| tainted-promise-steps.js:6:7:6:48 | path | semmle.label | path |
+| tainted-promise-steps.js:6:14:6:37 | url.par ... , true) | semmle.label | url.par ... , true) |
+| tainted-promise-steps.js:6:14:6:43 | url.par ... ).query | semmle.label | url.par ... ).query |
+| tainted-promise-steps.js:6:14:6:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
+| tainted-promise-steps.js:6:24:6:30 | req.url | semmle.label | req.url |
+| tainted-promise-steps.js:7:10:7:30 | Promise ... e(path) [PromiseValue] | semmle.label | Promise ... e(path) [PromiseValue] |
+| tainted-promise-steps.js:7:26:7:29 | path | semmle.label | path |
+| tainted-promise-steps.js:10:23:10:33 | pathPromise [PromiseValue] | semmle.label | pathPromise [PromiseValue] |
+| tainted-promise-steps.js:11:19:11:35 | await pathPromise | semmle.label | await pathPromise |
+| tainted-promise-steps.js:11:25:11:35 | pathPromise [PromiseValue] | semmle.label | pathPromise [PromiseValue] |
+| tainted-promise-steps.js:12:3:12:13 | pathPromise [PromiseValue] | semmle.label | pathPromise [PromiseValue] |
+| tainted-promise-steps.js:12:20:12:23 | path | semmle.label | path |
+| tainted-promise-steps.js:12:44:12:47 | path | semmle.label | path |
+| tainted-require.js:6:19:6:37 | req.param("module") | semmle.label | req.param("module") |
+| tainted-require.js:11:29:11:47 | req.param("module") | semmle.label | req.param("module") |
+| tainted-require.js:13:11:13:29 | req.param("module") | semmle.label | req.param("module") |
+| tainted-sendFile.js:7:16:7:33 | req.param("gimme") | semmle.label | req.param("gimme") |
+| tainted-sendFile.js:8:16:8:33 | req.param("gimme") | semmle.label | req.param("gimme") |
+| tainted-sendFile.js:15:43:15:58 | req.param("dir") | semmle.label | req.param("dir") |
+| tainted-sendFile.js:21:16:21:49 | path.re ... rams.x) | semmle.label | path.re ... rams.x) |
+| tainted-sendFile.js:21:37:21:48 | req.params.x | semmle.label | req.params.x |
+| tainted-sendFile.js:22:16:22:46 | path.jo ... rams.x) | semmle.label | path.jo ... rams.x) |
+| tainted-sendFile.js:22:34:22:45 | req.params.x | semmle.label | req.params.x |
+| tainted-string-steps.js:6:7:6:48 | path | semmle.label | path |
+| tainted-string-steps.js:6:14:6:37 | url.par ... , true) | semmle.label | url.par ... , true) |
+| tainted-string-steps.js:6:14:6:43 | url.par ... ).query | semmle.label | url.par ... ).query |
+| tainted-string-steps.js:6:14:6:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
+| tainted-string-steps.js:6:24:6:30 | req.url | semmle.label | req.url |
+| tainted-string-steps.js:8:18:8:21 | path | semmle.label | path |
+| tainted-string-steps.js:8:18:8:34 | path.substring(4) | semmle.label | path.substring(4) |
+| tainted-string-steps.js:9:18:9:21 | path | semmle.label | path |
+| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | semmle.label | path.substring(0, i) |
+| tainted-string-steps.js:10:18:10:21 | path | semmle.label | path |
+| tainted-string-steps.js:10:18:10:31 | path.substr(4) | semmle.label | path.substr(4) |
+| tainted-string-steps.js:11:18:11:21 | path | semmle.label | path |
+| tainted-string-steps.js:11:18:11:30 | path.slice(4) | semmle.label | path.slice(4) |
+| tainted-string-steps.js:13:18:13:21 | path | semmle.label | path |
+| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | semmle.label | path.concat(unknown) |
+| tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | semmle.label | unknown.concat(path) |
+| tainted-string-steps.js:14:33:14:36 | path | semmle.label | path |
+| tainted-string-steps.js:15:18:15:46 | unknown ... , path) | semmle.label | unknown ... , path) |
+| tainted-string-steps.js:15:42:15:45 | path | semmle.label | path |
+| tainted-string-steps.js:17:18:17:21 | path | semmle.label | path |
+| tainted-string-steps.js:17:18:17:28 | path.trim() | semmle.label | path.trim() |
+| tainted-string-steps.js:18:18:18:21 | path | semmle.label | path |
+| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | semmle.label | path.toLowerCase() |
+| tainted-string-steps.js:22:18:22:21 | path | semmle.label | path |
+| tainted-string-steps.js:22:18:22:32 | path.split('/') | semmle.label | path.split('/') |
+| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | semmle.label | path.split('/')[i] |
+| tainted-string-steps.js:23:18:23:21 | path | semmle.label | path |
+| tainted-string-steps.js:23:18:23:33 | path.split(/\\//) | semmle.label | path.split(/\\//) |
+| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | semmle.label | path.split(/\\//)[i] |
+| tainted-string-steps.js:24:18:24:21 | path | semmle.label | path |
+| tainted-string-steps.js:24:18:24:32 | path.split("?") | semmle.label | path.split("?") |
+| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | semmle.label | path.split("?")[0] |
+| tainted-string-steps.js:26:18:26:21 | path | semmle.label | path |
+| tainted-string-steps.js:26:18:26:36 | path.split(unknown) | semmle.label | path.split(unknown) |
+| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | semmle.label | path.sp ... hatever |
+| tainted-string-steps.js:27:18:27:21 | path | semmle.label | path |
+| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | semmle.label | path.split(unknown) |
+| torrents.js:5:6:5:38 | name | semmle.label | name |
+| torrents.js:5:13:5:38 | parseTo ... t).name | semmle.label | parseTo ... t).name |
+| torrents.js:6:6:6:45 | loc | semmle.label | loc |
+| torrents.js:6:12:6:45 | dir + " ... t.data" | semmle.label | dir + " ... t.data" |
+| torrents.js:6:24:6:27 | name | semmle.label | name |
+| torrents.js:7:25:7:27 | loc | semmle.label | loc |
+| typescript.ts:9:7:9:48 | path | semmle.label | path |
+| typescript.ts:9:14:9:37 | url.par ... , true) | semmle.label | url.par ... , true) |
+| typescript.ts:9:14:9:43 | url.par ... ).query | semmle.label | url.par ... ).query |
+| typescript.ts:9:14:9:48 | url.par ... ry.path | semmle.label | url.par ... ry.path |
+| typescript.ts:9:24:9:30 | req.url | semmle.label | req.url |
+| typescript.ts:11:29:11:32 | path | semmle.label | path |
+| typescript.ts:19:7:19:18 | path3 | semmle.label | path3 |
+| typescript.ts:19:15:19:18 | path | semmle.label | path |
+| typescript.ts:20:39:20:43 | path3 | semmle.label | path3 |
+| typescript.ts:22:7:22:18 | path4 | semmle.label | path4 |
+| typescript.ts:22:15:22:18 | path | semmle.label | path |
+| typescript.ts:23:39:23:43 | path4 | semmle.label | path4 |
+| typescript.ts:29:7:29:18 | path6 | semmle.label | path6 |
+| typescript.ts:29:15:29:18 | path | semmle.label | path |
+| typescript.ts:31:29:31:33 | path6 | semmle.label | path6 |
+| views.js:1:43:1:55 | req.params[0] | semmle.label | req.params[0] |
 subpaths
-#select
-| TaintedPath-es6.js:10:26:10:45 | join("public", path) | TaintedPath-es6.js:7:20:7:26 | req.url | TaintedPath-es6.js:10:26:10:45 | join("public", path) | This path depends on a $@. | TaintedPath-es6.js:7:20:7:26 | req.url | user-provided value |
-| TaintedPath.js:12:29:12:32 | path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:12:29:12:32 | path | This path depends on a $@. | TaintedPath.js:9:24:9:30 | req.url | user-provided value |
-| TaintedPath.js:15:29:15:48 | "/home/user/" + path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:15:29:15:48 | "/home/user/" + path | This path depends on a $@. | TaintedPath.js:9:24:9:30 | req.url | user-provided value |
-| TaintedPath.js:18:33:18:36 | path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:18:33:18:36 | path | This path depends on a $@. | TaintedPath.js:9:24:9:30 | req.url | user-provided value |
-| TaintedPath.js:21:33:21:36 | path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:21:33:21:36 | path | This path depends on a $@. | TaintedPath.js:9:24:9:30 | req.url | user-provided value |
-| TaintedPath.js:24:33:24:36 | path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:24:33:24:36 | path | This path depends on a $@. | TaintedPath.js:9:24:9:30 | req.url | user-provided value |
-| TaintedPath.js:33:31:33:34 | path | TaintedPath.js:9:24:9:30 | req.url | TaintedPath.js:33:31:33:34 | path | This path depends on a $@. | TaintedPath.js:9:24:9:30 | req.url | user-provided value |
-| TaintedPath.js:42:29:42:52 | pathMod ... e(path) | TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:42:29:42:52 | pathMod ... e(path) | This path depends on a $@. | TaintedPath.js:38:20:38:26 | req.url | user-provided value |
-| TaintedPath.js:46:29:46:49 | pathMod ... n(path) | TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:46:29:46:49 | pathMod ... n(path) | This path depends on a $@. | TaintedPath.js:38:20:38:26 | req.url | user-provided value |
-| TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:48:29:48:58 | pathMod ... ath, z) | This path depends on a $@. | TaintedPath.js:38:20:38:26 | req.url | user-provided value |
-| TaintedPath.js:50:29:50:54 | pathMod ... e(path) | TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:50:29:50:54 | pathMod ... e(path) | This path depends on a $@. | TaintedPath.js:38:20:38:26 | req.url | user-provided value |
-| TaintedPath.js:52:29:52:56 | pathMod ... , path) | TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:52:29:52:56 | pathMod ... , path) | This path depends on a $@. | TaintedPath.js:38:20:38:26 | req.url | user-provided value |
-| TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:54:29:54:56 | pathMod ... ath, x) | This path depends on a $@. | TaintedPath.js:38:20:38:26 | req.url | user-provided value |
-| TaintedPath.js:56:29:56:52 | pathMod ... e(path) | TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:56:29:56:52 | pathMod ... e(path) | This path depends on a $@. | TaintedPath.js:38:20:38:26 | req.url | user-provided value |
-| TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:58:29:58:61 | pathMod ... ath, z) | This path depends on a $@. | TaintedPath.js:38:20:38:26 | req.url | user-provided value |
-| TaintedPath.js:60:29:60:61 | pathMod ... h(path) | TaintedPath.js:38:20:38:26 | req.url | TaintedPath.js:60:29:60:61 | pathMod ... h(path) | This path depends on a $@. | TaintedPath.js:38:20:38:26 | req.url | user-provided value |
-| TaintedPath.js:65:31:65:76 | require ... ).query | TaintedPath.js:65:63:65:69 | req.url | TaintedPath.js:65:31:65:76 | require ... ).query | This path depends on a $@. | TaintedPath.js:65:63:65:69 | req.url | user-provided value |
-| TaintedPath.js:66:31:66:74 | require ... ).query | TaintedPath.js:66:61:66:67 | req.url | TaintedPath.js:66:31:66:74 | require ... ).query | This path depends on a $@. | TaintedPath.js:66:61:66:67 | req.url | user-provided value |
-| TaintedPath.js:67:31:67:73 | require ... ).query | TaintedPath.js:67:60:67:66 | req.url | TaintedPath.js:67:31:67:73 | require ... ).query | This path depends on a $@. | TaintedPath.js:67:60:67:66 | req.url | user-provided value |
-| TaintedPath.js:75:48:75:60 | req.params[0] | TaintedPath.js:75:48:75:60 | req.params[0] | TaintedPath.js:75:48:75:60 | req.params[0] | This path depends on a $@. | TaintedPath.js:75:48:75:60 | req.params[0] | user-provided value |
-| TaintedPath.js:86:28:86:48 | fs.real ... c(path) | TaintedPath.js:84:23:84:29 | req.url | TaintedPath.js:86:28:86:48 | fs.real ... c(path) | This path depends on a $@. | TaintedPath.js:84:23:84:29 | req.url | user-provided value |
-| TaintedPath.js:89:45:89:52 | realpath | TaintedPath.js:84:23:84:29 | req.url | TaintedPath.js:89:45:89:52 | realpath | This path depends on a $@. | TaintedPath.js:84:23:84:29 | req.url | user-provided value |
-| TaintedPath.js:122:23:122:26 | path | TaintedPath.js:120:23:120:29 | req.url | TaintedPath.js:122:23:122:26 | path | This path depends on a $@. | TaintedPath.js:120:23:120:29 | req.url | user-provided value |
-| TaintedPath.js:128:19:128:22 | path | TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:128:19:128:22 | path | This path depends on a $@. | TaintedPath.js:126:24:126:30 | req.url | user-provided value |
-| TaintedPath.js:132:19:132:33 | split.join("/") | TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:132:19:132:33 | split.join("/") | This path depends on a $@. | TaintedPath.js:126:24:126:30 | req.url | user-provided value |
-| TaintedPath.js:136:19:136:26 | split[x] | TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:136:19:136:26 | split[x] | This path depends on a $@. | TaintedPath.js:126:24:126:30 | req.url | user-provided value |
-| TaintedPath.js:137:19:137:35 | prefix + split[x] | TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:137:19:137:35 | prefix + split[x] | This path depends on a $@. | TaintedPath.js:126:24:126:30 | req.url | user-provided value |
-| TaintedPath.js:140:19:140:37 | concatted.join("/") | TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:140:19:140:37 | concatted.join("/") | This path depends on a $@. | TaintedPath.js:126:24:126:30 | req.url | user-provided value |
-| TaintedPath.js:143:19:143:38 | concatted2.join("/") | TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:143:19:143:38 | concatted2.join("/") | This path depends on a $@. | TaintedPath.js:126:24:126:30 | req.url | user-provided value |
-| TaintedPath.js:145:19:145:29 | split.pop() | TaintedPath.js:126:24:126:30 | req.url | TaintedPath.js:145:19:145:29 | split.pop() | This path depends on a $@. | TaintedPath.js:126:24:126:30 | req.url | user-provided value |
-| TaintedPath.js:154:29:154:55 | path.re ... /g, '') | TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:154:29:154:55 | path.re ... /g, '') | This path depends on a $@. | TaintedPath.js:150:24:150:30 | req.url | user-provided value |
-| TaintedPath.js:160:29:160:52 | path.re ... /g, '') | TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:160:29:160:52 | path.re ... /g, '') | This path depends on a $@. | TaintedPath.js:150:24:150:30 | req.url | user-provided value |
-| TaintedPath.js:161:29:161:53 | path.re ... /g, '') | TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:161:29:161:53 | path.re ... /g, '') | This path depends on a $@. | TaintedPath.js:150:24:150:30 | req.url | user-provided value |
-| TaintedPath.js:162:29:162:51 | path.re ... /g, '') | TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:162:29:162:51 | path.re ... /g, '') | This path depends on a $@. | TaintedPath.js:150:24:150:30 | req.url | user-provided value |
-| TaintedPath.js:163:29:163:57 | path.re ... /g, '') | TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:163:29:163:57 | path.re ... /g, '') | This path depends on a $@. | TaintedPath.js:150:24:150:30 | req.url | user-provided value |
-| TaintedPath.js:178:29:178:73 | "prefix ... +/, '') | TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:178:29:178:73 | "prefix ... +/, '') | This path depends on a $@. | TaintedPath.js:150:24:150:30 | req.url | user-provided value |
-| TaintedPath.js:179:29:179:84 | pathMod ... +/, '') | TaintedPath.js:150:24:150:30 | req.url | TaintedPath.js:179:29:179:84 | pathMod ... +/, '') | This path depends on a $@. | TaintedPath.js:150:24:150:30 | req.url | user-provided value |
-| TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | TaintedPath.js:187:38:187:44 | req.url | TaintedPath.js:187:29:187:49 | qs.pars ... rl).foo | This path depends on a $@. | TaintedPath.js:187:38:187:44 | req.url | user-provided value |
-| TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | TaintedPath.js:188:51:188:57 | req.url | TaintedPath.js:188:29:188:63 | qs.pars ... l)).foo | This path depends on a $@. | TaintedPath.js:188:51:188:57 | req.url | user-provided value |
-| TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | TaintedPath.js:190:44:190:50 | req.url | TaintedPath.js:190:29:190:55 | parseqs ... rl).foo | This path depends on a $@. | TaintedPath.js:190:44:190:50 | req.url | user-provided value |
-| TaintedPath.js:196:31:196:34 | path | TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:196:31:196:34 | path | This path depends on a $@. | TaintedPath.js:195:24:195:30 | req.url | user-provided value |
-| TaintedPath.js:197:45:197:48 | path | TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:197:45:197:48 | path | This path depends on a $@. | TaintedPath.js:195:24:195:30 | req.url | user-provided value |
-| TaintedPath.js:198:35:198:38 | path | TaintedPath.js:195:24:195:30 | req.url | TaintedPath.js:198:35:198:38 | path | This path depends on a $@. | TaintedPath.js:195:24:195:30 | req.url | user-provided value |
-| TaintedPath.js:206:29:206:85 | path.re ... '), '') | TaintedPath.js:202:24:202:30 | req.url | TaintedPath.js:206:29:206:85 | path.re ... '), '') | This path depends on a $@. | TaintedPath.js:202:24:202:30 | req.url | user-provided value |
-| TaintedPath.js:213:29:213:68 | path.re ... '), '') | TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:213:29:213:68 | path.re ... '), '') | This path depends on a $@. | TaintedPath.js:211:24:211:30 | req.url | user-provided value |
-| TaintedPath.js:216:31:216:69 | path.re ... '), '') | TaintedPath.js:211:24:211:30 | req.url | TaintedPath.js:216:31:216:69 | path.re ... '), '') | This path depends on a $@. | TaintedPath.js:211:24:211:30 | req.url | user-provided value |
-| examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | examples/TaintedPath.js:8:28:8:34 | req.url | examples/TaintedPath.js:11:29:11:43 | ROOT + filePath | This path depends on a $@. | examples/TaintedPath.js:8:28:8:34 | req.url | user-provided value |
-| express.js:8:20:8:32 | req.query.bar | express.js:8:20:8:32 | req.query.bar | express.js:8:20:8:32 | req.query.bar | This path depends on a $@. | express.js:8:20:8:32 | req.query.bar | user-provided value |
-| handlebars.js:11:32:11:39 | filePath | handlebars.js:29:46:29:60 | req.params.path | handlebars.js:11:32:11:39 | filePath | This path depends on a $@. | handlebars.js:29:46:29:60 | req.params.path | user-provided value |
-| handlebars.js:15:25:15:32 | filePath | handlebars.js:43:15:43:29 | req.params.path | handlebars.js:15:25:15:32 | filePath | This path depends on a $@. | handlebars.js:43:15:43:29 | req.params.path | user-provided value |
-| normalizedPaths.js:13:19:13:22 | path | normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:13:19:13:22 | path | This path depends on a $@. | normalizedPaths.js:11:14:11:27 | req.query.path | user-provided value |
-| normalizedPaths.js:14:19:14:29 | './' + path | normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:14:19:14:29 | './' + path | This path depends on a $@. | normalizedPaths.js:11:14:11:27 | req.query.path | user-provided value |
-| normalizedPaths.js:15:19:15:38 | path + '/index.html' | normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:15:19:15:38 | path + '/index.html' | This path depends on a $@. | normalizedPaths.js:11:14:11:27 | req.query.path | user-provided value |
-| normalizedPaths.js:16:19:16:53 | pathMod ... .html') | normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:16:19:16:53 | pathMod ... .html') | This path depends on a $@. | normalizedPaths.js:11:14:11:27 | req.query.path | user-provided value |
-| normalizedPaths.js:17:19:17:57 | pathMod ... , path) | normalizedPaths.js:11:14:11:27 | req.query.path | normalizedPaths.js:17:19:17:57 | pathMod ... , path) | This path depends on a $@. | normalizedPaths.js:11:14:11:27 | req.query.path | user-provided value |
-| normalizedPaths.js:23:19:23:22 | path | normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:23:19:23:22 | path | This path depends on a $@. | normalizedPaths.js:21:35:21:48 | req.query.path | user-provided value |
-| normalizedPaths.js:24:19:24:29 | './' + path | normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:24:19:24:29 | './' + path | This path depends on a $@. | normalizedPaths.js:21:35:21:48 | req.query.path | user-provided value |
-| normalizedPaths.js:25:19:25:38 | path + '/index.html' | normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:25:19:25:38 | path + '/index.html' | This path depends on a $@. | normalizedPaths.js:21:35:21:48 | req.query.path | user-provided value |
-| normalizedPaths.js:26:19:26:53 | pathMod ... .html') | normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:26:19:26:53 | pathMod ... .html') | This path depends on a $@. | normalizedPaths.js:21:35:21:48 | req.query.path | user-provided value |
-| normalizedPaths.js:27:19:27:57 | pathMod ... , path) | normalizedPaths.js:21:35:21:48 | req.query.path | normalizedPaths.js:27:19:27:57 | pathMod ... , path) | This path depends on a $@. | normalizedPaths.js:21:35:21:48 | req.query.path | user-provided value |
-| normalizedPaths.js:36:19:36:22 | path | normalizedPaths.js:31:35:31:48 | req.query.path | normalizedPaths.js:36:19:36:22 | path | This path depends on a $@. | normalizedPaths.js:31:35:31:48 | req.query.path | user-provided value |
-| normalizedPaths.js:41:21:41:24 | path | normalizedPaths.js:31:35:31:48 | req.query.path | normalizedPaths.js:41:21:41:24 | path | This path depends on a $@. | normalizedPaths.js:31:35:31:48 | req.query.path | user-provided value |
-| normalizedPaths.js:59:19:59:22 | path | normalizedPaths.js:54:35:54:48 | req.query.path | normalizedPaths.js:59:19:59:22 | path | This path depends on a $@. | normalizedPaths.js:54:35:54:48 | req.query.path | user-provided value |
-| normalizedPaths.js:63:19:63:38 | path + "/index.html" | normalizedPaths.js:54:35:54:48 | req.query.path | normalizedPaths.js:63:19:63:38 | path + "/index.html" | This path depends on a $@. | normalizedPaths.js:54:35:54:48 | req.query.path | user-provided value |
-| normalizedPaths.js:68:21:68:24 | path | normalizedPaths.js:54:35:54:48 | req.query.path | normalizedPaths.js:68:21:68:24 | path | This path depends on a $@. | normalizedPaths.js:54:35:54:48 | req.query.path | user-provided value |
-| normalizedPaths.js:78:22:78:25 | path | normalizedPaths.js:73:42:73:55 | req.query.path | normalizedPaths.js:78:22:78:25 | path | This path depends on a $@. | normalizedPaths.js:73:42:73:55 | req.query.path | user-provided value |
-| normalizedPaths.js:87:29:87:32 | path | normalizedPaths.js:82:14:82:27 | req.query.path | normalizedPaths.js:87:29:87:32 | path | This path depends on a $@. | normalizedPaths.js:82:14:82:27 | req.query.path | user-provided value |
-| normalizedPaths.js:90:31:90:34 | path | normalizedPaths.js:82:14:82:27 | req.query.path | normalizedPaths.js:90:31:90:34 | path | This path depends on a $@. | normalizedPaths.js:82:14:82:27 | req.query.path | user-provided value |
-| normalizedPaths.js:99:29:99:32 | path | normalizedPaths.js:94:35:94:48 | req.query.path | normalizedPaths.js:99:29:99:32 | path | This path depends on a $@. | normalizedPaths.js:94:35:94:48 | req.query.path | user-provided value |
-| normalizedPaths.js:119:19:119:22 | path | normalizedPaths.js:117:30:117:43 | req.query.path | normalizedPaths.js:119:19:119:22 | path | This path depends on a $@. | normalizedPaths.js:117:30:117:43 | req.query.path | user-provided value |
-| normalizedPaths.js:120:19:120:53 | pathMod ... .html') | normalizedPaths.js:117:30:117:43 | req.query.path | normalizedPaths.js:120:19:120:53 | pathMod ... .html') | This path depends on a $@. | normalizedPaths.js:117:30:117:43 | req.query.path | user-provided value |
-| normalizedPaths.js:135:21:135:24 | path | normalizedPaths.js:130:35:130:48 | req.query.path | normalizedPaths.js:135:21:135:24 | path | This path depends on a $@. | normalizedPaths.js:130:35:130:48 | req.query.path | user-provided value |
-| normalizedPaths.js:144:21:144:24 | path | normalizedPaths.js:139:48:139:61 | req.query.path | normalizedPaths.js:144:21:144:24 | path | This path depends on a $@. | normalizedPaths.js:139:48:139:61 | req.query.path | user-provided value |
-| normalizedPaths.js:151:21:151:24 | path | normalizedPaths.js:148:44:148:57 | req.query.path | normalizedPaths.js:151:21:151:24 | path | This path depends on a $@. | normalizedPaths.js:148:44:148:57 | req.query.path | user-provided value |
-| normalizedPaths.js:153:21:153:24 | path | normalizedPaths.js:148:44:148:57 | req.query.path | normalizedPaths.js:153:21:153:24 | path | This path depends on a $@. | normalizedPaths.js:148:44:148:57 | req.query.path | user-provided value |
-| normalizedPaths.js:165:19:165:22 | path | normalizedPaths.js:160:35:160:48 | req.query.path | normalizedPaths.js:165:19:165:22 | path | This path depends on a $@. | normalizedPaths.js:160:35:160:48 | req.query.path | user-provided value |
-| normalizedPaths.js:170:21:170:24 | path | normalizedPaths.js:160:35:160:48 | req.query.path | normalizedPaths.js:170:21:170:24 | path | This path depends on a $@. | normalizedPaths.js:160:35:160:48 | req.query.path | user-provided value |
-| normalizedPaths.js:184:19:184:22 | path | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:184:19:184:22 | path | This path depends on a $@. | normalizedPaths.js:174:14:174:27 | req.query.path | user-provided value |
-| normalizedPaths.js:187:21:187:24 | path | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:187:21:187:24 | path | This path depends on a $@. | normalizedPaths.js:174:14:174:27 | req.query.path | user-provided value |
-| normalizedPaths.js:189:21:189:24 | path | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:189:21:189:24 | path | This path depends on a $@. | normalizedPaths.js:174:14:174:27 | req.query.path | user-provided value |
-| normalizedPaths.js:192:21:192:24 | path | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:192:21:192:24 | path | This path depends on a $@. | normalizedPaths.js:174:14:174:27 | req.query.path | user-provided value |
-| normalizedPaths.js:194:21:194:24 | path | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:194:21:194:24 | path | This path depends on a $@. | normalizedPaths.js:174:14:174:27 | req.query.path | user-provided value |
-| normalizedPaths.js:199:21:199:24 | path | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:199:21:199:24 | path | This path depends on a $@. | normalizedPaths.js:174:14:174:27 | req.query.path | user-provided value |
-| normalizedPaths.js:205:21:205:34 | normalizedPath | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:205:21:205:34 | normalizedPath | This path depends on a $@. | normalizedPaths.js:174:14:174:27 | req.query.path | user-provided value |
-| normalizedPaths.js:208:21:208:34 | normalizedPath | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:208:21:208:34 | normalizedPath | This path depends on a $@. | normalizedPaths.js:174:14:174:27 | req.query.path | user-provided value |
-| normalizedPaths.js:210:21:210:34 | normalizedPath | normalizedPaths.js:174:14:174:27 | req.query.path | normalizedPaths.js:210:21:210:34 | normalizedPath | This path depends on a $@. | normalizedPaths.js:174:14:174:27 | req.query.path | user-provided value |
-| normalizedPaths.js:222:21:222:24 | path | normalizedPaths.js:214:35:214:48 | req.query.path | normalizedPaths.js:222:21:222:24 | path | This path depends on a $@. | normalizedPaths.js:214:35:214:48 | req.query.path | user-provided value |
-| normalizedPaths.js:228:21:228:24 | path | normalizedPaths.js:226:35:226:48 | req.query.path | normalizedPaths.js:228:21:228:24 | path | This path depends on a $@. | normalizedPaths.js:226:35:226:48 | req.query.path | user-provided value |
-| normalizedPaths.js:238:19:238:22 | path | normalizedPaths.js:236:33:236:46 | req.query.path | normalizedPaths.js:238:19:238:22 | path | This path depends on a $@. | normalizedPaths.js:236:33:236:46 | req.query.path | user-provided value |
-| normalizedPaths.js:245:21:245:24 | path | normalizedPaths.js:236:33:236:46 | req.query.path | normalizedPaths.js:245:21:245:24 | path | This path depends on a $@. | normalizedPaths.js:236:33:236:46 | req.query.path | user-provided value |
-| normalizedPaths.js:250:21:250:24 | path | normalizedPaths.js:236:33:236:46 | req.query.path | normalizedPaths.js:250:21:250:24 | path | This path depends on a $@. | normalizedPaths.js:236:33:236:46 | req.query.path | user-provided value |
-| normalizedPaths.js:256:19:256:22 | path | normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:256:19:256:22 | path | This path depends on a $@. | normalizedPaths.js:254:33:254:46 | req.query.path | user-provided value |
-| normalizedPaths.js:262:21:262:24 | path | normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:262:21:262:24 | path | This path depends on a $@. | normalizedPaths.js:254:33:254:46 | req.query.path | user-provided value |
-| normalizedPaths.js:270:21:270:27 | newpath | normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:270:21:270:27 | newpath | This path depends on a $@. | normalizedPaths.js:254:33:254:46 | req.query.path | user-provided value |
-| normalizedPaths.js:278:21:278:27 | newpath | normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:278:21:278:27 | newpath | This path depends on a $@. | normalizedPaths.js:254:33:254:46 | req.query.path | user-provided value |
-| normalizedPaths.js:286:21:286:27 | newpath | normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:286:21:286:27 | newpath | This path depends on a $@. | normalizedPaths.js:254:33:254:46 | req.query.path | user-provided value |
-| normalizedPaths.js:296:21:296:27 | newpath | normalizedPaths.js:254:33:254:46 | req.query.path | normalizedPaths.js:296:21:296:27 | newpath | This path depends on a $@. | normalizedPaths.js:254:33:254:46 | req.query.path | user-provided value |
-| normalizedPaths.js:304:18:304:21 | path | normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:304:18:304:21 | path | This path depends on a $@. | normalizedPaths.js:303:13:303:26 | req.query.path | user-provided value |
-| normalizedPaths.js:309:19:309:22 | path | normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:309:19:309:22 | path | This path depends on a $@. | normalizedPaths.js:303:13:303:26 | req.query.path | user-provided value |
-| normalizedPaths.js:313:19:313:22 | path | normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:313:19:313:22 | path | This path depends on a $@. | normalizedPaths.js:303:13:303:26 | req.query.path | user-provided value |
-| normalizedPaths.js:316:19:316:22 | path | normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:316:19:316:22 | path | This path depends on a $@. | normalizedPaths.js:303:13:303:26 | req.query.path | user-provided value |
-| normalizedPaths.js:325:19:325:32 | normalizedPath | normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:325:19:325:32 | normalizedPath | This path depends on a $@. | normalizedPaths.js:303:13:303:26 | req.query.path | user-provided value |
-| normalizedPaths.js:332:19:332:32 | normalizedPath | normalizedPaths.js:303:13:303:26 | req.query.path | normalizedPaths.js:332:19:332:32 | normalizedPath | This path depends on a $@. | normalizedPaths.js:303:13:303:26 | req.query.path | user-provided value |
-| normalizedPaths.js:341:18:341:21 | path | normalizedPaths.js:339:32:339:45 | req.query.path | normalizedPaths.js:341:18:341:21 | path | This path depends on a $@. | normalizedPaths.js:339:32:339:45 | req.query.path | user-provided value |
-| normalizedPaths.js:346:19:346:22 | path | normalizedPaths.js:339:32:339:45 | req.query.path | normalizedPaths.js:346:19:346:22 | path | This path depends on a $@. | normalizedPaths.js:339:32:339:45 | req.query.path | user-provided value |
-| normalizedPaths.js:356:19:356:22 | path | normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:356:19:356:22 | path | This path depends on a $@. | normalizedPaths.js:354:14:354:27 | req.query.path | user-provided value |
-| normalizedPaths.js:363:21:363:31 | requestPath | normalizedPaths.js:354:14:354:27 | req.query.path | normalizedPaths.js:363:21:363:31 | requestPath | This path depends on a $@. | normalizedPaths.js:354:14:354:27 | req.query.path | user-provided value |
-| normalizedPaths.js:379:19:379:22 | path | normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:379:19:379:22 | path | This path depends on a $@. | normalizedPaths.js:377:14:377:27 | req.query.path | user-provided value |
-| normalizedPaths.js:381:19:381:29 | slash(path) | normalizedPaths.js:377:14:377:27 | req.query.path | normalizedPaths.js:381:19:381:29 | slash(path) | This path depends on a $@. | normalizedPaths.js:377:14:377:27 | req.query.path | user-provided value |
-| normalizedPaths.js:388:19:388:22 | path | normalizedPaths.js:385:35:385:45 | req.query.x | normalizedPaths.js:388:19:388:22 | path | This path depends on a $@. | normalizedPaths.js:385:35:385:45 | req.query.x | user-provided value |
-| normalizedPaths.js:399:21:399:24 | path | normalizedPaths.js:385:35:385:45 | req.query.x | normalizedPaths.js:399:21:399:24 | path | This path depends on a $@. | normalizedPaths.js:385:35:385:45 | req.query.x | user-provided value |
-| normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | normalizedPaths.js:407:45:407:55 | req.query.x | normalizedPaths.js:407:19:407:67 | pathMod ... t('/')) | This path depends on a $@. | normalizedPaths.js:407:45:407:55 | req.query.x | user-provided value |
-| normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | normalizedPaths.js:408:38:408:48 | req.query.x | normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | This path depends on a $@. | normalizedPaths.js:408:38:408:48 | req.query.x | user-provided value |
-| normalizedPaths.js:415:19:415:22 | path | normalizedPaths.js:412:35:412:45 | req.query.x | normalizedPaths.js:415:19:415:22 | path | This path depends on a $@. | normalizedPaths.js:412:35:412:45 | req.query.x | user-provided value |
-| normalizedPaths.js:426:21:426:24 | path | normalizedPaths.js:412:35:412:45 | req.query.x | normalizedPaths.js:426:21:426:24 | path | This path depends on a $@. | normalizedPaths.js:412:35:412:45 | req.query.x | user-provided value |
-| other-fs-libraries.js:11:19:11:22 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:11:19:11:22 | path | This path depends on a $@. | other-fs-libraries.js:9:24:9:30 | req.url | user-provided value |
-| other-fs-libraries.js:12:27:12:30 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:12:27:12:30 | path | This path depends on a $@. | other-fs-libraries.js:9:24:9:30 | req.url | user-provided value |
-| other-fs-libraries.js:13:24:13:27 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:13:24:13:27 | path | This path depends on a $@. | other-fs-libraries.js:9:24:9:30 | req.url | user-provided value |
-| other-fs-libraries.js:14:27:14:30 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:14:27:14:30 | path | This path depends on a $@. | other-fs-libraries.js:9:24:9:30 | req.url | user-provided value |
-| other-fs-libraries.js:16:34:16:37 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:16:34:16:37 | path | This path depends on a $@. | other-fs-libraries.js:9:24:9:30 | req.url | user-provided value |
-| other-fs-libraries.js:17:35:17:38 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:17:35:17:38 | path | This path depends on a $@. | other-fs-libraries.js:9:24:9:30 | req.url | user-provided value |
-| other-fs-libraries.js:19:56:19:59 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:19:56:19:59 | path | This path depends on a $@. | other-fs-libraries.js:9:24:9:30 | req.url | user-provided value |
-| other-fs-libraries.js:24:35:24:38 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:24:35:24:38 | path | This path depends on a $@. | other-fs-libraries.js:9:24:9:30 | req.url | user-provided value |
-| other-fs-libraries.js:40:35:40:38 | path | other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:40:35:40:38 | path | This path depends on a $@. | other-fs-libraries.js:38:24:38:30 | req.url | user-provided value |
-| other-fs-libraries.js:41:50:41:53 | path | other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:41:50:41:53 | path | This path depends on a $@. | other-fs-libraries.js:38:24:38:30 | req.url | user-provided value |
-| other-fs-libraries.js:42:53:42:56 | path | other-fs-libraries.js:38:24:38:30 | req.url | other-fs-libraries.js:42:53:42:56 | path | This path depends on a $@. | other-fs-libraries.js:38:24:38:30 | req.url | user-provided value |
-| other-fs-libraries.js:51:19:51:22 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:51:19:51:22 | path | This path depends on a $@. | other-fs-libraries.js:49:24:49:30 | req.url | user-provided value |
-| other-fs-libraries.js:52:24:52:27 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:52:24:52:27 | path | This path depends on a $@. | other-fs-libraries.js:49:24:49:30 | req.url | user-provided value |
-| other-fs-libraries.js:54:36:54:39 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:54:36:54:39 | path | This path depends on a $@. | other-fs-libraries.js:49:24:49:30 | req.url | user-provided value |
-| other-fs-libraries.js:55:36:55:39 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:55:36:55:39 | path | This path depends on a $@. | other-fs-libraries.js:49:24:49:30 | req.url | user-provided value |
-| other-fs-libraries.js:57:46:57:49 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:57:46:57:49 | path | This path depends on a $@. | other-fs-libraries.js:49:24:49:30 | req.url | user-provided value |
-| other-fs-libraries.js:59:39:59:42 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:59:39:59:42 | path | This path depends on a $@. | other-fs-libraries.js:49:24:49:30 | req.url | user-provided value |
-| other-fs-libraries.js:62:43:62:46 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:62:43:62:46 | path | This path depends on a $@. | other-fs-libraries.js:49:24:49:30 | req.url | user-provided value |
-| other-fs-libraries.js:63:51:63:54 | path | other-fs-libraries.js:49:24:49:30 | req.url | other-fs-libraries.js:63:51:63:54 | path | This path depends on a $@. | other-fs-libraries.js:49:24:49:30 | req.url | user-provided value |
-| other-fs-libraries.js:70:19:70:22 | path | other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:70:19:70:22 | path | This path depends on a $@. | other-fs-libraries.js:68:24:68:30 | req.url | user-provided value |
-| other-fs-libraries.js:71:10:71:13 | path | other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:71:10:71:13 | path | This path depends on a $@. | other-fs-libraries.js:68:24:68:30 | req.url | user-provided value |
-| other-fs-libraries.js:72:15:72:18 | path | other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:72:15:72:18 | path | This path depends on a $@. | other-fs-libraries.js:68:24:68:30 | req.url | user-provided value |
-| other-fs-libraries.js:76:19:76:19 | x | other-fs-libraries.js:68:24:68:30 | req.url | other-fs-libraries.js:76:19:76:19 | x | This path depends on a $@. | other-fs-libraries.js:68:24:68:30 | req.url | user-provided value |
-| other-fs-libraries.js:83:16:83:19 | path | other-fs-libraries.js:81:24:81:30 | req.url | other-fs-libraries.js:83:16:83:19 | path | This path depends on a $@. | other-fs-libraries.js:81:24:81:30 | req.url | user-provided value |
-| prettier.js:7:28:7:28 | p | prettier.js:6:13:6:13 | p | prettier.js:7:28:7:28 | p | This path depends on a $@. | prettier.js:6:13:6:13 | p | user-provided value |
-| prettier.js:11:44:11:44 | p | prettier.js:6:13:6:13 | p | prettier.js:11:44:11:44 | p | This path depends on a $@. | prettier.js:6:13:6:13 | p | user-provided value |
-| pupeteer.js:9:28:9:34 | tainted | pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:9:28:9:34 | tainted | This path depends on a $@. | pupeteer.js:5:28:5:53 | parseTo ... t).name | user-provided value |
-| pupeteer.js:13:37:13:43 | tainted | pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:13:37:13:43 | tainted | This path depends on a $@. | pupeteer.js:5:28:5:53 | parseTo ... t).name | user-provided value |
-| sharedlib-repro.js:22:18:22:25 | filepath | sharedlib-repro.js:13:22:13:43 | req.par ... spaceId | sharedlib-repro.js:22:18:22:25 | filepath | This path depends on a $@. | sharedlib-repro.js:13:22:13:43 | req.par ... spaceId | user-provided value |
-| tainted-access-paths.js:8:19:8:22 | path | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:8:19:8:22 | path | This path depends on a $@. | tainted-access-paths.js:6:24:6:30 | req.url | user-provided value |
-| tainted-access-paths.js:12:19:12:25 | obj.sub | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:12:19:12:25 | obj.sub | This path depends on a $@. | tainted-access-paths.js:6:24:6:30 | req.url | user-provided value |
-| tainted-access-paths.js:26:19:26:26 | obj.sub3 | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:26:19:26:26 | obj.sub3 | This path depends on a $@. | tainted-access-paths.js:6:24:6:30 | req.url | user-provided value |
-| tainted-access-paths.js:29:21:29:28 | obj.sub4 | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:29:21:29:28 | obj.sub4 | This path depends on a $@. | tainted-access-paths.js:6:24:6:30 | req.url | user-provided value |
-| tainted-access-paths.js:30:23:30:30 | obj.sub4 | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:30:23:30:30 | obj.sub4 | This path depends on a $@. | tainted-access-paths.js:6:24:6:30 | req.url | user-provided value |
-| tainted-access-paths.js:31:23:31:30 | obj.sub4 | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:31:23:31:30 | obj.sub4 | This path depends on a $@. | tainted-access-paths.js:6:24:6:30 | req.url | user-provided value |
-| tainted-access-paths.js:40:23:40:26 | path | tainted-access-paths.js:39:24:39:30 | req.url | tainted-access-paths.js:40:23:40:26 | path | This path depends on a $@. | tainted-access-paths.js:39:24:39:30 | req.url | user-provided value |
-| tainted-access-paths.js:49:10:49:13 | path | tainted-access-paths.js:48:24:48:30 | req.url | tainted-access-paths.js:49:10:49:13 | path | This path depends on a $@. | tainted-access-paths.js:48:24:48:30 | req.url | user-provided value |
-| tainted-promise-steps.js:11:19:11:35 | await pathPromise | tainted-promise-steps.js:6:24:6:30 | req.url | tainted-promise-steps.js:11:19:11:35 | await pathPromise | This path depends on a $@. | tainted-promise-steps.js:6:24:6:30 | req.url | user-provided value |
-| tainted-promise-steps.js:12:44:12:47 | path | tainted-promise-steps.js:6:24:6:30 | req.url | tainted-promise-steps.js:12:44:12:47 | path | This path depends on a $@. | tainted-promise-steps.js:6:24:6:30 | req.url | user-provided value |
-| tainted-require.js:7:19:7:37 | req.param("module") | tainted-require.js:7:19:7:37 | req.param("module") | tainted-require.js:7:19:7:37 | req.param("module") | This path depends on a $@. | tainted-require.js:7:19:7:37 | req.param("module") | user-provided value |
-| tainted-require.js:12:29:12:47 | req.param("module") | tainted-require.js:12:29:12:47 | req.param("module") | tainted-require.js:12:29:12:47 | req.param("module") | This path depends on a $@. | tainted-require.js:12:29:12:47 | req.param("module") | user-provided value |
-| tainted-require.js:14:11:14:29 | req.param("module") | tainted-require.js:14:11:14:29 | req.param("module") | tainted-require.js:14:11:14:29 | req.param("module") | This path depends on a $@. | tainted-require.js:14:11:14:29 | req.param("module") | user-provided value |
-| tainted-sendFile.js:8:16:8:33 | req.param("gimme") | tainted-sendFile.js:8:16:8:33 | req.param("gimme") | tainted-sendFile.js:8:16:8:33 | req.param("gimme") | This path depends on a $@. | tainted-sendFile.js:8:16:8:33 | req.param("gimme") | user-provided value |
-| tainted-sendFile.js:10:16:10:33 | req.param("gimme") | tainted-sendFile.js:10:16:10:33 | req.param("gimme") | tainted-sendFile.js:10:16:10:33 | req.param("gimme") | This path depends on a $@. | tainted-sendFile.js:10:16:10:33 | req.param("gimme") | user-provided value |
-| tainted-sendFile.js:18:43:18:58 | req.param("dir") | tainted-sendFile.js:18:43:18:58 | req.param("dir") | tainted-sendFile.js:18:43:18:58 | req.param("dir") | This path depends on a $@. | tainted-sendFile.js:18:43:18:58 | req.param("dir") | user-provided value |
-| tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | tainted-sendFile.js:24:37:24:48 | req.params.x | tainted-sendFile.js:24:16:24:49 | path.re ... rams.x) | This path depends on a $@. | tainted-sendFile.js:24:37:24:48 | req.params.x | user-provided value |
-| tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | tainted-sendFile.js:25:34:25:45 | req.params.x | tainted-sendFile.js:25:16:25:46 | path.jo ... rams.x) | This path depends on a $@. | tainted-sendFile.js:25:34:25:45 | req.params.x | user-provided value |
-| tainted-string-steps.js:8:18:8:34 | path.substring(4) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:8:18:8:34 | path.substring(4) | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value |
-| tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:9:18:9:37 | path.substring(0, i) | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value |
-| tainted-string-steps.js:10:18:10:31 | path.substr(4) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:10:18:10:31 | path.substr(4) | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value |
-| tainted-string-steps.js:11:18:11:30 | path.slice(4) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:11:18:11:30 | path.slice(4) | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value |
-| tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:13:18:13:37 | path.concat(unknown) | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value |
-| tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:14:18:14:37 | unknown.concat(path) | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value |
-| tainted-string-steps.js:15:18:15:46 | unknown ... , path) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:15:18:15:46 | unknown ... , path) | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value |
-| tainted-string-steps.js:17:18:17:28 | path.trim() | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:17:18:17:28 | path.trim() | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value |
-| tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:18:18:18:35 | path.toLowerCase() | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value |
-| tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:22:18:22:35 | path.split('/')[i] | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value |
-| tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:23:18:23:36 | path.split(/\\//)[i] | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value |
-| tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:24:18:24:35 | path.split("?")[0] | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value |
-| tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:26:18:26:45 | path.sp ... hatever | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value |
-| tainted-string-steps.js:27:18:27:36 | path.split(unknown) | tainted-string-steps.js:6:24:6:30 | req.url | tainted-string-steps.js:27:18:27:36 | path.split(unknown) | This path depends on a $@. | tainted-string-steps.js:6:24:6:30 | req.url | user-provided value |
-| torrents.js:7:25:7:27 | loc | torrents.js:5:13:5:38 | parseTo ... t).name | torrents.js:7:25:7:27 | loc | This path depends on a $@. | torrents.js:5:13:5:38 | parseTo ... t).name | user-provided value |
-| typescript.ts:12:29:12:32 | path | typescript.ts:9:24:9:30 | req.url | typescript.ts:12:29:12:32 | path | This path depends on a $@. | typescript.ts:9:24:9:30 | req.url | user-provided value |
-| typescript.ts:21:39:21:43 | path3 | typescript.ts:9:24:9:30 | req.url | typescript.ts:21:39:21:43 | path3 | This path depends on a $@. | typescript.ts:9:24:9:30 | req.url | user-provided value |
-| typescript.ts:24:39:24:43 | path4 | typescript.ts:9:24:9:30 | req.url | typescript.ts:24:39:24:43 | path4 | This path depends on a $@. | typescript.ts:9:24:9:30 | req.url | user-provided value |
-| typescript.ts:32:29:32:33 | path6 | typescript.ts:9:24:9:30 | req.url | typescript.ts:32:29:32:33 | path6 | This path depends on a $@. | typescript.ts:9:24:9:30 | req.url | user-provided value |
-| views.js:1:43:1:55 | req.params[0] | views.js:1:43:1:55 | req.params[0] | views.js:1:43:1:55 | req.params[0] | This path depends on a $@. | views.js:1:43:1:55 | req.params[0] | user-provided value |
diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.js
index fd768fecfff8..ba57e930f03f 100644
--- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.js
+++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.js
@@ -6,65 +6,54 @@ var fs = require('fs'),
     ;
 
 var server = http.createServer(function(req, res) {
-  let path = url.parse(req.url, true).query.path;
+  let path = url.parse(req.url, true).query.path; // $ Source
 
-  // BAD: This could read any file on the file system
-  res.write(fs.readFileSync(path));
+  res.write(fs.readFileSync(path)); // $ Alert - This could read any file on the file system
 
-  // BAD: This could still read any file on the file system
-  res.write(fs.readFileSync("/home/user/" + path));
+  res.write(fs.readFileSync("/home/user/" + path)); // $ Alert - This could still read any file on the file system
 
   if (path.startsWith("/home/user/"))
-      res.write(fs.readFileSync(path)); // BAD: Insufficient sanitisation
+      res.write(fs.readFileSync(path)); // $ Alert - Insufficient sanitisation
 
   if (path.indexOf("secret") == -1)
-      res.write(fs.readFileSync(path)); // BAD: Insufficient sanitisation
+      res.write(fs.readFileSync(path)); // $ Alert - Insufficient sanitisation
 
   if (fs.existsSync(path))
-      res.write(fs.readFileSync(path)); // BAD: Insufficient sanitisation
+      res.write(fs.readFileSync(path)); // $ Alert - Insufficient sanitisation
 
   if (path === 'foo.txt')
-    res.write(fs.readFileSync(path)); // GOOD: Path is compared to white-list
+    res.write(fs.readFileSync(path)); // OK - Path is compared to white-list
 
   if (path === 'foo.txt' || path === 'bar.txt')
-    res.write(fs.readFileSync(path)); // GOOD: Path is compared to white-list
+    res.write(fs.readFileSync(path)); // OK - Path is compared to white-list
 
   if (path === 'foo.txt' || path === 'bar.txt' || someOpaqueCondition())
-    res.write(fs.readFileSync(path)); // BAD: Path is incompletely compared to white-list
+    res.write(fs.readFileSync(path)); // $ Alert - Path is incompletely compared to white-list
 
   path = sanitize(path);
-  res.write(fs.readFileSync(path)); // GOOD: Path is sanitized
+  res.write(fs.readFileSync(path)); // OK - Path is sanitized
 
-  path = url.parse(req.url, true).query.path;
-  // GOOD: basename is safe
+  path = url.parse(req.url, true).query.path; // $ Source
+  // OK - basename is safe
   res.write(fs.readFileSync(pathModule.basename(path)));
-  // BAD: taint is preserved
-  res.write(fs.readFileSync(pathModule.dirname(path)));
-  // GOOD: extname is safe
+  res.write(fs.readFileSync(pathModule.dirname(path))); // $ Alert - taint is preserved
+  // OK - extname is safe
   res.write(fs.readFileSync(pathModule.extname(path)));
-  // BAD: taint is preserved
-  res.write(fs.readFileSync(pathModule.join(path)));
-  // BAD: taint is preserved
-  res.write(fs.readFileSync(pathModule.join(x, y, path, z)));
-  // BAD: taint is preserved
-  res.write(fs.readFileSync(pathModule.normalize(path)));
-  // BAD: taint is preserved
-  res.write(fs.readFileSync(pathModule.relative(x, path)));
-  // BAD: taint is preserved
-  res.write(fs.readFileSync(pathModule.relative(path, x)));
-  // BAD: taint is preserved
-  res.write(fs.readFileSync(pathModule.resolve(path)));
-  // BAD: taint is preserved
-  res.write(fs.readFileSync(pathModule.resolve(x, y, path, z)));
-  // BAD: taint is preserved
-  res.write(fs.readFileSync(pathModule.toNamespacedPath(path)));
+  res.write(fs.readFileSync(pathModule.join(path))); // $ Alert - taint is preserved
+  res.write(fs.readFileSync(pathModule.join(x, y, path, z))); // $ Alert - taint is preserved
+  res.write(fs.readFileSync(pathModule.normalize(path))); // $ Alert - taint is preserved
+  res.write(fs.readFileSync(pathModule.relative(x, path))); // $ Alert - taint is preserved
+  res.write(fs.readFileSync(pathModule.relative(path, x))); // $ Alert - taint is preserved
+  res.write(fs.readFileSync(pathModule.resolve(path))); // $ Alert - taint is preserved
+  res.write(fs.readFileSync(pathModule.resolve(x, y, path, z))); // $ Alert - taint is preserved
+  res.write(fs.readFileSync(pathModule.toNamespacedPath(path))); // $ Alert - taint is preserved
 });
 
 var server = http.createServer(function(req, res) {
     // tests for a few uri-libraries
-    res.write(fs.readFileSync(require("querystringify").parse(req.url).query)); // NOT OK
-    res.write(fs.readFileSync(require("query-string").parse(req.url).query)); // NOT OK
-    res.write(fs.readFileSync(require("querystring").parse(req.url).query)); // NOT OK
+    res.write(fs.readFileSync(require("querystringify").parse(req.url).query)); // $ Alert
+    res.write(fs.readFileSync(require("query-string").parse(req.url).query)); // $ Alert
+    res.write(fs.readFileSync(require("querystring").parse(req.url).query)); // $ Alert
 });
 
 (function(){
@@ -72,7 +61,7 @@ var server = http.createServer(function(req, res) {
     var express = require('express');
     var application = express();
 
-    var views_local = (req, res) => res.render(req.params[0]);
+    var views_local = (req, res) => res.render(req.params[0]); // $ Alert
     application.get('/views/*', views_local);
 
     var views_imported = require("./views");
@@ -81,12 +70,12 @@ var server = http.createServer(function(req, res) {
 })();
 
 var server = http.createServer(function(req, res) {
-	let path = url.parse(req.url, true).query.path;
+	let path = url.parse(req.url, true).query.path; // $ Source
 
-	res.write(fs.readFileSync(fs.realpathSync(path)));
+	res.write(fs.readFileSync(fs.realpathSync(path))); // $ Alert
 	fs.realpath(path,
 	                function(err, realpath){
-		                res.write(fs.readFileSync(realpath));
+		                res.write(fs.readFileSync(realpath)); // $ Alert
 	                }
 	               );
 
@@ -100,7 +89,7 @@ var server = http.createServer(function(req, res) {
     path = path.replace(/\.\./g, ''); // remove all ".."
   }
 
-  res.write(fs.readFileSync(path));  // OK. Is sanitized above.
+  res.write(fs.readFileSync(path));  // OK - Is sanitized above.
 });
 
 var server = http.createServer(function(req, res) {
@@ -113,70 +102,70 @@ var server = http.createServer(function(req, res) {
     path = path.replace(/\.\./g, ''); // remove all ".."
   }
 
-  res.write(fs.readFileSync(path));  // OK. Is sanitized above.
+  res.write(fs.readFileSync(path));  // OK - Is sanitized above.
 });
 
 var server = http.createServer(function(req, res) {
-	let path = url.parse(req.url, true).query.path;
+	let path = url.parse(req.url, true).query.path; // $ Source
 
-	require('send')(req, path); // NOT OK
+	require('send')(req, path); // $ Alert
 });
 
 var server = http.createServer(function(req, res) {
-  let path = url.parse(req.url, true).query.path;
+  let path = url.parse(req.url, true).query.path; // $ Source
 
-  fs.readFileSync(path); // NOT OK
+  fs.readFileSync(path); // $ Alert
 
   var split = path.split("/");
 
-  fs.readFileSync(split.join("/")); // NOT OK
+  fs.readFileSync(split.join("/")); // $ Alert
 
-  fs.readFileSync(prefix + split[split.length - 1]) // OK
+  fs.readFileSync(prefix + split[split.length - 1])
 
-  fs.readFileSync(split[x]) // NOT OK
-  fs.readFileSync(prefix + split[x]) // NOT OK
+  fs.readFileSync(split[x]) // $ Alert
+  fs.readFileSync(prefix + split[x]) // $ Alert
 
   var concatted = prefix.concat(split);
-  fs.readFileSync(concatted.join("/")); // NOT OK
+  fs.readFileSync(concatted.join("/")); // $ Alert
 
   var concatted2 = split.concat(prefix);
-  fs.readFileSync(concatted2.join("/")); // NOT OK
+  fs.readFileSync(concatted2.join("/")); // $ Alert
 
-  fs.readFileSync(split.pop()); // NOT OK
+  fs.readFileSync(split.pop()); // $ Alert
 
 });
 
 var server = http.createServer(function(req, res) {
-  let path = url.parse(req.url, true).query.path;
+  let path = url.parse(req.url, true).query.path; // $ Source
 
   // Removal of forward-slash or dots.
-  res.write(fs.readFileSync(path.replace(/[\]\[*,;'"`<>\\?\/]/g, ''))); // OK.
-  res.write(fs.readFileSync(path.replace(/[abcd]/g, ''))); // NOT OK
-  res.write(fs.readFileSync(path.replace(/[./]/g, ''))); // OK
-  res.write(fs.readFileSync(path.replace(/[foobar/foobar]/g, ''))); // OK
-  res.write(fs.readFileSync(path.replace(/\//g, ''))); // OK
-  res.write(fs.readFileSync(path.replace(/\.|\//g, ''))); // OK
-
-  res.write(fs.readFileSync(path.replace(/[.]/g, ''))); // NOT OK (can be absolute)
-  res.write(fs.readFileSync(path.replace(/[..]/g, ''))); // NOT OK (can be absolute)
-  res.write(fs.readFileSync(path.replace(/\./g, ''))); // NOT OK (can be absolute)
-  res.write(fs.readFileSync(path.replace(/\.\.|BLA/g, ''))); // NOT OK (can be absolute)
+  res.write(fs.readFileSync(path.replace(/[\]\[*,;'"`<>\\?\/]/g, '')));
+  res.write(fs.readFileSync(path.replace(/[abcd]/g, ''))); // $ Alert
+  res.write(fs.readFileSync(path.replace(/[./]/g, '')));
+  res.write(fs.readFileSync(path.replace(/[foobar/foobar]/g, '')));
+  res.write(fs.readFileSync(path.replace(/\//g, '')));
+  res.write(fs.readFileSync(path.replace(/\.|\//g, '')));
+
+  res.write(fs.readFileSync(path.replace(/[.]/g, ''))); // $ Alert - can be absolute
+  res.write(fs.readFileSync(path.replace(/[..]/g, ''))); // $ Alert - can be absolute
+  res.write(fs.readFileSync(path.replace(/\./g, ''))); // $ Alert - can be absolute
+  res.write(fs.readFileSync(path.replace(/\.\.|BLA/g, ''))); // $ Alert - can be absolute
 
   if (!pathModule.isAbsolute(path)) {
-    res.write(fs.readFileSync(path.replace(/[.]/g, ''))); // OK
-  	res.write(fs.readFileSync(path.replace(/[..]/g, ''))); // OK
-    res.write(fs.readFileSync(path.replace(/\./g, ''))); // OK
-  	res.write(fs.readFileSync(path.replace(/\.\.|BLA/g, ''))); // OK
+    res.write(fs.readFileSync(path.replace(/[.]/g, '')));
+  	res.write(fs.readFileSync(path.replace(/[..]/g, '')));
+    res.write(fs.readFileSync(path.replace(/\./g, '')));
+  	res.write(fs.readFileSync(path.replace(/\.\.|BLA/g, '')));
   }
 
   // removing of "../" from prefix.
-  res.write(fs.readFileSync("prefix" + pathModule.normalize(path).replace(/^(\.\.[\/\\])+/, ''))); // OK
-  res.write(fs.readFileSync("prefix" + pathModule.normalize(path).replace(/(\.\.[\/\\])+/, ''))); // OK
-  res.write(fs.readFileSync("prefix" + pathModule.normalize(path).replace(/(\.\.\/)+/, ''))); // OK
-  res.write(fs.readFileSync("prefix" + pathModule.normalize(path).replace(/(\.\.\/)*/, ''))); // OK
+  res.write(fs.readFileSync("prefix" + pathModule.normalize(path).replace(/^(\.\.[\/\\])+/, '')));
+  res.write(fs.readFileSync("prefix" + pathModule.normalize(path).replace(/(\.\.[\/\\])+/, '')));
+  res.write(fs.readFileSync("prefix" + pathModule.normalize(path).replace(/(\.\.\/)+/, '')));
+  res.write(fs.readFileSync("prefix" + pathModule.normalize(path).replace(/(\.\.\/)*/, '')));
 
-  res.write(fs.readFileSync("prefix" + path.replace(/^(\.\.[\/\\])+/, ''))); // NOT OK - not normalized
-  res.write(fs.readFileSync(pathModule.normalize(path).replace(/^(\.\.[\/\\])+/, ''))); // NOT OK (can be absolute)
+  res.write(fs.readFileSync("prefix" + path.replace(/^(\.\.[\/\\])+/, ''))); // $ Alert - not normalized
+  res.write(fs.readFileSync(pathModule.normalize(path).replace(/^(\.\.[\/\\])+/, ''))); // $ Alert - can be absolute
 });
 
 import normalizeUrl from 'normalize-url';
@@ -184,38 +173,38 @@ import normalizeUrl from 'normalize-url';
 var server = http.createServer(function(req, res) {
   // tests for a few more uri-libraries
   const qs = require("qs");
-  res.write(fs.readFileSync(qs.parse(req.url).foo)); // NOT OK
-  res.write(fs.readFileSync(qs.parse(normalizeUrl(req.url)).foo)); // NOT OK
+  res.write(fs.readFileSync(qs.parse(req.url).foo)); // $ Alert
+  res.write(fs.readFileSync(qs.parse(normalizeUrl(req.url)).foo)); // $ Alert
   const parseqs = require("parseqs");
-  res.write(fs.readFileSync(parseqs.decode(req.url).foo)); // NOT OK
+  res.write(fs.readFileSync(parseqs.decode(req.url).foo)); // $ Alert
 });
 
 const cp = require("child_process");
 var server = http.createServer(function(req, res) {
-  let path = url.parse(req.url, true).query.path;
-  cp.execSync("foobar", {cwd: path}); // NOT OK
-  cp.execFileSync("foobar", ["args"], {cwd: path}); // NOT OK
-  cp.execFileSync("foobar", {cwd: path}); // NOT OK
+  let path = url.parse(req.url, true).query.path; // $ Source
+  cp.execSync("foobar", {cwd: path}); // $ Alert
+  cp.execFileSync("foobar", ["args"], {cwd: path}); // $ Alert
+  cp.execFileSync("foobar", {cwd: path}); // $ Alert
 });
 
 var server = http.createServer(function(req, res) {
-  let path = url.parse(req.url, true).query.path;
+  let path = url.parse(req.url, true).query.path; // $ Source
 
   // Removal of forward-slash or dots.
-  res.write(fs.readFileSync(path.replace(new RegExp("[\\]\\[*,;'\"`<>\\?/]", 'g'), ''))); // OK
-  res.write(fs.readFileSync(path.replace(new RegExp("[\\]\\[*,;'\"`<>\\?/]", ''), ''))); // NOT OK.
-  res.write(fs.readFileSync(path.replace(new RegExp("[\\]\\[*,;'\"`<>\\?/]", unknownFlags()), ''))); // OK -- Might be okay depending on what unknownFlags evaluates to.
+  res.write(fs.readFileSync(path.replace(new RegExp("[\\]\\[*,;'\"`<>\\?/]", 'g'), '')));
+  res.write(fs.readFileSync(path.replace(new RegExp("[\\]\\[*,;'\"`<>\\?/]", ''), ''))); // $ Alert
+  res.write(fs.readFileSync(path.replace(new RegExp("[\\]\\[*,;'\"`<>\\?/]", unknownFlags()), ''))); // OK - Might be okay depending on what unknownFlags evaluates to.
 });
 
 var server = http.createServer(function(req, res) {
-  let path = url.parse(req.url, true).query.path;
+  let path = url.parse(req.url, true).query.path; // $ Source
 
-  res.write(fs.readFileSync(path.replace(new RegExp("[.]", 'g'), ''))); // NOT OK (can be absolute)
+  res.write(fs.readFileSync(path.replace(new RegExp("[.]", 'g'), ''))); // $ Alert - can be absolute
 
   if (!pathModule.isAbsolute(path)) {
-    res.write(fs.readFileSync(path.replace(new RegExp("[.]", ''), ''))); // NOT OK
-    res.write(fs.readFileSync(path.replace(new RegExp("[.]", 'g'), ''))); // OK
-    res.write(fs.readFileSync(path.replace(new RegExp("[.]", unknownFlags()), ''))); // OK
+    res.write(fs.readFileSync(path.replace(new RegExp("[.]", ''), ''))); // $ Alert
+    res.write(fs.readFileSync(path.replace(new RegExp("[.]", 'g'), '')));
+    res.write(fs.readFileSync(path.replace(new RegExp("[.]", unknownFlags()), '')));
   }
 });
   
diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.qlref b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.qlref
index 53d53cb8dc54..ff3d54b0cd56 100644
--- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.qlref
+++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.qlref
@@ -1 +1,2 @@
-Security/CWE-022/TaintedPath.ql
+query: Security/CWE-022/TaintedPath.ql
+postprocess: utils/test/InlineExpectationsTestQuery.ql
diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/examples/TaintedPath.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/examples/TaintedPath.js
index 1fdbef68c47e..568269866f5f 100644
--- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/examples/TaintedPath.js
+++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/examples/TaintedPath.js
@@ -5,8 +5,7 @@ const fs = require('fs'),
 const ROOT = "/var/www/";
 
 var server = http.createServer(function(req, res) {
-  let filePath = url.parse(req.url, true).query.path;
+  let filePath = url.parse(req.url, true).query.path; // $ Source
 
-  // BAD: This function uses unsanitized input that can read any file on the file system.
-  res.write(fs.readFileSync(ROOT + filePath, 'utf8'));
+  res.write(fs.readFileSync(ROOT + filePath, 'utf8')); // $ Alert - This function uses unsanitized input that can read any file on the file system.
 });
\ No newline at end of file
diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/examples/TaintedPathGood.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/examples/TaintedPathGood.js
index ac8dd4fb9ba8..5b497cfddccb 100644
--- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/examples/TaintedPathGood.js
+++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/examples/TaintedPathGood.js
@@ -8,7 +8,7 @@ const ROOT = "/var/www/";
 var server = http.createServer(function(req, res) {
   let filePath = url.parse(req.url, true).query.path;
 
-  // GOOD: Verify that the file path is under the root directory
+  // OK - Verify that the file path is under the root directory
   filePath = fs.realpathSync(path.resolve(ROOT, filePath));
   if (!filePath.startsWith(ROOT)) {
     res.statusCode = 403;
diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/express.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/express.js
index dad320e3abae..13c6ad082abe 100644
--- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/express.js
+++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/express.js
@@ -5,5 +5,5 @@ let app = express();
 app.use(fileUpload());
 
 app.get("/some/path", function (req, res) {
-  req.files.foo.mv(req.query.bar);
+  req.files.foo.mv(req.query.bar); // $ Alert
 });
diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/handlebars.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/handlebars.js
index 512b851592aa..ffbeb5a767ba 100644
--- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/handlebars.js
+++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/handlebars.js
@@ -8,11 +8,11 @@ const data = {};
 
 function init() {
     hb.registerHelper("catFile", function catFile(filePath) {
-        return fs.readFileSync(filePath); // SINK (reads file)
+        return fs.readFileSync(filePath); // $ Alert
     });
     hb.registerHelper("prependToLines", function prependToLines(prefix, filePath) {
         return fs
-          .readFileSync(filePath)
+          .readFileSync(filePath) // $ Alert
           .split("\n")
           .map((line) => prefix + line)
           .join("\n");
@@ -26,27 +26,27 @@ function init() {
 init();
 
 app.get('/some/path1', function (req, res) {
-    res.send(data.compiledFileAccess({ path: req.params.path })); // NOT ALLOWED (template uses vulnerable catFile)
+    res.send(data.compiledFileAccess({ path: req.params.path })); // $ Source - template uses vulnerable catFile
 });
 
 app.get('/some/path2', function (req, res) {
-    res.send(data.compiledBenign({ name: req.params.name })); // ALLOWED (this template does not use catFile)
+    res.send(data.compiledBenign({ name: req.params.name })); // OK - this template does not use catFile
 });
 
 app.get('/some/path3', function (req, res) {
-    res.send(data.compiledUnknown({ name: req.params.name })); // ALLOWED (could be using a vulnerable helper, but we'll assume it's ok)
+    res.send(data.compiledUnknown({ name: req.params.name })); // OK - could be using a vulnerable helper, but we'll assume it's ok
 });
 
 app.get('/some/path4', function (req, res) {
     res.send(data.compiledMixed({
         prefix: ">>> ",
-        path: req.params.path // NOT ALLOWED (template uses vulnerable helper)
+        path: req.params.path // $ Source - template uses vulnerable helper
     }));
 });
 
 app.get('/some/path5', function (req, res) {
     res.send(data.compiledMixed({
-        prefix: req.params.prefix, // ALLOWED (this parameter is safe)
+        prefix: req.params.prefix, // OK - this parameter is safe
         path: "data/path-5.txt"
     }));
 });
diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/normalizedPaths.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/normalizedPaths.js
index 4fa6b3f50d54..4365de77a40f 100644
--- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/normalizedPaths.js
+++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/normalizedPaths.js
@@ -8,98 +8,98 @@ var fs = require('fs'),
 let app = express();
 
 app.get('/basic', (req, res) => {
-  let path = req.query.path;
+  let path = req.query.path; // $ Source
 
-  fs.readFileSync(path); // NOT OK
-  fs.readFileSync('./' + path); // NOT OK
-  fs.readFileSync(path + '/index.html'); // NOT OK
-  fs.readFileSync(pathModule.join(path, 'index.html')); // NOT OK
-  fs.readFileSync(pathModule.join('/home/user/www', path)); // NOT OK
+  fs.readFileSync(path); // $ Alert
+  fs.readFileSync('./' + path); // $ Alert
+  fs.readFileSync(path + '/index.html'); // $ Alert
+  fs.readFileSync(pathModule.join(path, 'index.html')); // $ Alert
+  fs.readFileSync(pathModule.join('/home/user/www', path)); // $ Alert
 });
 
 app.get('/normalize', (req, res) => {
-  let path = pathModule.normalize(req.query.path);
+  let path = pathModule.normalize(req.query.path); // $ Source
 
-  fs.readFileSync(path); // NOT OK
-  fs.readFileSync('./' + path); // NOT OK
-  fs.readFileSync(path + '/index.html'); // NOT OK
-  fs.readFileSync(pathModule.join(path, 'index.html')); // NOT OK
-  fs.readFileSync(pathModule.join('/home/user/www', path)); // NOT OK
+  fs.readFileSync(path); // $ Alert
+  fs.readFileSync('./' + path); // $ Alert
+  fs.readFileSync(path + '/index.html'); // $ Alert
+  fs.readFileSync(pathModule.join(path, 'index.html')); // $ Alert
+  fs.readFileSync(pathModule.join('/home/user/www', path)); // $ Alert
 });
 
 app.get('/normalize-notAbsolute', (req, res) => {
-  let path = pathModule.normalize(req.query.path);
+  let path = pathModule.normalize(req.query.path); // $ Source
 
   if (pathModule.isAbsolute(path))
     return;
 
-  fs.readFileSync(path); // NOT OK
+  fs.readFileSync(path); // $ Alert
 
   if (!path.startsWith("."))
-    fs.readFileSync(path); // OK
+    fs.readFileSync(path);
   else
-    fs.readFileSync(path); // NOT OK - wrong polarity
+    fs.readFileSync(path); // $ Alert - wrong polarity
 
   if (!path.startsWith(".."))
-    fs.readFileSync(path); // OK
+    fs.readFileSync(path);
 
   if (!path.startsWith("../"))
-    fs.readFileSync(path); // OK
+    fs.readFileSync(path);
 
   if (!path.startsWith(".." + pathModule.sep))
-    fs.readFileSync(path); // OK
+    fs.readFileSync(path);
 });
 
 app.get('/normalize-noInitialDotDot', (req, res) => {
-  let path = pathModule.normalize(req.query.path);
+  let path = pathModule.normalize(req.query.path); // $ Source
 
   if (path.startsWith(".."))
     return;
 
-  fs.readFileSync(path); // NOT OK - could be absolute
+  fs.readFileSync(path); // $ Alert - could be absolute
 
   fs.readFileSync("./" + path); // OK - coerced to relative
 
-  fs.readFileSync(path + "/index.html"); // NOT OK - not coerced
+  fs.readFileSync(path + "/index.html"); // $ Alert - not coerced
 
   if (!pathModule.isAbsolute(path))
-    fs.readFileSync(path); // OK
+    fs.readFileSync(path);
   else
-    fs.readFileSync(path); // NOT OK
+    fs.readFileSync(path); // $ Alert
 });
 
 app.get('/prepend-normalize', (req, res) => {
   // Coerce to relative prior to normalization
-  let path = pathModule.normalize('./' + req.query.path);
+  let path = pathModule.normalize('./' + req.query.path); // $ Source
 
   if (!path.startsWith(".."))
-    fs.readFileSync(path); // OK
+    fs.readFileSync(path);
   else
-     fs.readFileSync(path); // NOT OK
+     fs.readFileSync(path); // $ Alert
 });
 
 app.get('/absolute', (req, res) => {
-  let path = req.query.path;
+  let path = req.query.path; // $ Source
 
   if (!pathModule.isAbsolute(path))
     return;
 
-  res.write(fs.readFileSync(path)); // NOT OK
+  res.write(fs.readFileSync(path)); // $ Alert
 
   if (path.startsWith('/home/user/www'))
-    res.write(fs.readFileSync(path)); // NOT OK - can still contain '../'
+    res.write(fs.readFileSync(path)); // $ Alert - can still contain '../'
 });
 
 app.get('/normalized-absolute', (req, res) => {
-  let path = pathModule.normalize(req.query.path);
+  let path = pathModule.normalize(req.query.path); // $ Source
 
   if (!pathModule.isAbsolute(path))
     return;
 
-  res.write(fs.readFileSync(path)); // NOT OK
+  res.write(fs.readFileSync(path)); // $ Alert
 
   if (path.startsWith('/home/user/www'))
-    res.write(fs.readFileSync(path)); // OK
+    res.write(fs.readFileSync(path));
 });
 
 app.get('/combined-check', (req, res) => {
@@ -107,71 +107,71 @@ app.get('/combined-check', (req, res) => {
 
   // Combined absoluteness and folder check in one startsWith call
   if (path.startsWith("/home/user/www"))
-    fs.readFileSync(path); // OK
+    fs.readFileSync(path);
 
   if (path[0] !== "/" && path[0] !== ".")
-    fs.readFileSync(path); // OK
+    fs.readFileSync(path);
 });
 
 app.get('/realpath', (req, res) => {
-  let path = fs.realpathSync(req.query.path);
+  let path = fs.realpathSync(req.query.path); // $ Source
 
-  fs.readFileSync(path); // NOT OK
-  fs.readFileSync(pathModule.join(path, 'index.html')); // NOT OK
+  fs.readFileSync(path); // $ Alert
+  fs.readFileSync(pathModule.join(path, 'index.html')); // $ Alert
 
   if (path.startsWith("/home/user/www"))
     fs.readFileSync(path); // OK - both absolute and normalized before check
 
   fs.readFileSync(pathModule.join('.', path)); // OK - normalized and coerced to relative
-  fs.readFileSync(pathModule.join('/home/user/www', path)); // OK
+  fs.readFileSync(pathModule.join('/home/user/www', path));
 });
 
 app.get('/coerce-relative', (req, res) => {
-  let path = pathModule.join('.', req.query.path);
+  let path = pathModule.join('.', req.query.path); // $ Source
 
   if (!path.startsWith('..'))
-    fs.readFileSync(path); // OK
+    fs.readFileSync(path);
   else
-    fs.readFileSync(path); // NOT OK
+    fs.readFileSync(path); // $ Alert
 });
 
 app.get('/coerce-absolute', (req, res) => {
-  let path = pathModule.join('/home/user/www', req.query.path);
+  let path = pathModule.join('/home/user/www', req.query.path); // $ Source
 
   if (path.startsWith('/home/user/www'))
-    fs.readFileSync(path); // OK
+    fs.readFileSync(path);
   else
-    fs.readFileSync(path); // NOT OK
+    fs.readFileSync(path); // $ Alert
 });
 
 app.get('/concat-after-normalization', (req, res) => {
-  let path = 'foo/' + pathModule.normalize(req.query.path);
+  let path = 'foo/' + pathModule.normalize(req.query.path); // $ Source
 
   if (!path.startsWith('..'))
-    fs.readFileSync(path); // NOT OK - prefixing foo/ invalidates check
+    fs.readFileSync(path); // $ Alert - prefixing foo/ invalidates check
   else
-    fs.readFileSync(path); // NOT OK
+    fs.readFileSync(path); // $ Alert
 
   if (!path.includes('..'))
-    fs.readFileSync(path); // OK
+    fs.readFileSync(path);
 });
 
 app.get('/noDotDot', (req, res) => {
-  let path = pathModule.normalize(req.query.path);
+  let path = pathModule.normalize(req.query.path); // $ Source
 
   if (path.includes('..'))
     return;
 
-  fs.readFileSync(path); // NOT OK - can still be absolute
+  fs.readFileSync(path); // $ Alert - can still be absolute
 
   if (!pathModule.isAbsolute(path))
-    fs.readFileSync(path); // OK
+    fs.readFileSync(path);
   else
-    fs.readFileSync(path); // NOT OK
+    fs.readFileSync(path); // $ Alert
 });
 
 app.get('/join-regression', (req, res) => {
-  let path = req.query.path;
+  let path = req.query.path; // $ Source
 
   // Regression test for a specific corner case:
   // Some guard nodes sanitize both branches, but for a different set of flow labels.
@@ -181,191 +181,191 @@ app.get('/join-regression', (req, res) => {
   if (path.startsWith('/x')) {path;} else {path;}
   if (path.startsWith('.')) {path;} else {path;}
 
-  fs.readFileSync(path); // NOT OK
+  fs.readFileSync(path); // $ Alert
 
   if (pathModule.isAbsolute(path))
-    fs.readFileSync(path); // NOT OK
+    fs.readFileSync(path); // $ Alert
   else
-    fs.readFileSync(path); // NOT OK
+    fs.readFileSync(path); // $ Alert
 
   if (path.includes('..'))
-    fs.readFileSync(path); // NOT OK
+    fs.readFileSync(path); // $ Alert
   else
-    fs.readFileSync(path); // NOT OK
+    fs.readFileSync(path); // $ Alert
 
   if (!path.includes('..') && !pathModule.isAbsolute(path))
-    fs.readFileSync(path); // OK
+    fs.readFileSync(path);
   else
-    fs.readFileSync(path); // NOT OK
+    fs.readFileSync(path); // $ Alert
 
   let normalizedPath = pathModule.normalize(path);
   if (normalizedPath.startsWith('/home/user/www'))
-    fs.readFileSync(normalizedPath); // OK
+    fs.readFileSync(normalizedPath);
   else
-    fs.readFileSync(normalizedPath); // NOT OK
+    fs.readFileSync(normalizedPath); // $ Alert
 
   if (normalizedPath.startsWith('/home/user/www') || normalizedPath.startsWith('/home/user/public'))
-    fs.readFileSync(normalizedPath); // OK - but flagged anyway [INCONSISTENCY]
+    fs.readFileSync(normalizedPath); // $ SPURIOUS: Alert
   else
-    fs.readFileSync(normalizedPath); // NOT OK
+    fs.readFileSync(normalizedPath); // $ Alert
 });
 
 app.get('/decode-after-normalization', (req, res) => {
-  let path = pathModule.normalize(req.query.path);
+  let path = pathModule.normalize(req.query.path); // $ Source
 
   if (!pathModule.isAbsolute(path) && !path.startsWith('..'))
-    fs.readFileSync(path); // OK
+    fs.readFileSync(path);
 
   path = decodeURIComponent(path);
 
   if (!pathModule.isAbsolute(path) && !path.startsWith('..'))
-    fs.readFileSync(path); // NOT OK - not normalized
+    fs.readFileSync(path); // $ Alert - not normalized
 });
 
 app.get('/replace', (req, res) => {
-  let path = pathModule.normalize(req.query.path).replace(/%20/g, ' ');
+  let path = pathModule.normalize(req.query.path).replace(/%20/g, ' '); // $ Source
   if (!pathModule.isAbsolute(path)) {
-    fs.readFileSync(path); // NOT OK
+    fs.readFileSync(path); // $ Alert
 
     path = path.replace(/\.\./g, '');
-    fs.readFileSync(path); // OK
+    fs.readFileSync(path);
   }
 });
 
 app.get('/resolve-path', (req, res) => {
-  let path = pathModule.resolve(req.query.path);
+  let path = pathModule.resolve(req.query.path); // $ Source
 
-  fs.readFileSync(path); // NOT OK
+  fs.readFileSync(path); // $ Alert
 
   var self = something();
 
   if (path.substring(0, self.dir.length) === self.dir)
-    fs.readFileSync(path); // OK
+    fs.readFileSync(path);
   else
-    fs.readFileSync(path); // NOT OK - wrong polarity
+    fs.readFileSync(path); // $ Alert - wrong polarity
 
   if (path.slice(0, self.dir.length) === self.dir)
-    fs.readFileSync(path); // OK
+    fs.readFileSync(path);
   else
-    fs.readFileSync(path); // NOT OK - wrong polarity
+    fs.readFileSync(path); // $ Alert - wrong polarity
 });
 
 app.get('/relative-startswith', (req, res) => {
-  let path = pathModule.resolve(req.query.path);
+  let path = pathModule.resolve(req.query.path); // $ Source
 
-  fs.readFileSync(path); // NOT OK
+  fs.readFileSync(path); // $ Alert
 
   var self = something();
 
   var relative = pathModule.relative(self.webroot, path);
   if(relative.startsWith(".." + pathModule.sep) || relative == "..") {
-    fs.readFileSync(path); // NOT OK!
+    fs.readFileSync(path); // $ Alert
   } else {
-    fs.readFileSync(path); // OK!
+    fs.readFileSync(path);
   }
 
   let newpath = pathModule.normalize(path);
   var relativePath = pathModule.relative(pathModule.normalize(workspaceDir), newpath);
   if (relativePath.indexOf('..' + pathModule.sep) === 0) {
-    fs.readFileSync(newpath); // NOT OK!
+    fs.readFileSync(newpath); // $ Alert
   } else {
-    fs.readFileSync(newpath); // OK!
+    fs.readFileSync(newpath);
   }
 
   let newpath = pathModule.normalize(path);
   var relativePath = pathModule.relative(pathModule.normalize(workspaceDir), newpath);
   if (relativePath.indexOf('../') === 0) {
-    fs.readFileSync(newpath); // NOT OK!
+    fs.readFileSync(newpath); // $ Alert
   } else {
-    fs.readFileSync(newpath); // OK!
+    fs.readFileSync(newpath);
   }
 
   let newpath = pathModule.normalize(path);
   var relativePath = pathModule.relative(pathModule.normalize(workspaceDir), newpath);
   if (pathModule.normalize(relativePath).indexOf('../') === 0) {
-    fs.readFileSync(newpath); // NOT OK!
+    fs.readFileSync(newpath); // $ Alert
   } else {
-    fs.readFileSync(newpath); // OK!
+    fs.readFileSync(newpath);
   }
 
   let newpath = pathModule.normalize(path);
   var relativePath = pathModule.relative(pathModule.normalize(workspaceDir), newpath);
   if (pathModule.normalize(relativePath).indexOf('../')) {
-    fs.readFileSync(newpath); // OK!
+    fs.readFileSync(newpath);
   } else {
-    fs.readFileSync(newpath); // NOT OK!
+    fs.readFileSync(newpath); // $ Alert
   }
 });
 
 var isPathInside = require("is-path-inside"),
     pathIsInside = require("path-is-inside");
 app.get('/pseudo-normalizations', (req, res) => {
-	let path = req.query.path;
-	fs.readFileSync(path); // NOT OK
+	let path = req.query.path; // $ Source
+	fs.readFileSync(path); // $ Alert
 	if (isPathInside(path, SAFE)) {
-		fs.readFileSync(path); // OK
+		fs.readFileSync(path);
 		return;
 	} else {
-		fs.readFileSync(path); // NOT OK
+		fs.readFileSync(path); // $ Alert
 
 	}
 	if (pathIsInside(path, SAFE)) {
-		fs.readFileSync(path); // NOT OK - can be of the form 'safe/directory/../../../etc/passwd'
+		fs.readFileSync(path); // $ Alert - can be of the form 'safe/directory/../../../etc/passwd'
 		return;
 	} else {
-		fs.readFileSync(path); // NOT OK
+		fs.readFileSync(path); // $ Alert
 
 	}
 
 	let normalizedPath = pathModule.join(SAFE, path);
 	if (pathIsInside(normalizedPath, SAFE)) {
-		fs.readFileSync(normalizedPath); // OK
+		fs.readFileSync(normalizedPath);
 		return;
 	} else {
-		fs.readFileSync(normalizedPath); // NOT OK
+		fs.readFileSync(normalizedPath); // $ Alert
 	}
 
 	if (pathIsInside(normalizedPath, SAFE)) {
-		fs.readFileSync(normalizedPath); // OK
+		fs.readFileSync(normalizedPath);
 		return;
 	} else {
-		fs.readFileSync(normalizedPath); // NOT OK
+		fs.readFileSync(normalizedPath); // $ Alert
 
 	}
 
 });
 
 app.get('/yet-another-prefix', (req, res) => {
-	let path = pathModule.resolve(req.query.path);
+	let path = pathModule.resolve(req.query.path); // $ Source
 
-	fs.readFileSync(path); // NOT OK
+	fs.readFileSync(path); // $ Alert
 
 	var abs = pathModule.resolve(path);
 
 	if (abs.indexOf(root) !== 0) {
-		fs.readFileSync(path); // NOT OK
+		fs.readFileSync(path); // $ Alert
 		return;
     }
-	fs.readFileSync(path); // OK
+	fs.readFileSync(path);
 });
 
 var rootPath = process.cwd();
 app.get('/yet-another-prefix2', (req, res) => {
-  let path = req.query.path;
+  let path = req.query.path; // $ Source
 
-  fs.readFileSync(path); // NOT OK
+  fs.readFileSync(path); // $ Alert
 
   var requestPath = pathModule.join(rootPath, path);
 
   var targetPath;
   if (!allowPath(requestPath, rootPath)) {
     targetPath = rootPath;
-    fs.readFileSync(requestPath); // NOT OK
+    fs.readFileSync(requestPath); // $ Alert
   } else {
     targetPath = requestPath;
-    fs.readFileSync(requestPath); // OK
+    fs.readFileSync(requestPath);
   }
-  fs.readFileSync(targetPath); // OK
+  fs.readFileSync(targetPath);
 
   function allowPath(requestPath, rootPath) {
     return requestPath.indexOf(rootPath) === 0;
@@ -374,58 +374,58 @@ app.get('/yet-another-prefix2', (req, res) => {
 
 import slash from 'slash';
 app.get('/slash-stuff', (req, res) => {
-  let path = req.query.path;
+  let path = req.query.path; // $ Source
 
-  fs.readFileSync(path); // NOT OK
+  fs.readFileSync(path); // $ Alert
 
-  fs.readFileSync(slash(path)); // NOT OK
+  fs.readFileSync(slash(path)); // $ Alert
 });
 
 app.get('/dotdot-regexp', (req, res) => {
-  let path = pathModule.normalize(req.query.x);
+  let path = pathModule.normalize(req.query.x); // $ Source
   if (pathModule.isAbsolute(path))
     return;
-  fs.readFileSync(path); // NOT OK
+  fs.readFileSync(path); // $ Alert
   if (!path.match(/\./)) {
-    fs.readFileSync(path); // OK
+    fs.readFileSync(path);
   }
   if (!path.match(/\.\./)) {
-    fs.readFileSync(path); // OK
+    fs.readFileSync(path);
   }
   if (!path.match(/\.\.\//)) {
-    fs.readFileSync(path); // OK
+    fs.readFileSync(path);
   }
   if (!path.match(/\.\.\/foo/)) {
-    fs.readFileSync(path); // NOT OK
+    fs.readFileSync(path); // $ Alert
   }
   if (!path.match(/(\.\.\/|\.\.\\)/)) {
-    fs.readFileSync(path); // OK
+    fs.readFileSync(path);
   }
 });
 
 app.get('/join-spread', (req, res) => {
-  fs.readFileSync(pathModule.join('foo', ...req.query.x.split('/'))); // NOT OK
-  fs.readFileSync(pathModule.join(...req.query.x.split('/'))); // NOT OK
+  fs.readFileSync(pathModule.join('foo', ...req.query.x.split('/'))); // $ Alert
+  fs.readFileSync(pathModule.join(...req.query.x.split('/'))); // $ Alert
 });
 
 app.get('/dotdot-matchAll-regexp', (req, res) => {
-  let path = pathModule.normalize(req.query.x);
+  let path = pathModule.normalize(req.query.x); // $ Source
   if (pathModule.isAbsolute(path))
     return;
-  fs.readFileSync(path); // NOT OK
+  fs.readFileSync(path); // $ Alert
   if (!path.matchAll(/\./)) {
-    fs.readFileSync(path); // OK
+    fs.readFileSync(path);
   }
   if (!path.matchAll(/\.\./)) {
-    fs.readFileSync(path); // OK
+    fs.readFileSync(path);
   }
   if (!path.matchAll(/\.\.\//)) {
-    fs.readFileSync(path); // OK
+    fs.readFileSync(path);
   }
   if (!path.matchAll(/\.\.\/foo/)) {
-    fs.readFileSync(path); // NOT OK
+    fs.readFileSync(path); // $ Alert
   }
   if (!path.matchAll(/(\.\.\/|\.\.\\)/)) {
-    fs.readFileSync(path); // OK
+    fs.readFileSync(path);
   }
 });
diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/other-fs-libraries.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/other-fs-libraries.js
index 1dac13246c6f..3c137faa8c94 100644
--- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/other-fs-libraries.js
+++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/other-fs-libraries.js
@@ -6,22 +6,22 @@ var http = require("http"),
   originalFs = require("original-fs");
 
 var server = http.createServer(function(req, res) {
-  var path = url.parse(req.url, true).query.path;
+  var path = url.parse(req.url, true).query.path; // $ Source
 
-  fs.readFileSync(path); // NOT OK
-  gracefulFs.readFileSync(path); // NOT OK
-  fsExtra.readFileSync(path); // NOT OK
-  originalFs.readFileSync(path); // NOT OK
+  fs.readFileSync(path); // $ Alert
+  gracefulFs.readFileSync(path); // $ Alert
+  fsExtra.readFileSync(path); // $ Alert
+  originalFs.readFileSync(path); // $ Alert
 
-  getFsModule(true).readFileSync(path); // NOT OK
-  getFsModule(false).readFileSync(path); // NOT OK
+  getFsModule(true).readFileSync(path); // $ Alert
+  getFsModule(false).readFileSync(path); // $ Alert
 
-  require("./my-fs-module").require(true).readFileSync(path); // NOT OK
+  require("./my-fs-module").require(true).readFileSync(path); // $ Alert
 
   let flexibleModuleName = require(process.versions["electron"]
     ? "original-fs"
     : "fs");
-  flexibleModuleName.readFileSync(path); // NOT OK
+  flexibleModuleName.readFileSync(path); // $ Alert
 });
 
 function getFsModule(special) {
@@ -35,50 +35,50 @@ function getFsModule(special) {
 var util = require("util");
 
 http.createServer(function(req, res) {
-  var path = url.parse(req.url, true).query.path;
+  var path = url.parse(req.url, true).query.path; // $ Source
 
-  util.promisify(fs.readFileSync)(path); // NOT OK
-  require("bluebird").promisify(fs.readFileSync)(path); // NOT OK
-  require("bluebird").promisifyAll(fs).readFileSync(path); // NOT OK
+  util.promisify(fs.readFileSync)(path); // $ Alert
+  require("bluebird").promisify(fs.readFileSync)(path); // $ Alert
+  require("bluebird").promisifyAll(fs).readFileSync(path); // $ Alert
 });
 
 
 const asyncFS = require("./my-async-fs-module");
 
 http.createServer(function(req, res) {
-  var path = url.parse(req.url, true).query.path;
+  var path = url.parse(req.url, true).query.path; // $ Source
 
-  fs.readFileSync(path); // NOT OK
-  asyncFS.readFileSync(path); // NOT OK
+  fs.readFileSync(path); // $ Alert
+  asyncFS.readFileSync(path); // $ Alert
 
-  require("pify")(fs.readFileSync)(path); // NOT OK
-  require("pify")(fs).readFileSync(path); // NOT OK
+  require("pify")(fs.readFileSync)(path); // $ Alert
+  require("pify")(fs).readFileSync(path); // $ Alert
 
-  require('util.promisify')(fs.readFileSync)(path); // NOT OK
+  require('util.promisify')(fs.readFileSync)(path); // $ Alert
 
-  require("thenify")(fs.readFileSync)(path); // NOT OK
+  require("thenify")(fs.readFileSync)(path); // $ Alert
 
   const readPkg = require('read-pkg');
-  var pkg = readPkg.readPackageSync({cwd: path}); // NOT OK
-  var pkgPromise = readPkg.readPackageAsync({cwd: path}); // NOT OK
+  var pkg = readPkg.readPackageSync({cwd: path}); // $ Alert
+  var pkgPromise = readPkg.readPackageAsync({cwd: path}); // $ Alert
 });
 
 const mkdirp = require("mkdirp");
 http.createServer(function(req, res) {
-  var path = url.parse(req.url, true).query.path;
+  var path = url.parse(req.url, true).query.path; // $ Source
 
-  fs.readFileSync(path); // NOT OK
-  mkdirp(path); // NOT OK
-  mkdirp.sync(path); // NOT OK
+  fs.readFileSync(path); // $ Alert
+  mkdirp(path); // $ Alert
+  mkdirp.sync(path); // $ Alert
   func(path);
 });
 function func(x) {
-  fs.readFileSync(x); // NOT OK
+  fs.readFileSync(x); // $ Alert
 }
 
 const fsp = require("fs/promises");
 http.createServer(function(req, res) {
-  var path = url.parse(req.url, true).query.path;
+  var path = url.parse(req.url, true).query.path; // $ Source
 
-  fsp.readFile(path); // NOT OK
+  fsp.readFile(path); // $ Alert
 });
diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/prettier.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/prettier.js
index 7546bb2c2938..c198082b9932 100644
--- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/prettier.js
+++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/prettier.js
@@ -3,12 +3,12 @@ const prettier = require("prettier");
 
 const app = express();
 app.get('/some/path', function (req, res) {
-    const { p } = req.params;
-    prettier.resolveConfig(p).then((options) => { // NOT OK
+    const { p } = req.params; // $ Source
+    prettier.resolveConfig(p).then((options) => { // $ Alert
         const formatted = prettier.format("foo", options);
     });
 
-    prettier.resolveConfig("foo", {config: p}).then((options) => { // NOT OK
+    prettier.resolveConfig("foo", {config: p}).then((options) => { // $ Alert
         const formatted = prettier.format("bar", options);
     });
 });
diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/pupeteer.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/pupeteer.js
index 363b2f014c7a..8b0a64f523c9 100644
--- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/pupeteer.js
+++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/pupeteer.js
@@ -2,15 +2,15 @@ const puppeteer = require('puppeteer');
 const parseTorrent = require('parse-torrent');
 
 (async () => {
-    let tainted = "dir/" + parseTorrent(torrent).name + ".torrent.data";
+    let tainted = "dir/" + parseTorrent(torrent).name + ".torrent.data"; // $ Source
 
     const browser = await puppeteer.launch();
     const page = await browser.newPage();
-    await page.pdf({ path: tainted, format: 'a4' });
+    await page.pdf({ path: tainted, format: 'a4' }); // $ Alert
 
     const pages = await browser.pages();
     for (let i = 0; i < something(); i++) {
-        pages[i].screenshot({ path: tainted });
+        pages[i].screenshot({ path: tainted }); // $ Alert
     }
 
     await browser.close();
diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/sharedlib-repro.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/sharedlib-repro.js
index eebc95348ba6..23c89ab5baec 100644
--- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/sharedlib-repro.js
+++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/sharedlib-repro.js
@@ -10,7 +10,7 @@ function getTree(req, res, options) {
     var workspaceId = req.params.workspaceId;
     var realfileRootPath = workspaceId; // getfileRoot(workspaceId);
     var filePath = workspaceId; // path.join(options.workspaceDir,realfileRootPath, req.params["0"]);
-    withStatsAndETag(req.params.workspaceId, function (err, stats, etag) {});
+    withStatsAndETag(req.params.workspaceId, function (err, stats, etag) {}); // $ Source
 }
 
 function getfileRoot(workspaceId) {
@@ -19,7 +19,7 @@ function getfileRoot(workspaceId) {
 }
 
 function withStatsAndETag(filepath, callback) {
-	fs.readFileSync(filepath); // NOT OK
+	fs.readFileSync(filepath); // $ Alert
 };
 
 function decodeUserIdFromWorkspaceId(workspaceId) {
diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-access-paths.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-access-paths.js
index 465b5b70b690..ab5d3f008507 100644
--- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-access-paths.js
+++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-access-paths.js
@@ -3,32 +3,32 @@ var fs = require('fs'),
     url = require('url');
 
 var server = http.createServer(function(req, res) {
-  let path = url.parse(req.url, true).query.path;
+  let path = url.parse(req.url, true).query.path; // $ Source
   
-  fs.readFileSync(path); // NOT OK
+  fs.readFileSync(path); // $ Alert
 
   var obj = bla ? something() : path;
 
-  fs.readFileSync(obj.sub); // NOT OK
+  fs.readFileSync(obj.sub); // $ Alert
 
   obj.sub = "safe";
 
-  fs.readFileSync(obj.sub); // OK
+  fs.readFileSync(obj.sub);
 
   obj.sub2 = "safe";
   if (random()) {
-    fs.readFileSync(obj.sub2); // OK
+    fs.readFileSync(obj.sub2);
   }
 
   if (random()) {
     obj.sub3 = "safe"
   }
-  fs.readFileSync(obj.sub3); // NOT OK
+  fs.readFileSync(obj.sub3); // $ Alert
 
   obj.sub4 = 
-    fs.readFileSync(obj.sub4) ? // NOT OK
-      fs.readFileSync(obj.sub4) : // NOT OK
-      fs.readFileSync(obj.sub4); // NOT OK
+    fs.readFileSync(obj.sub4) ? // $ Alert
+      fs.readFileSync(obj.sub4) : // $ Alert
+      fs.readFileSync(obj.sub4); // $ Alert
 });
 
 server.listen();
@@ -36,8 +36,8 @@ server.listen();
 var nodefs = require('node:fs');
 
 var server2 = http.createServer(function(req, res) {
-  let path = url.parse(req.url, true).query.path;
-  nodefs.readFileSync(path); // NOT OK
+  let path = url.parse(req.url, true).query.path; // $ Source
+  nodefs.readFileSync(path); // $ Alert
 });
 
 server2.listen();
@@ -45,6 +45,6 @@ server2.listen();
 const chownr = require("chownr");
 
 var server3 = http.createServer(function (req, res) {
-  let path = url.parse(req.url, true).query.path;
-  chownr(path, "someuid", "somegid", function (err) {}); // NOT OK
+  let path = url.parse(req.url, true).query.path; // $ Source
+  chownr(path, "someuid", "somegid", function (err) {}); // $ Alert
 });
diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-array-steps.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-array-steps.js
index 061dec18a908..b37ebc2926ad 100644
--- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-array-steps.js
+++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-array-steps.js
@@ -7,11 +7,11 @@ var fs = require('fs'),
 
 var server = http.createServer(function(req, res) {
   let path = url.parse(req.url, true).query.path;
-  res.write(fs.readFileSync(['public', path].join('/'))); // BAD - but not flagged because we have no array-steps [INCONSISTENCY]
+  res.write(fs.readFileSync(['public', path].join('/'))); // $ MISSING: Alert - not flagged because we have no array-steps
 
   let parts = ['public', path];
   parts = parts.map(x => x.toLowerCase());
-  res.write(fs.readFileSync(parts.join('/'))); // BAD - but not flagged because we have no array-steps [INCONSISTENCY]
+  res.write(fs.readFileSync(parts.join('/'))); // $ MISSING: Alert - not flagged because we have no array-steps
 });
 
 server.listen();
diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-promise-steps.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-promise-steps.js
index 49c5fa78fe8d..a21ae5a6f915 100644
--- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-promise-steps.js
+++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-promise-steps.js
@@ -3,13 +3,13 @@ var fs = require('fs'),
     url = require('url');
 
 var server = http.createServer(function(req, res) {
-  let path = url.parse(req.url, true).query.path;
+  let path = url.parse(req.url, true).query.path; // $ Source
   doRead(Promise.resolve(path));
 });
 
 async function doRead(pathPromise) {
-  fs.readFileSync(await pathPromise); // NOT OK
-  pathPromise.then(path => fs.readFileSync(path)); // NO TOK
+  fs.readFileSync(await pathPromise); // $ Alert
+  pathPromise.then(path => fs.readFileSync(path)); // $ Alert
 }
 
 server.listen();
diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-require.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-require.js
index 23f89c55c39f..d9c07feb26b6 100644
--- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-require.js
+++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-require.js
@@ -3,15 +3,14 @@ var express = require('express');
 var app = express();
 
 app.get('/some/path', function(req, res) {
-  // BAD: loading a module based on un-sanitized query parameters
-  var m = require(req.param("module"));
+  var m = require(req.param("module")); // $ Alert - loading a module based on un-sanitized query parameters
 });
 
 const resolve = require("resolve");
 app.get('/some/path', function(req, res) {
-  var module = resolve.sync(req.param("module")); // NOT OK - resolving module based on query parameters
+  var module = resolve.sync(req.param("module")); // $ Alert - resolving module based on query parameters
 
-  resolve(req.param("module"), { basedir: __dirname }, function(err, res) { // NOT OK - resolving module based on query parameters
+  resolve(req.param("module"), { basedir: __dirname }, function(err, res) { // $ Alert - resolving module based on query parameters
     var module = res;
   });
 });
\ No newline at end of file
diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-sendFile.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-sendFile.js
index 50e4152e5bf2..21ae39b8b731 100644
--- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-sendFile.js
+++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-sendFile.js
@@ -4,25 +4,22 @@ let path = require('path');
 var app = express();
 
 app.get('/some/path/:x', function(req, res) {
-  // BAD: sending a file based on un-sanitized query parameters
-  res.sendFile(req.param("gimme"));
-  // BAD: same as above
-  res.sendfile(req.param("gimme"));
+  res.sendFile(req.param("gimme")); // $ Alert - sending a file based on un-sanitized query parameters
+  res.sendfile(req.param("gimme")); // $ Alert - same as above
 
-  // GOOD: ensures files cannot be accessed outside of root folder
+  // OK - ensures files cannot be accessed outside of root folder
   res.sendFile(req.param("gimme"), { root: process.cwd() });
-  // GOOD: ensures files cannot be accessed outside of root folder
+  // OK - ensures files cannot be accessed outside of root folder
   res.sendfile(req.param("gimme"), { root: process.cwd() });
 
-  // BAD: doesn't help if user controls root
-  res.sendFile(req.param("file"), { root: req.param("dir") });
+  res.sendFile(req.param("file"), { root: req.param("dir") }); // $ Alert - doesn't help if user controls root
 
   let homeDir = path.resolve('.');
-  res.sendFile(homeDir + '/data/' + req.params.x); // OK: sendFile disallows ../
-  res.sendfile('data/' + req.params.x); // OK: sendfile disallows ../
+  res.sendFile(homeDir + '/data/' + req.params.x); // OK - sendFile disallows ../
+  res.sendfile('data/' + req.params.x); // OK - sendfile disallows ../
 
-  res.sendFile(path.resolve('data', req.params.x)); // NOT OK
-  res.sendfile(path.join('data', req.params.x)); // NOT OK
+  res.sendFile(path.resolve('data', req.params.x)); // $ Alert
+  res.sendfile(path.join('data', req.params.x)); // $ Alert
 
   res.sendFile(homeDir + path.join('data', req.params.x)); // kinda OK - can only escape from 'data/'
 });
diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-string-steps.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-string-steps.js
index 1b1e87b9a76a..6f281013a63c 100644
--- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-string-steps.js
+++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/tainted-string-steps.js
@@ -3,29 +3,29 @@ var fs = require('fs'),
     url = require('url');
 
 var server = http.createServer(function(req, res) {
-  let path = url.parse(req.url, true).query.path;
-	fs.readFileSync(path.substring(i, j)); // OK
-	fs.readFileSync(path.substring(4)); // NOT OK
-	fs.readFileSync(path.substring(0, i)); // NOT OK
-	fs.readFileSync(path.substr(4)); // NOT OK
-	fs.readFileSync(path.slice(4)); // NOT OK
+  let path = url.parse(req.url, true).query.path; // $ Source
+	fs.readFileSync(path.substring(i, j));
+	fs.readFileSync(path.substring(4)); // $ Alert
+	fs.readFileSync(path.substring(0, i)); // $ Alert
+	fs.readFileSync(path.substr(4)); // $ Alert
+	fs.readFileSync(path.slice(4)); // $ Alert
 
-	fs.readFileSync(path.concat(unknown)); // NOT OK
-	fs.readFileSync(unknown.concat(path)); // NOT OK
-	fs.readFileSync(unknown.concat(unknown, path)); // NOT OK
+	fs.readFileSync(path.concat(unknown)); // $ Alert
+	fs.readFileSync(unknown.concat(path)); // $ Alert
+	fs.readFileSync(unknown.concat(unknown, path)); // $ Alert
 
-	fs.readFileSync(path.trim()); // NOT OK
-	fs.readFileSync(path.toLowerCase()); // NOT OK
+	fs.readFileSync(path.trim()); // $ Alert
+	fs.readFileSync(path.toLowerCase()); // $ Alert
 
-	fs.readFileSync(path.split('/')); // OK (readFile throws an exception when the filename is an array)
-	fs.readFileSync(path.split('/')[0]); // OK -- for now
-	fs.readFileSync(path.split('/')[i]); // NOT OK
-	fs.readFileSync(path.split(/\//)[i]); // NOT OK
-	fs.readFileSync(path.split("?")[0]); // NOT OK
-	fs.readFileSync(path.split(unknown)[i]); // NOT OK -- but not yet flagged [INCONSISTENCY]
-	fs.readFileSync(path.split(unknown).whatever); // OK -- but still flagged [INCONSISTENCY]
-	fs.readFileSync(path.split(unknown)); // NOT OK
-	fs.readFileSync(path.split("?")[i]); // NOT OK -- but not yet flagged [INCONSISTENCY]
+	fs.readFileSync(path.split('/')); // OK - readFile throws an exception when the filename is an array
+	fs.readFileSync(path.split('/')[0]); // OK - for now
+	fs.readFileSync(path.split('/')[i]); // $ Alert
+	fs.readFileSync(path.split(/\//)[i]); // $ Alert
+	fs.readFileSync(path.split("?")[0]); // $ Alert
+	fs.readFileSync(path.split(unknown)[i]); // $ MISSING: Alert
+	fs.readFileSync(path.split(unknown).whatever); // $ SPURIOUS: Alert
+	fs.readFileSync(path.split(unknown)); // $ Alert
+	fs.readFileSync(path.split("?")[i]); // $ MISSING: Alert
 });
 
 server.listen();
diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/torrents.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/torrents.js
index 1e95cf84ec76..d3c74ed8493d 100644
--- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/torrents.js
+++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/torrents.js
@@ -2,7 +2,7 @@ const parseTorrent = require('parse-torrent'),
       fs = require('fs');
 
 function getTorrentData(dir, torrent){
-	let name = parseTorrent(torrent).name,
+	let name = parseTorrent(torrent).name, // $ Source
 	    loc = dir + "/" + name + ".torrent.data";
-	return fs.readFileSync(loc); // NOT OK
+	return fs.readFileSync(loc); // $ Alert
 }
diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/typescript.ts b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/typescript.ts
index f5fd62b2ee00..a0d2a78b5d7b 100644
--- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/typescript.ts
+++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/typescript.ts
@@ -6,29 +6,28 @@ var fs = require('fs'),
     ;
 
 var server = http.createServer(function(req, res) {
-  let path = url.parse(req.url, true).query.path;
+  let path = url.parse(req.url, true).query.path; // $ Source
 
-  // BAD: This could read any file on the file system
-  res.write(fs.readFileSync(path));
+  res.write(fs.readFileSync(path)); // $ Alert - This could read any file on the file system
 
   if (path === 'foo.txt')
-    res.write(fs.readFileSync(path)); // GOOD: Path is compared to white-list
+    res.write(fs.readFileSync(path)); // OK - Path is compared to white-list
 
   let path2 = path;
-  path2 ||= res.write(fs.readFileSync(path2)); // GOOD: path is falsy
+  path2 ||= res.write(fs.readFileSync(path2)); // OK - path is falsy
 
   let path3 = path;
-  path3 &&= res.write(fs.readFileSync(path3)); // BAD: path is truthy
+  path3 &&= res.write(fs.readFileSync(path3)); // $ Alert - path is truthy
 
   let path4 = path;
-  path4 ??= res.write(fs.readFileSync(path4)); // GOOD - path is null or undefined - but we don't capture that. [INCONSISTENCY]
+  path4 ??= res.write(fs.readFileSync(path4)); // $ SPURIOUS: Alert - path is null or undefined - but we don't capture that.
 
   let path5 = path;
   path5 &&= "clean";
-  res.write(fs.readFileSync(path5)); // GOOD: path is either falsy or "clean";
+  res.write(fs.readFileSync(path5)); // OK - path is either falsy or "clean";
 
   let path6 = path;
   path6 ||= "clean";
-  res.write(fs.readFileSync(path6)); // BAD: path can still be tainted
+  res.write(fs.readFileSync(path6)); // $ Alert - path can still be tainted
 
 });
diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/views.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/views.js
index 37ba5b7ab0e3..111ecd10c5a2 100644
--- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/views.js
+++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/views.js
@@ -1 +1 @@
-module.exports = (req, res) => res.render(req.params[0]);
+module.exports = (req, res) => res.render(req.params[0]); // $ Alert
diff --git a/javascript/ql/test/query-tests/Security/CWE-611/libxml.noent.js b/javascript/ql/test/query-tests/Security/CWE-611/libxml.noent.js
index 40cb0148b573..4596dc7be398 100644
--- a/javascript/ql/test/query-tests/Security/CWE-611/libxml.noent.js
+++ b/javascript/ql/test/query-tests/Security/CWE-611/libxml.noent.js
@@ -13,7 +13,7 @@ express().post('/some/path', function (req, res) {
   // NOT OK: unguarded entity expansion
   libxmljs.parseXmlString(req.param("some-xml"), { noent: true }) // $ Alert
   // NOT OK: unguarded entity expansion
-  libxmljs.parseXmlString(req.files.products.data.toString('utf8'), { noent: true })// $ Source=files $ Alert=files
+  libxmljs.parseXmlString(req.files.products.data.toString('utf8'), { noent: true })// $ Alert
 
   // OK - no entity expansion
   libxmljs.parseXmlString(req.files.products.data.toString('utf8'), { noent: false })
diff --git a/rust/ql/test/query-tests/security/CWE-312/test_logging.rs b/rust/ql/test/query-tests/security/CWE-312/test_logging.rs
index ab8013689906..970a9caf0ee5 100644
--- a/rust/ql/test/query-tests/security/CWE-312/test_logging.rs
+++ b/rust/ql/test/query-tests/security/CWE-312/test_logging.rs
@@ -39,51 +39,51 @@ impl std::fmt::Display for MyStruct2 {
 
 fn test_log(harmless: String, password: String, encrypted_password: String) {
     // logging macros
-    debug!("message = {}", password); // $ Source Alert[rust/cleartext-logging]
-    error!("message = {}", password); // $ Source Alert[rust/cleartext-logging]
-    info!("message = {}", password); // $ Source Alert[rust/cleartext-logging]
-    trace!("message = {}", password); // $ Source Alert[rust/cleartext-logging]
-    warn!("message = {}", password); // $ Source Alert[rust/cleartext-logging]
-    log!(Level::Error, "message = {}", password); // $ Source Alert[rust/cleartext-logging]
+    debug!("message = {}", password); // $ Alert[rust/cleartext-logging]
+    error!("message = {}", password); // $ Alert[rust/cleartext-logging]
+    info!("message = {}", password); // $ Alert[rust/cleartext-logging]
+    trace!("message = {}", password); // $ Alert[rust/cleartext-logging]
+    warn!("message = {}", password); // $ Alert[rust/cleartext-logging]
+    log!(Level::Error, "message = {}", password); // $ Alert[rust/cleartext-logging]
 
     // debug! macro, various formatting
     debug!("message");
     debug!("message = {}", harmless);
-    debug!("message = {}", password); // $ Source Alert[rust/cleartext-logging]
+    debug!("message = {}", password); // $ Alert[rust/cleartext-logging]
     debug!("message = {}", encrypted_password);
-    debug!("message = {} {}", harmless, password); // $ Source Alert[rust/cleartext-logging]
+    debug!("message = {} {}", harmless, password); // $ Alert[rust/cleartext-logging]
     debug!("message = {harmless}");
-    debug!("message = {harmless} {}", password); // $ Source Alert[rust/cleartext-logging]
-    debug!("message = {password}"); // $ Source Alert[rust/cleartext-logging]
-    debug!("message = {password:?}"); // $ Source Alert[rust/cleartext-logging]
+    debug!("message = {harmless} {}", password); // $ Alert[rust/cleartext-logging]
+    debug!("message = {password}"); // $ Alert[rust/cleartext-logging]
+    debug!("message = {password:?}"); // $ Alert[rust/cleartext-logging]
     debug!(target: "target", "message = {}", harmless);
-    debug!(target: "target", "message = {}", password); // $ Source Alert[rust/cleartext-logging]
-    debug!(target: &password, "message = {}", harmless); // $ Source Alert[rust/cleartext-logging]
+    debug!(target: "target", "message = {}", password); // $ Alert[rust/cleartext-logging]
+    debug!(target: &password, "message = {}", harmless); // $ Alert[rust/cleartext-logging]
 
     // log! macro, various formatting
     log!(Level::Error, "message = {}", harmless);
-    log!(Level::Error, "message = {}", password); // $ Source Alert[rust/cleartext-logging]
+    log!(Level::Error, "message = {}", password); // $ Alert[rust/cleartext-logging]
     log!(target: "target", Level::Error, "message = {}", harmless);
-    log!(target: "target", Level::Error, "message = {}", password); // $ Source Alert[rust/cleartext-logging]
-    log!(target: &password, Level::Error, "message = {}", harmless); // $ Source Alert[rust/cleartext-logging]
+    log!(target: "target", Level::Error, "message = {}", password); // $ Alert[rust/cleartext-logging]
+    log!(target: &password, Level::Error, "message = {}", harmless); // $ Alert[rust/cleartext-logging]
 
     // structured logging
     error!(value = 1; "message = {}", harmless);
-    error!(value = 1; "message = {}", password); // $ Source Alert[rust/cleartext-logging]
+    error!(value = 1; "message = {}", password); // $ Alert[rust/cleartext-logging]
     error!(target: "target", value = 1; "message");
-    error!(target: "target", value = 1; "message = {}", password); // $ Source Alert[rust/cleartext-logging]
-    error!(target: &password, value = 1; "message"); // $ Source Alert[rust/cleartext-logging]
-    error!(value = 1; "message = {}", password); // $ Source Alert[rust/cleartext-logging]
+    error!(target: "target", value = 1; "message = {}", password); // $ Alert[rust/cleartext-logging]
+    error!(target: &password, value = 1; "message"); // $ Alert[rust/cleartext-logging]
+    error!(value = 1; "message = {}", password); // $ Alert[rust/cleartext-logging]
     error!(value = password.as_str(); "message"); // $ MISSING: Alert[rust/cleartext-logging]
     error!(value:? = password.as_str(); "message"); // $ MISSING: Alert[rust/cleartext-logging]
 
     let value1 = 1;
     error!(value1; "message = {}", harmless);
-    error!(value1; "message = {}", password); // $ Source Alert[rust/cleartext-logging]
+    error!(value1; "message = {}", password); // $ Alert[rust/cleartext-logging]
     error!(target: "target", value1; "message");
-    error!(target: "target", value1; "message = {}", password); // $ Source Alert[rust/cleartext-logging]
-    error!(target: &password, value1; "message"); // $ Source Alert[rust/cleartext-logging]
-    error!(value1; "message = {}", password); // $ Source Alert[rust/cleartext-logging]
+    error!(target: "target", value1; "message = {}", password); // $ Alert[rust/cleartext-logging]
+    error!(target: &password, value1; "message"); // $ Alert[rust/cleartext-logging]
+    error!(value1; "message = {}", password); // $ Alert[rust/cleartext-logging]
 
     let value2 = password.as_str();
     error!(value2; "message"); // $ MISSING: Alert[rust/cleartext-logging]
@@ -115,7 +115,7 @@ fn test_log(harmless: String, password: String, encrypted_password: String) {
     }
 
     // logging with a call
-    trace!("message = {}", get_password()); // $ Source Alert[rust/cleartext-logging]
+    trace!("message = {}", get_password()); // $ Alert[rust/cleartext-logging]
 
     let str1 = "123456".to_string();
     trace!("message = {}", &str1); // $ MISSING: Alert[rust/cleartext-logging]
@@ -149,36 +149,36 @@ fn test_log(harmless: String, password: String, encrypted_password: String) {
 }
 
 fn test_std(password: String, i: i32, opt_i: Option<i32>) {
-    print!("message = {}\n", password); // $ Source Alert[rust/cleartext-logging]
-    println!("message = {}", password); // $ Source Alert[rust/cleartext-logging]
-    eprint!("message = {}\n", password); // $ Source Alert[rust/cleartext-logging]
-    eprintln!("message = {}", password); // $ Source Alert[rust/cleartext-logging]
+    print!("message = {}\n", password); // $ Alert[rust/cleartext-logging]
+    println!("message = {}", password); // $ Alert[rust/cleartext-logging]
+    eprint!("message = {}\n", password); // $ Alert[rust/cleartext-logging]
+    eprintln!("message = {}", password); // $ Alert[rust/cleartext-logging]
 
     match i {
-        1 => { panic!("message = {}", password); } // $ Source Alert[rust/cleartext-logging]
-        2 => { todo!("message = {}", password); } // $ Source Alert[rust/cleartext-logging]
-        3 => { unimplemented!("message = {}", password); } // $ Source Alert[rust/cleartext-logging]
-        4 => { unreachable!("message = {}", password); } // $ Source Alert[rust/cleartext-logging]
-        5 => { assert!(false, "message = {}", password); } // $ Source Alert[rust/cleartext-logging]
-        6 => { assert_eq!(1, 2, "message = {}", password); } // $ Source Alert[rust/cleartext-logging]
-        7 => { assert_ne!(1, 1, "message = {}", password); } // $ Source Alert[rust/cleartext-logging]
-        8 => { debug_assert!(false, "message = {}", password); } // $ Source Alert[rust/cleartext-logging]
-        9 => { debug_assert_eq!(1, 2, "message = {}", password); } // $ Source Alert[rust/cleartext-logging]
-        10 => { debug_assert_ne!(1, 1, "message = {}", password); } // $ Source Alert[rust/cleartext-logging]
-        11 => { _ = opt_i.expect(format!("message = {}", password).as_str()); } // $ Source Alert[rust/cleartext-logging]
+        1 => { panic!("message = {}", password); } // $ Alert[rust/cleartext-logging]
+        2 => { todo!("message = {}", password); } // $ Alert[rust/cleartext-logging]
+        3 => { unimplemented!("message = {}", password); } // $ Alert[rust/cleartext-logging]
+        4 => { unreachable!("message = {}", password); } // $ Alert[rust/cleartext-logging]
+        5 => { assert!(false, "message = {}", password); } // $ Alert[rust/cleartext-logging]
+        6 => { assert_eq!(1, 2, "message = {}", password); } // $ Alert[rust/cleartext-logging]
+        7 => { assert_ne!(1, 1, "message = {}", password); } // $ Alert[rust/cleartext-logging]
+        8 => { debug_assert!(false, "message = {}", password); } // $ Alert[rust/cleartext-logging]
+        9 => { debug_assert_eq!(1, 2, "message = {}", password); } // $ Alert[rust/cleartext-logging]
+        10 => { debug_assert_ne!(1, 1, "message = {}", password); } // $ Alert[rust/cleartext-logging]
+        11 => { _ = opt_i.expect(format!("message = {}", password).as_str()); } // $ Alert[rust/cleartext-logging]
         _ => {}
     }
 
     std::io::stdout().lock().write_fmt(format_args!("message = {}\n", password)); // $ MISSING: Alert[rust/cleartext-logging]
     std::io::stderr().lock().write_fmt(format_args!("message = {}\n", password)); // $ MISSING: Alert[rust/cleartext-logging]
-    std::io::stdout().lock().write(format!("message = {}\n", password).as_bytes()); // $ Source Alert[rust/cleartext-logging]
-    std::io::stdout().lock().write_all(format!("message = {}\n", password).as_bytes()); // $ Source Alert[rust/cleartext-logging]
+    std::io::stdout().lock().write(format!("message = {}\n", password).as_bytes()); // $ Alert[rust/cleartext-logging]
+    std::io::stdout().lock().write_all(format!("message = {}\n", password).as_bytes()); // $ Alert[rust/cleartext-logging]
 
     let mut out = std::io::stdout().lock();
-    out.write(format!("message = {}\n", password).as_bytes()); // $ Source Alert[rust/cleartext-logging]
+    out.write(format!("message = {}\n", password).as_bytes()); // $ Alert[rust/cleartext-logging]
 
     let mut err = std::io::stderr().lock();
-    err.write(format!("message = {}\n", password).as_bytes()); // $ Source Alert[rust/cleartext-logging]
+    err.write(format!("message = {}\n", password).as_bytes()); // $ Alert[rust/cleartext-logging]
 }
 
 fn main() {
diff --git a/shared/util/codeql/util/test/InlineExpectationsTest.qll b/shared/util/codeql/util/test/InlineExpectationsTest.qll
index 8dde42b51678..2e60a3edd707 100644
--- a/shared/util/codeql/util/test/InlineExpectationsTest.qll
+++ b/shared/util/codeql/util/test/InlineExpectationsTest.qll
@@ -645,6 +645,29 @@ module TestPostProcessing {
     private import InlineExpectationsTest as InlineExpectationsTest
     private import InlineExpectationsTest::Make<Input>
 
+    bindingset[loc]
+    private predicate parseLocation(
+      string loc, string file, int startLine, int startColumn, int endLine, int endColumn
+    ) {
+      exists(string regexp |
+        regexp = "(.*):(-?\\d+):(-?\\d+):(-?\\d+):(-?\\d+)" and
+        file = loc.regexpCapture(regexp, 1) and
+        startLine = loc.regexpCapture(regexp, 2).toInt() and
+        startColumn = loc.regexpCapture(regexp, 3).toInt() and
+        endLine = loc.regexpCapture(regexp, 4).toInt() and
+        endColumn = loc.regexpCapture(regexp, 5).toInt()
+      )
+    }
+
+    /** Holds if the given location strings refer to the same lines, but possibly with different column numbers. */
+    bindingset[loc1, loc2]
+    private predicate sameLineInfo(string loc1, string loc2) {
+      exists(string file, int line1, int line2 |
+        parseLocation(loc1, file, line1, _, line2, _) and
+        parseLocation(loc2, file, line1, _, line2, _)
+      )
+    }
+
     /**
      * Gets the tag to be used for the path-problem source at result row `row`.
      *
@@ -653,8 +676,10 @@ module TestPostProcessing {
      */
     private string getSourceTag(int row) {
       getQueryKind() = "path-problem" and
-      exists(string loc | queryResults(mainResultSet(), row, 2, loc) |
-        if queryResults(mainResultSet(), row, 0, loc) then result = "Alert" else result = "Source"
+      exists(string sourceLoc, string selectLoc |
+        queryResults(mainResultSet(), row, 0, selectLoc) and
+        queryResults(mainResultSet(), row, 2, sourceLoc) and
+        if sameLineInfo(selectLoc, sourceLoc) then result = "Alert" else result = "Source"
       )
     }